8a7603c1c890418d8a3345cc1546089143b2e49f338785db22d2ca8e62a467c9

Analysis

max time kernel
149s
max time network
151s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30-04-2024 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Silver Rat [Re Lab]/SilverRat.exe
Size

25.2MB
MD5

d6527f7d5f5152c3f5fff6786e5c1606
SHA1

e8da82b4a3d2b6bee04236162e5e46e636310ec6
SHA256

79a4605d24d32f992d8e144202e980bb6b52bf8c9925b1498a1da59e50ac51f9
SHA512

2b4eb9e66028d263c52b3da42fa3df256cf49cd7a7ebdf7c75da6a2dedfd2c22cb5f2071345b7016cd742539c74a801cad70c612330be79802fa19f860ea2d5f
SSDEEP

786432:SZYRGnGvovVvAuuglekvAR4vzHcv6lHGH9KdDmvQuLGgJMKV+n9n1vgvVv2jlv1S:Ik79a

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

SilverRat.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation	SilverRat.exe

Drops file in Windows directory 5 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "10"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 00a10c5fae9fda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e7a1a7e62b9bda01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 191e2cfc2b9bda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 60ebec4b5e9bda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "24"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "24"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "768"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\MrtCache	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3b8f94e62b9bda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "10"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "404"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "892"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 50f82bfc2b9bda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs	MicrosoftEdge.exe

Suspicious behavior: MapViewOfSection 6 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

4940 MicrosoftEdgeCP.exe
4940 MicrosoftEdgeCP.exe
4940 MicrosoftEdgeCP.exe
4940 MicrosoftEdgeCP.exe
4940 MicrosoftEdgeCP.exe
4940 MicrosoftEdgeCP.exe

pid	process
4940	MicrosoftEdgeCP.exe
4940	MicrosoftEdgeCP.exe
4940	MicrosoftEdgeCP.exe
4940	MicrosoftEdgeCP.exe
4940	MicrosoftEdgeCP.exe
4940	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

MicrosoftEdgeCP.exe

description	pid	process
Token: SeDebugPrivilege	4516	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4516	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4516	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4516	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid process

4232 MicrosoftEdge.exe
4940 MicrosoftEdgeCP.exe
4516 MicrosoftEdgeCP.exe
4940 MicrosoftEdgeCP.exe

pid	process
4232	MicrosoftEdge.exe
4940	MicrosoftEdgeCP.exe
4516	MicrosoftEdgeCP.exe
4940	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 25 IoCs

Processes:

MicrosoftEdgeCP.exe

description	pid	process	target process
PID 4940 wrote to memory of 4120	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4120	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4120	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4120	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4120	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4120	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4120	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4120	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4120	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4120	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4120	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4120	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4120	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4056	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4056	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4056	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4056	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4056	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4056	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4056	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4056	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4056	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4056	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4056	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4940 wrote to memory of 4056	4940	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\SilverRat.exe
"C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\SilverRat.exe"
1⤵
- Checks computer location settings
PID:4228

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4232

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4068

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4940

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4516

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4120

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4056

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:2684

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZDIGHWMN\edgecompatviewlist[1].xml
Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\K785JTH4\dotnet.microsoft[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\K785JTH4\dotnet.microsoft[1].xml
Filesize
84B

MD5
31e765701cb6438f2998c74d689ce66c

SHA1
7313097eb32329fde00eb284f9d05a8b78cf4691

SHA256
033d98332a5b17d46f011a2fb21bbb6b3296d2bb1bc8e5ebf30fbb706b3004f5

SHA512
68a83c2592acbfa046cfb5cc4aa1dc507d227c5d6c63970e32bf2610ef317f4df4c5038539c739f31d8be6926a4a01862e7545a9cb9e9472af2fcf5f31cb1357

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4OAAGIQE\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4R02UNB5\favicon[1].ico
Filesize
161KB

MD5
8565042b6db20c23647202bf4b95f11b

SHA1
9f0829cb3ceef14ac10e0b66338d8b7243a09101

SHA256
dd7958526f6b8510fc2a9a675056d78e029e62015e8913dda574ff5797ddb969

SHA512
dbf692b7219a3ea993ab939442a843ffbc7bcfe63bc62117a14ed7e953ffce595393e9f950649aa609a7a9a94b56003ab84cb82edaf2db3e4551434204085b95

