hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/7ev3n[.]exe

Resubmissions

07-05-2024 16:28

240507-tyx6ssha59 10

07-05-2024 16:24

240507-twmx2sed5t 10

Analysis

max time kernel
149s
max time network
142s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
07-05-2024 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/7ev3n.exe

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 6 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c856372d9ba0da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c267692d9ba0da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ac6f1a309ba0da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = c85a37359ba0da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a806482d9ba0da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4c43242d9ba0da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 928595319ba0da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz!	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdge.exe

Suspicious behavior: MapViewOfSection 6 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

1020 MicrosoftEdgeCP.exe
1020 MicrosoftEdgeCP.exe
1020 MicrosoftEdgeCP.exe
1020 MicrosoftEdgeCP.exe
1020 MicrosoftEdgeCP.exe
1020 MicrosoftEdgeCP.exe

pid	process
1020	MicrosoftEdgeCP.exe
1020	MicrosoftEdgeCP.exe
1020	MicrosoftEdgeCP.exe
1020	MicrosoftEdgeCP.exe
1020	MicrosoftEdgeCP.exe
1020	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	pid	process
Token: SeDebugPrivilege	652	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	652	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	652	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	652	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2248	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2248	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid process

1388 MicrosoftEdge.exe
1020 MicrosoftEdgeCP.exe
652 MicrosoftEdgeCP.exe
1020 MicrosoftEdgeCP.exe

pid	process
1388	MicrosoftEdge.exe
1020	MicrosoftEdgeCP.exe
652	MicrosoftEdgeCP.exe
1020	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

MicrosoftEdgeCP.exe

description	pid	process	target process
PID 1020 wrote to memory of 3116	1020	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1020 wrote to memory of 3116	1020	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1020 wrote to memory of 3116	1020	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1020 wrote to memory of 3116	1020	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1020 wrote to memory of 3116	1020	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1020 wrote to memory of 3116	1020	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/7ev3n.exe"
1⤵
PID:2220

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1388

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2976

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1020

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:652

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3568

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:3516

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3116

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2248

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\edgecompatviewlist[1].xml
Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\0S6VZEZ6\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\7ev3n[1].htm
Filesize
262KB

MD5
6e1813f981d0198f4be125396d4ba532

SHA1
c6e9de3bde075d5e2265f44024796eaa5f368ab4

SHA256
808ad45748cd8c00cba5b559a74e3309dcab7b23c22fd857d45f8930234eb091

SHA512
cbafcab3d780aba4fcbbc6f6a9c32507e91d397941ba2c47bbbd0bb7fa449a9143c533b12e46eabc0b4aac55d757f31f48c0dc3535f12a4187a6ed68fa6862a3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\app_assets_modules_github_onfocus_ts-ui_packages_trusted-types-policies_policy_ts-ui_packages-6fe316-d6d20db61005[1].js
Filesize
12KB

MD5
99491bca2c0e8e0ed479fa2984b42bec

SHA1
6c2936643f06e13d8f7bb0d95bfccf94ac38c5b7

SHA256
441b1c7ac47c813050add5866a5fd36b953401bc6d6c55aae3600c0722268cea

SHA512
d6d20db61005abe7eefdf0d2075aeb311ed8325e4b5a48320d1e6c909ef3b0ce78561bc607f0c9bbcefa3bf55ff7b389f55fb182bd5b96f15445aa2f33cd351f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\element-registry-450bd60214bd[1].js
Filesize
44KB

MD5
1c0868eaad7ce97a3ba7ddb92c8e5d1c

SHA1
8280eac4bbae16b7e88f29354143754a8a89ece5

SHA256
7fe33ba37f5cbc6438bc8764e2a46cc4e827bd3cf99f8989e84e6136a9e91cc6

SHA512
450bd60214bd9b9783ebdd8b4004687224d3fedc5ac7e3d9040a59e0e44456cdefb3fb8d8d08cbb3e5e482c6d5a173e0acf799a9589af4277925b6289951b3bc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\github-elements-f7fe73c93e30[1].js
Filesize
32KB

MD5
d619e280ef4f7617726a9dd7958d86c3

SHA1
d8206d3e5366e567ada819249fa139e03ad809cb

SHA256
febbc09ee696294bc23fbed4cffcec273e56844741751c1b1db0a7bc3d72e159

SHA512
f7fe73c93e309d12ed04922521e60cdb21f5083ad031ca1079c1f12975b0f173139686970194e7f5bf55408e07d8129aef4ddd7a1dcd8e15dcdec187b02739e2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\vendors-node_modules_braintree_browser-detection_dist_browser-detection_js-node_modules_githu-fd5530-6f4d94175afe[1].js
Filesize
23KB