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\ilihi4e\imagestore.dat
Filesize
64KB

MD5
d2e2a4f69ffeab9bae65b476dcef854c

SHA1
4ad523e774fdfbae3a33c8b1a21e980c7bc4423d

SHA256
e089a2c88f3fc0fabd679240d3cb7b7af08b131e792b765bd6dd0184a1585218

SHA512
9c352b5a94eb5fb38f904889755f3326b5b8026293d722cbf41af03c1d4e9db9a8c059db5c97f6bb12cc19ead1734348a7519d4ade6f5ef8b5a271fab3afca2b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\02F082IY\alert-info[1].svg
Filesize
726B

MD5
c7db49644f6bf1f50b3190ffba0516ed

SHA1
5bb312a0b6357ccb7e93158ac0f97b4e249e4696

SHA256
2d891fb5984d5f421055da7f5d7e4be525df4c973fdc4366057bc9dfd82ce281

SHA512
9b7f127443d517223a2a2cf6131a777f56aae3cd21dbcc1e87d847a0ad42e8c05a7f13347fec6d4df0582d486a57a9dc0d8121e6ca38371549f53e396cf6463a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\02F082IY\cookie-consent.min[1].js
Filesize
2KB

MD5
2ad93f6c4dd71b579f187d1463457ee4

SHA1
55720a32d32781f421f8a2c70c424a69e2fa7c21

SHA256
d2d1b9863e393a6a8ac95617470d67f7d21044004e4f08d7cd65e480a05204a8

SHA512
1cc6445bbd18951ce30ca48fece2560a3d15e8176abf91a54a1819ad28fbb2fbf28d30ef9d08ac83fb1f3bfffe9178c07642bdeee056f202b8dbd6e5b71b4305

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\02F082IY\general.min[1].js
Filesize
169KB

MD5
49b237e0e1b4d7f8e79eef67df8fc31b

SHA1
e84b25d606a998921900c18808ac1c1a727a0640

SHA256
c935dcc9f529f434237f4b507263236cd1fe9ee650735946a55a7f0c4f366018

SHA512
0c22d53148b3ca147f69e47ad156e906b7a7d5cbea402b3c77a37f42c5abdc060add4c6b6c56066893aa6b67af461b9aca1d43ed7f1243acf28df225a7d7b343

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\02F082IY\main.min[1].js
Filesize
36KB

MD5
c4297773569863be0cdafdc4c1086f53

SHA1
756025b6f96d6c6808b2369ea9bacd5ba8ccf694

SHA256
c2b8db1f87d37b321e6918e8b8f9ae40e2fa7c550d34a0e36c9f6ec3d2915af5

SHA512
1a3f9750ba23fa1ece05944cd886eedc631fba538fd9c219c3a4cca217aee2251a88a2fd05e50ea08c0f04460806fcf2b09453c54fca9c57072c0753c0a25661

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\02F082IY\open-sans-v34-latin-regular[1].woff2
Filesize
16KB

MD5
e43b535855a4ae53bd5b07a6eeb3bf67

SHA1
6507312d9491156036316484bf8dc41e8b52ddd9

SHA256
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

SHA512
955a4c3ea5df9d2255defc2c40555ac62eeafcc81f6fa688ba5e11a252b3ed59b4275e3e9a72c3f58e66be3a4d0e9952638932fa29eb9075463537910a8e0ce6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\02F082IY\theme-toggle.min[1].js
Filesize
3KB

MD5
6af1846ed39ed810c75045f6eba79a79

SHA1
1581aa2e2be1276f76f6f237fd61c4cd667f8da6

SHA256
3391e6a4a0ebcdd8a28c22555d0c271d325fd0b150ea90612593797028d19f03

SHA512
a3d13e9eac46c0b594013abaaeba4868e944fafc01e9382971867983ed6edf98eded06d54738703635ee9bba21e996c1f53e8552f3ab7bf8df7f9634d67eae1f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y27A5YP\7a-c9e644[1].css
Filesize
167KB

MD5
b7af9fb8eb3f12d3baa37641537bedc2

SHA1
a3fbb622fd4d19cdb371f0b71146dd9f2605d8a4

SHA256
928acfba36ccd911340d2753db52423f0c7f6feaa72824e2a1ef6f5667ed4a71

SHA512
1023c4d81f68c73e247850f17bf048615ddabb69acf2429644bdaf8dc2a95930f7a29ceae6fbd985e1162897483a860c8248557cda2f1f3d3ff0589158625a49

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y27A5YP\ai.2.min[1].js
Filesize
120KB

MD5
30f39ae5d1d05a439046a7640510b486

SHA1
716efa29594edae8832bb8b12e7fb19bc06e06fe

SHA256
bde9be4cbe799089a419225f87c2a9986043f6c7cb55853aaadab7200713f136

SHA512
f67fdafca801746226acb9d2ef6d90070dd1d8a5a08bcb5dd1c94631f1559373c56d9796a5633cac03e1a5a384cf01d60c080a6ef16cea4b52aaa93ed364b55a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y27A5YP\analytics.min[1].js
Filesize
2KB

MD5
29dd8eed8b9d930080dc0f2970261930

SHA1
d0cbf2f13789c6704caac2e296e9b05c131a5536

SHA256
ebdd29b3d27624771d3f8272f26eabb31c7f15ae175382f21c60d72035b7f36e

SHA512
fb3c68d5713e7653ef4c677dae5c444901fb67d8045f5fb75635d78d8ab9427e9564b66b4dd9fb8131d1e05c7a877343fabcc931a71ba533a3a0f8a82737bf86

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y27A5YP\bootstrap-custom.min[1].css
Filesize
232KB

MD5
b35590e4d3bf1b0b2bf9b986c30a7183

SHA1
fde573711c2c27e6c2824e3f3ae1bf6e3d216330

SHA256
1dc203879fb2076f320b714edd1d9d83f605ad9c50d341d4dc695f821586f96b

SHA512
2d2a6bf3828d402c66215977220643c0c6dadd55216c41951e9e71147e87f3df3562576cbc384b5c6bca8aca1f90d49f2cd5ae2a9c10c4dc057847bcf8f743ec

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y27A5YP\culture-selector.min[1].js
Filesize
1KB

MD5
65e4fabaf367e6939430be6fe05935af

SHA1
587a6067898e629ea6f1716ff7064c25840062c1

SHA256
b9bc645052f44b7253656603f4cf94685f6b057474be7be907f18ae28a4108b3

SHA512
28b4abd683761569b859826bead14a8997f61ba5621c32d4abd013c10e5112ffff0467648985a7adf5e909beae48d21f4d7b68520195767661e797172bdc191c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y27A5YP\dotnet-framework-runtime[1].svg
Filesize
42KB

MD5
5aaa8c37cd59979b920cd21c4a50a38d

SHA1
0ee61e3b2d58513b92cf4c6b5114c1beb55539e7

SHA256
db6c6f42e1d56092fb2c3d317968077cb29435139274faefbf4ab7681955bec6

SHA512
0fb4c45db9f29963fce195e79b4e9963e57a50ef0fcab74466d6034834e0099f1f344a8569973d4c1ece05d9b70b5938b42ead4fabaa08de7d24c911df28c235

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y27A5YP\footer.min[1].js
Filesize
376B

MD5
33eb53d99fb8b6b0fc16b035559b20d5

SHA1
db024d172c6623da9c65ace778c802bd46a4f043

SHA256
0aa837fa8bbdc8d87bda9c64ca64732fdf87d85e2f8768b2220e1e03ab48df42

SHA512
6575c35d99efb1671b1083165e10a04ce93bd715cb1165af5964d9051dff1c5ec0e86b51487ee51eac4e62807182de5677467475f3588dbfefbab42f1e79e51b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y27A5YP\gpc-data-sharing.min[1].js
Filesize
213B

MD5
cb6d12455dd83cdc7abaee67f9e451a9

SHA1
a1c26b6d709ddc7370740b023c7241a7447c5c4e

SHA256
3eecbd8323ba84954c3115a31a4d6b4d5e97befcc859622812c2f6c706afeae6

SHA512
21399b52a792adae4ee775f8f67beec835f6b1e61245fa812abed0711b8de8c1c665b437e9424ea995055126df48c2a9c3c31c04dbef996ccebf96c964b7ea13