MD5
b22d2d1692f69b2efa04139855062a18

SHA1
1fc413cb1316a566968350421f21b689ab9f324e

SHA256
534b2326379d82d5f6e037b7e58a83daecba5c1070f575b4cc33a39d782e62d8

SHA512
6f4d94175afebae7662536dc24a486f3787204d4ef13a6ad8c64a30c9eeb5904cedc945e6faa9b7f71a4b65ef37abc422527381a1212cf4991c6b750753421d3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\vendors-node_modules_delegated-events_dist_index_js-node_modules_stacktrace-parser_dist_stack-443cd5-1ba4dbac454f[1].js
Filesize
20KB

MD5
752eb45af6eddfc36e3093b24349e9ce

SHA1
99dbd6a84c7a358a550477fafe89681382e33853

SHA256
7a33dc030df6ffdac087a68957ff32de1c009447a7486be5770f290b37a2091a

SHA512
1ba4dbac454f4d7fcca50f75a5fd12b9591b8a7616a584e46c0a46e71896e69be5d3a5bbf8eb8c2118c3dcde22cb46e2c85cd37166fdb616e0c7318898276c2f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\vendors-node_modules_github_catalyst_lib_index_js-node_modules_github_hydro-analytics-client_-4da1df-9de8d527f925[1].js
Filesize
8KB

MD5
e26206a08e0a408cb0ac26b62bc378dc

SHA1
1976478d9d2e3a2b594b383a71b7c18c33abe31e

SHA256
5480f3fc81d2395070c90579a17b32713d017c4d17dc9bad135afe1521976930

SHA512
9de8d527f92555e0c1222d6ed8290f66a7a34b5bbff0ae827b40b85cc2ccbad51b4d097ef269aab806d73059e7ea2afe8321ff19a5e12752441f33f56bfbcfe2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-3959a9-28f0ee9fece0[1].js
Filesize
93KB

MD5
cb396bcbb5420a4a5a8b2ed81247fa05

SHA1
e002f29e59b02e253a6b148d7e8745b87f706c60

SHA256
3d8b79caaa8cb29b4f45cf3b5067a42201aa8c98c828f4a3bdf083f854855fbe

SHA512
28f0ee9fece01a8359a9f506f1ba94db8a58ee2886e0f9a2bafbb8f22a8bc0848978b79d4012f336aecec7fe12719f33d8f93775d1f56c762256fb0a0ab1d022

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-b7d8f4-7dc906febe69[1].js
Filesize
18KB

MD5
4d87a5470325fc3adc78598eb62264df

SHA1
9e7c5e4ac32802ba23d14e7c0d989848ccc3132d

SHA256
17339ebba6fc6f421db7fb62286f502727680abe7513bac481c8f50c1a747a10

SHA512
7dc906febe69aa010f9c86c3de40bb23d258c1f06c1be8ea034f605eedbd5399ef5bf9a51566e79f0a8f0639ad4e5f727f4a3c1771c7b03bb6568a8e0606a3d2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-c91f4ad18b62[1].js
Filesize
75KB

MD5
8d2fd700b674b265b884566f9e1a68b2

SHA1
b0071dc74ec8602aeb4d4063ace590e7dc26ab6c

SHA256
8d303394176f2b0cb950c35e71caa07a94141a3625c75d8b5da9f42f9a1bd700

SHA512
c91f4ad18b621b1321ca15512f94dfc9b7759ea2d0a150e0d4ec12c62ace6f5d01e60b991f0f1fa523b96ff9e0174e89a5c6496a6df15b61e57f232f2fdae967

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\vendors-node_modules_lit-html_lit-html_js-5b376145beff[1].js
Filesize
15KB

MD5
81628c9093236d8e3cf835f708c30608

SHA1
846b10531dfca6510051fc43abb8f9b5647a0433

SHA256
daf381c316a5988c9116aa65c5816cbc8a958211b4c0b7d989ad6c9645757902

SHA512
5b376145beffca1bfc6b0352c08819609a974b6170848699421208752a63f057869e0e4ddd23797b3a0c281c276d7fae580cf41bb5465c632aee58524b21e7ba

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4QTUY2JV\vendors-node_modules_morphdom_dist_morphdom-esm_js-node_modules_github_memoize_dist_esm_index_js-05801f7ca718[1].js
Filesize
5KB

MD5
11819c8c15340c7ca8339fcc945a4f06

SHA1
5fb0a03295e008aec0a1abc786b9e8bdaa3a233e

SHA256
7bb4cf0c86c218c29466a022a4c087e72ae5cfbcc0307a67c9a5af2a0ec2a521

SHA512
05801f7ca718d5ffd9e34ed99b557c1e8c624eb6263e0eb4f94e6fe32c4a1b1c1663419d89594358471edabd80a15f1143200b4150051e99377b988dba7d7389

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4TCZ1QO\code-111be5e4092d[1].css
Filesize
30KB