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y27A5YP\ms.analytics-web-3.min[1].js
Filesize
137KB

MD5
7e692bbee58f6f383823efe2d3da58f0

SHA1
58961e80a2cf689e34271836440d4374c19a9f1f

SHA256
3513446ef2ae4a26e6c77e53d4e151fe0897740129ab358303aec4bc85a1e51c

SHA512
06f4775064ca96de219a7c80e673dc150979b8f482bf2a4a5afd5557d75467ebe6520bab80fc1bc0404a53ca8aa2f9d214b79fa3ad0c4078cbb27f2a1e7923b7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y27A5YP\open-sans-v34-latin-600[1].woff2
Filesize
16KB

MD5
603c99275486a11982874425a0bc0dd1

SHA1
ffeb62d105d2893d323574407b459fbae8cc90a6

SHA256
4ffc35ac4d5e3f1546a4c1a879f425f090ff3336e0fce31a39ae4973b5e8c127

SHA512
662dc53798ccda65ee972a1bb52959ca5f4c45066c1d500c2476c50ec537cb90a42d474d7dde2bec1ea8c312cc4a46e1d91ffb610130c2dc7914b65aef8a2615

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B8P5Q3P3\6c-7627b9[1].js
Filesize
134KB

MD5
b9c3e4320db870036919f1ee117bda6e

SHA1
29b5a9066b5b1f1fe5afe7ee986e80a49e86606a

SHA256
a1fe019388875b696edb373b51a51c0a8e3bad52cd489617d042c0722bdb1e48

SHA512
a878b55e8c65d880cdf14850baee1f82254c797c3284485498368f9128e42dca46f54d9d92750eeeb547c42cab9a9823aa9afab7d881090ebbfa1135cdd410b6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B8P5Q3P3\RE1Mu3b[1].png
Filesize
3KB

MD5
9f14c20150a003d7ce4de57c298f0fba

SHA1
daa53cf17cc45878a1b153f3c3bf47dc9669d78f

SHA256
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

SHA512
d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B8P5Q3P3\at-config.1.4.1[1].js
Filesize
5KB

MD5
4216033a420ab0d1d1692eeda81f6bad

SHA1
f30a860fca5388df2897767d5f35d3d4c066f1b9

SHA256
a3a8782a0a683262d3ffc119294606b01a927c110c398e4dbddd1afb51d151c6

SHA512
165fd58770e64c71a7576e8db763142b77c7ac60c2d37182cb706f7cf77a938ffe98d33e979de21420591bbec81301412065cb4c148a72bf6df83f18a0509ac9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B8P5Q3P3\at[1].js
Filesize
164KB

MD5
f220419a062abe29ddcb1bd855bbe4e3

SHA1
893da3ab1d9a9176c32ac578c58f0e9d80b21222

SHA256
519cdcc8709c5634405948dc31527d293043f84a35bef40908626405c00330e6

SHA512
40b853da1ca7f69bca3f1024cd0957ba04956da82aed96d6c85ed9fa991d3d87cd14c056e34e9ea0e82464f8b9effb508c059254a8d9264dfb999cf28c6a4c48

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B8P5Q3P3\cda-tracker.min[1].js
Filesize
797B

MD5
4224409739020ba30e3752c0d1f273d0

SHA1
54980ee9df0ef712048572c80dc8d70710178538

SHA256
a840f2b9595bf4deab839d5eb1ce4b8f7c93576db27a62e7428920825b151f5a

SHA512
1cbf209bfbf939713608be74eb2aaa788d250dacc40349ef10ee50074c62c47d1c0b2ad2d4a88d23a9b81e2059843e2add2f867ea98daef3d7f19b7643765c4b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B8P5Q3P3\mwfmdl2-v3.54[1].woff
Filesize
25KB

MD5
d0263dc03be4c393a90bda733c57d6db

SHA1
8a032b6deab53a33234c735133b48518f8643b92

SHA256
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

SHA512
9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B8P5Q3P3\space-grotesk-v12-latin-700[1].woff2
Filesize
11KB