MD5
7cb9080aa576934b53486d3746529970

SHA1
cb9ad049ca59d0dc0095470fddb2bda8798211cd

SHA256
9850beb3ebe2c31da0ece9d1a823e5e7d26983626c6e2acf4210d33abf6660c9

SHA512
111be5e4092d831d8e068ff4b6d2be94cbccb5bf92adc549a6c2506c4712ac177d15a61b56bce1919a2bdf9bb66d4a24b805db3aaddeb86823912d1df805f2fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4TCZ1QO\dark-1ee85695b584[1].css
Filesize
46KB

MD5
2f1124986d7087c89cfedbab9e6c5090

SHA1
84af5865a920d527c436719c2b00d9860e68f07e

SHA256
6e28388875a179d32b9788d45aba0cf5901513106aabc738c6f290643505b007

SHA512
1ee85695b5847734f481c143211fe9d590a987f2b56b1772664b7a529455bf19592bcfbeffc4281ed1b6679299244d40112203438e6275271a67c4bf1181fe14

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4TCZ1QO\github-da273831c5c7[1].css
Filesize
116KB

MD5
f4f87abbe39463400f46a3016bd5da00

SHA1
9bc23e150c916f2bbbc133dbc6a15beecfb5f49c

SHA256
9b77befa3cbcd0106264eb0ac7d7af6b4d76575d0059056acde6cae8e32b8e55

SHA512
da273831c5c72a289399d0479f9a522948107902847c63de6e6694f1f941cac0e53204bbb5b1be8b2d34f499e098dbfce7dfb0fb268df228565d5438f0ed8525

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4TCZ1QO\global-32f8814d2265[1].css
Filesize
271KB

MD5
00d1d6030c3137ab61996a9e4d434d25

SHA1
7525927624fdeb32dc3625d5bcb25af3719a6361

SHA256
9a1be51fd48f841577fe04fedc16ac5466fa711931d9225d3fd1790aed94ce8e

SHA512
32f8814d2265e3d92e19f05b00b9d75f7d55e1a73a58f7a80eb4ffd72bd422e003a0cdbf1d8fab166a0f5eefbb1769edd1a0b372b0194a3dab30c2ba07ef2022

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4TCZ1QO\primer-241a089e9a0a[1].css
Filesize
329KB

MD5
7724d1ccfa7c579a5d0a990f0a2890a4

SHA1
fca59b4308d3e605c15d15d59074cb7db9ab7424

SHA256
adb9d3f465f5fd590c46320bbf586d0b49ee0b71dbeb2c5650462bf902faab66

SHA512
241a089e9a0a69930256aaeea146aa41b9125aa848db3d4cf5d392eab2d861b4c52250f4998323358d00a19b70bd2393a3d5990b7676c5e37e5ce92b34d25448

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4TCZ1QO\primer-primitives-0b5bee5c70e9[1].css
Filesize
8KB

MD5
4a501b962a497016dc70c7dc3f95f859

SHA1
7d50b4e6274c503021751982621678afed30ae6e

SHA256
8a9ace6d9250dd653522dd94b426d1617df95fdfd86264beaccefa22c78fc7d0

SHA512
0b5bee5c70e933f062d7773a200472973456db928fb6dfa0c9bf0ded60b04e4b0100ada3f4234193aca992acd72d196f5b5f458fa4b51636b6bfe9be16c8f191

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4TCZ1QO\repository-33a7c32c5a6c[1].css
Filesize
27KB

MD5
ffa5bf408e1ef714eb0ae0706912050f

SHA1
32b43ceb1dc5435a62096784eb75bfab75cfdf27

SHA256
631690b4f165e4725301cd06d915e6b9ea4cb44606e44c4fb4ad31877063aeea

SHA512
33a7c32c5a6c0f921f24f658a5d8e23511f3e643530be773f0e6dc1b3d400c45170e4052306f25b5790d43f4368eeb55583f0e113193042f734a61c6a51ee3de

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4TCZ1QO\vendors-node_modules_github_auto-complete-element_dist_index_js-node_modules_github_details-d-ed9a97-3fb8ce186301[1].js
Filesize
17KB

MD5
b9c6b5b35090e8d9a543a541f995e7f4

SHA1
fccf971af350d8e0889fdd962c6bf9e78bfeb592

SHA256
f55a45d50d1823eab95a5f90b848dad745c38ba3d6cd0e7b8feb334e4f44e8b9

SHA512
3fb8ce18630108357e935bc781fcb7ccab2de38eea788ef38f90ff4936c7a573eb01ed25212ca29e3fdb3e3b8d3ccdb6aa38acea554f2e89df0b0aee30e59acb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4TCZ1QO\vendors-node_modules_github_text-expander-element_dist_index_js-8a621df59e80[1].js
Filesize
11KB