MD5
514360ed1b78e71aabe58ecd08f36706

SHA1
1062c179ea2f74b5db67f9d7822c556ed25637dd

SHA256
751851e72654508ca07678c61bdacd91b772d725f531dd8a6f62e6f941e11ecc

SHA512
1827c1a0189570e775bdcd07657e720e0bb27c2157ff46307cba551eaa16822645e388321081eb13cae7f4d024038b5279cff897a4c86c0ecd4428e60a5dac5e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B8P5Q3P3\wcp-consent[1].js
Filesize
272KB

MD5
5f524e20ce61f542125454baf867c47b

SHA1
7e9834fd30dcfd27532ce79165344a438c31d78b

SHA256
c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

SHA512
224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HWM86J9B\alert-promo[1].svg
Filesize
1KB

MD5
b119b49f7f799d680e0ade981c8c36e1

SHA1
b2134ee3d8a4669c4b93225c0b987be0c78b6e6e

SHA256
2dc041b9b132cef3af67e03ba98fa1b72a9e877699e7a1f4277e00556c78ada4

SHA512
c68439e082f0979de042cb8e6ca5fcf08f1debf62133272a8580334867b9a3309a023441ca315b604ab6867ea3b9efa8e8185067e288fd2c46e65a8eaafe2a86

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HWM86J9B\open-sans-v34-latin-700[1].woff2
Filesize
15KB

MD5
e45478d4d6f15dafda1f25d9e0fb5fa1

SHA1
52cb490cd0ee4442ede034085cda9652b206f91c

SHA256
d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72

SHA512
2ac423249ec837efa35b29705f55a326dee83f727e867269b86005cce144ca8d435f7412bb0bc9babdb9ae17419e4a0314b2923bee6a5acc96c9909e9eb48645

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\K785JTH4\dotnet.microsoft[1].xml
Filesize
766B

MD5
e6ee9bac1f334601a4a7cd08cebf9c20

SHA1
e04f51f38dbe09c2c69002c960da0394e3fc6a3f

SHA256
f6ddb3cf4181c29da1f5e967502fb342414d5e3f8fc91cac2f081a232ecc31fd

SHA512
2e09dae67099cef136e683c14578a6f331c215f780b3bb953eb3decd4be1cdfe44c400b4edb95905d5f76982c02e56ad5aa7d83fae9a924017abfdf9ddf5970d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\K785JTH4\dotnet.microsoft[1].xml
Filesize
765B

MD5
3cc38f076e9f79bddab4a1de9f15b757

SHA1
608d31f0e776ce7833354831ba958c88fb1991fd

SHA256
8fe3207fab08a3e52bc8f599a49dd8c2e6a9b31315056637094c1a8a6f79fd23

SHA512
e9acf19e66ed6ad16ab6aa1418c27762ef70d9cecaeb758951f515827d5b6b07658897d8cb227bb74247dda28449eeba65de8faf0ac47fdd13f419fd519e7c82

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\K785JTH4\dotnet.microsoft[1].xml
Filesize
841B

MD5
eee38ed9f6582099dccb6a6c38866a56

SHA1
1b8c6f7975d07202f6ce54bfa38424b054806c76

SHA256
952ad315b391c15b244aed885318772aff4418c08e6d4a52f7f34dc3a6c8a48d

SHA512
4f79276be2f5155877b9679d5c1fd4e7f4c8211c6405b1ca4663119efe00c859cfbfc42d4a9ce7b13f65f55d6cb735a3057a8bb5ee22f640c30ccfb6147cca11

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\K785JTH4\dotnet.microsoft[1].xml
Filesize
1KB

MD5
eb10c9229148f4deb388d4679cff348b

SHA1
eebe2a983cbac6a264d483406f54c57752e974c3

SHA256
814cb6c0d993a70410bc4219a04b8c7a4129620be25dc3bdef59ddadf468dc79

SHA512
241571107a4125404cddd63ec36f25ef6cf6eeed5c150ec61d62c5f16f4fe69772c32989a200612833c70401a93033b04d6565230dca550f21884fc9564f2639

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
Filesize
471B

MD5
10e624125a0126f0164eac001e0ed657

SHA1
fe0a8380f781c0db21c7c358540a6979b21f59a9

SHA256
ddf70058cfdf34b1dc5eed1e6ab8b11d9c8a31a794fd93dc07cefd6d721ae9bd

SHA512
d16646c8fda666ed09bce01c8bad703612d09c5b4b0e22ce928277582923afa9d2099045f64bb39f2022dbdc948aec0668d64dc55432d3b0fe7b153e8f7c8091

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\C389FD106AACA95B265CC81A85B3522B_CF0A9AE2FF2173C0835A64A39EB71991
Filesize
1KB

MD5
1d76b61ebf78f17fa1ee87fefc7ab434

SHA1
60cad44b6c760743fd28a7cc48c8db7840cd39d2

SHA256
130a59bd27fb5eb5ba52432df4d558b95eea28a6713bcb7068042f9905a9970a

SHA512
3c71573ea94a17bdbf230725782a8ea5b71027e46a4089e6bdf8afcc705fe236334662e61010578e891774efbc262563952d9f8fc08a9b028b703ca43230c692

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
Filesize
471B

MD5
f7775c96ab394fd259c17c2d4959e47e

SHA1
c6cc6e74b1c6ad5fc90741ee50b6c5e788f735bb

SHA256
082d69c7d262adebe38f3e8aac89d6cf04bf33550dc93a4fc4e51ddfe2f54ea0

SHA512
94d8f47d0ad4ad9a805f0ea1ef2b08ec992aad5a46840efce39d01709759df16999eaa651ef215097c38d6b1d47bf11fe87e99dff056069b6f190e4edad77a84

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
Filesize
471B

MD5
883c04624a6303578428056d193db30e

SHA1
5ff112a445474ff6ef84c1ef7f4878ccee7d470e

SHA256
dfbbc01ecd93382e4b46069dc46767aabdf2a9df82cc6b85bf986f6d758ce7d5

SHA512
adcc1f3840bd983b448049eabbe9fe2692861d5ed3733592f1819831b38a403560ac6d0c22b2350bf8df180aa95f68058182895aeeeb46875f0cc3a0b2b3166a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
Filesize
471B

MD5
5c70009a8f512b7f16db7cb17ed53977

SHA1
5299400d1582d8f07976af5278302d845a1cce86

SHA256
8c3e59a728cbd1bb851412cec6671a939bb08bb6c119881b5753b152509a0d1f

SHA512
13c97dd90aebd5f00a3d83bfa05a4863645d5ce5f2f6198acf3ab44ea2653cdcc51b68515cbfc4ff7bc90a9c4bb0424be095f7c9095d507a32d1293be60eba63

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
Filesize
412B

MD5
6045db9a17f89b6c18d6c46a277081f5

SHA1
8e2ec7c6415544a4b12dc20bfb4137e34bdb20b4

SHA256
f4079807234cb89cad051e5640446af3428be0f77de5e1b94ff746373ccb6da9

SHA512
f881022480c68662f27cb063a1c6a543550268bc33c6725667754126c27d6456cdfd641d2f21a0f525557a97efb84345ef0e7ea4e1d5d230794090719070f2e4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\C389FD106AACA95B265CC81A85B3522B_CF0A9AE2FF2173C0835A64A39EB71991
Filesize
572B

MD5
98a666ba04f2b6eabad119de8ace2d9e

SHA1
1b332b60ea2c2e6dcca1831da92482a370dd1e87

SHA256
e8e5ee8072dbfecd833978ca7bfc8a23872891b5574a5900471070f98e5e97c9

SHA512
82f909bbee701d6f072f30622146583ff9f929863730e6fa5468e493fe1edd80843a40217c79130ce038b552239380152453ce8d876ec77aecfeb05fefbce3ed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
Filesize
412B

MD5
148ed4649c471aca670efbb08d55596b

SHA1
9f5d4382a379a6969efecda398adedde4ca9bf07

SHA256
3fbd5205ef494f732e74eb22c6b96fd6b26b60d185cb2413df76ee7bf01061f7

SHA512
f08c181d715262cb7d39224754e10c0c266f9ee861fbc86cfe8eee7fc8046fb567d9e5a15564d264bdb055b60e332fecc0035a4f0d560f995b4e9bf132991ecb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
Filesize
412B

MD5
11a6ff485fcb168d69d1164757f2f886

SHA1
1d22fe89d68d4d755981f952f3dccced4ece0b28

SHA256
51c8cf9636ff34f9d74bef1dfd57e11416ddd5ac7276d02e3ab7b9cb9553018b

SHA512
7d48509b2e8650488abd0a4f0bbf72b2417b6117994df7f02798971d7d8ab5718f92db247020094da8e2cf90bc36f69508c608cbcab0bc6bb06a7264840e5c7d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
Filesize
412B

MD5
537e1b16370cbcf9f6635d9828487127

SHA1
db0f7f73e6f050bb276066764735abe4af2619a2

SHA256
c237e93ed0e3c2b56e7a93ef246f43b1ededcbde75c44b9d94b0e9b1c71bc872

SHA512
fccdc32efc6ed3c2e6c2131a5e4e278c66aafa5162d90766df0babb66c4c459ded7aa2b910d66b2f00a809921406809761eba0f6971f155e34519a5c7688ffc7

Download Submit
memory/4056-374-0x0000022D2F000000-0x0000022D2F100000-memory.dmp

Filesize
1024KB

Download
memory/4120-61-0x0000024C95DB0000-0x0000024C95DB2000-memory.dmp

Filesize
8KB

Download
memory/4120-134-0x0000024CAC150000-0x0000024CAC152000-memory.dmp

Filesize
8KB

Download
memory/4120-147-0x0000024CAC1D0000-0x0000024CAC1D2000-memory.dmp

Filesize
8KB

Download
memory/4120-142-0x0000024CAC1B0000-0x0000024CAC1B2000-memory.dmp

Filesize
8KB

Download
memory/4120-140-0x0000024CAC1A0000-0x0000024CAC1A2000-memory.dmp

Filesize
8KB

Download
memory/4120-138-0x0000024CAC190000-0x0000024CAC192000-memory.dmp

Filesize
8KB

Download
memory/4120-58-0x0000024C95D80000-0x0000024C95D82000-memory.dmp

Filesize
8KB

Download
memory/4120-176-0x0000024CA7580000-0x0000024CA7582000-memory.dmp

Filesize
8KB

Download
memory/4120-233-0x0000024CADDA0000-0x0000024CADEA0000-memory.dmp

Filesize
1024KB

Download
memory/4120-288-0x0000024CAD360000-0x0000024CAD362000-memory.dmp

Filesize
8KB

Download
memory/4120-132-0x0000024CABBF0000-0x0000024CABBF2000-memory.dmp

Filesize
8KB

Download
memory/4120-193-0x0000024CADCA0000-0x0000024CADDA0000-memory.dmp

Filesize
1024KB

Download
memory/4120-290-0x0000024CAD370000-0x0000024CAD372000-memory.dmp

Filesize
8KB

Download
memory/4120-136-0x0000024CAC170000-0x0000024CAC172000-memory.dmp

Filesize
8KB

Download
memory/4120-287-0x0000024CAD200000-0x0000024CAD220000-memory.dmp

Filesize
128KB

Download
memory/4120-270-0x0000024CAD0C0000-0x0000024CAD0E0000-memory.dmp

Filesize
128KB

Download
memory/4120-63-0x0000024C95DD0000-0x0000024C95DD2000-memory.dmp

Filesize
8KB

Download
memory/4120-271-0x0000024CAD0E0000-0x0000024CAD100000-memory.dmp

Filesize
128KB

Download
memory/4232-332-0x0000021DF4D20000-0x0000021DF4D21000-memory.dmp

Filesize
4KB

Download
memory/4232-331-0x0000021DF4D10000-0x0000021DF4D11000-memory.dmp

Filesize
4KB

Download
memory/4232-0-0x0000021DEE720000-0x0000021DEE730000-memory.dmp

Filesize
64KB

Download
memory/4232-35-0x0000021DEBA70000-0x0000021DEBA72000-memory.dmp

Filesize
8KB

Download
memory/4232-16-0x0000021DEE820000-0x0000021DEE830000-memory.dmp

Filesize
64KB

Download
memory/4516-45-0x00000225C7F80000-0x00000225C8080000-memory.dmp

Filesize
1024KB

Download