MD5
da04614ae380b68c111984f401413fc7

SHA1
7ca0dc023ca0b1654d7c8630b8a05534e156d03d

SHA256
85fa448f4d60be73de2f42a83937523b7b751a4523b809fe9e3edb404e00b835

SHA512
8a621df59e80e8851a8cf3db03462095e8bba43a860b1018dc66780448e82d19871be99aab995fa57025db8b7f8e975eb0595fe2c59ca23d984b4d21d5031aaa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HPMU25CS\environment-5555c6700ada[1].js
Filesize
12KB

MD5
f77438b6bdf11c585fcb4ecdab963147

SHA1
60e03b4c3bd0df3e28cf14ff5b741c706c6fdf33

SHA256
0c80ab86cb025561147d8c0e3ad8723276a97305913d678acc8cdf96ee513056

SHA512
5555c6700ada958ab8b6e9eece6ba4ea7288f606c2422cf50861012ea254e3321ea76196572d6285444ae2f1776c61509c04042020f4da71b1ac913d7d3982b9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HPMU25CS\vendors-node_modules_dompurify_dist_purify_js-13ee51630182[1].js
Filesize
20KB

MD5
2e4dc91ea1bea153c73307a42db02ea4

SHA1
c1a8652552b884fd87324b7f66b4423fc50a2bf7

SHA256
e5946343506fc6104aacd3346e8a3a8c5e7b434e8ce9e84525585d7e80a18fa4

SHA512
13ee516301828fb703a5ef99bc618183a3c4e293d85aca9ceb63f941b5b99ccfa68a41e413f5a69716b38cd6b7592d243665a6c5843d7b6e5261a96e59720077

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HPMU25CS\vendors-node_modules_github_combobox-nav_dist_index_js-node_modules_github_markdown-toolbar-e-820fc0-bc8f02b96749[1].js
Filesize
18KB

MD5
1908a7d9985e9540b3f6fc047f62b729

SHA1
25a06882e338da16bbc59797925ac6086141f478

SHA256
1b92b8a1d5169e64edce1fb248cb5989561060b083e5f05b6ca2a823b748a946

SHA512
bc8f02b96749a7ec00a92334c4964a4255611b23e15b88a9fef73fce2b55e32bfefa7f4bb89d436685a92fe188713790b9154ed79b5d7b3690a3ace68346cadf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HPMU25CS\vendors-node_modules_github_relative-time-element_dist_index_js-c76945c5961a[1].js
Filesize
14KB

MD5
2cabd818fb8745b2fc7d5f92594269b8

SHA1
88108fecb3839f06671c2a21e35163e0e414b2b0

SHA256
55cdbee6ddce98f5c299a24fb9851501f46ff0cdd2ef3b2f7bb572a3940b462d

SHA512
c76945c5961a4f5b2cb1f85bd3cbb35d5e81f611c3ba05543acfe870728e94e9719c9331b65f4c2c8723960c5ac1e9cac0495a892f049b41ed3ffbe899b93700

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HPMU25CS\vendors-node_modules_github_selector-observer_dist_index_esm_js-9f960d9b217c[1].js
Filesize
9KB

MD5
683a7fe431bded8fbbf7b5189a1b8209

SHA1
2fb527473877ea06ec6b023690ce933c216c5d07

SHA256
f87c5b59b8f353c8762f2e44e1f82feafab882a96a0fad135dc6fc1555872ab3

SHA512
9f960d9b217c457d467a9510dd9797c4ec9df9a892c0a3e1746b2b87dca8ec191dc901e983bc509bc282004967b6fd588dbff5bf70bc7e20a5ca32bc7f1d772a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HPMU25CS\vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-7bd350d761f4[1].js
Filesize
9KB

MD5
b6b600c9f1dd4c88024d62e6ff2eb871

SHA1
5a22091378af6a681a1edd36e5337b9b6f70613c

SHA256
447a26cbcbced255f24f46c1e82a6f3a4de3b2a44d4b0ab7b6f427b12f783f8f

SHA512
7bd350d761f4f22866b454b1271af79ef5d23f5d1b8cb0598c34f739e3dab977450d61d01b8a0c135fff309389f712c0114e9cd6e844d2261d2536377b71b838

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HPMU25CS\vendors-node_modules_primer_behaviors_dist_esm_focus-zone_js-086f7a27bac0[1].js
Filesize
8KB

MD5
6822816845d932c1e93f68372f005918

SHA1
1dd14a539530e8d131ce29be5e5f84e4098b6a15

SHA256
14d338ed3345cc8d74e239c812aa37eeee6126bc1ad8a17e4e2cf6ba8ee0adee

SHA512
086f7a27bac0d285f5e0c849cebac7176f86edb18037d8ec4356c2b8892fd3f47e045f857eb673b213661eea17441192cdb7a76c807c2badcecff6b7901aba92

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HPMU25CS\vendors-node_modules_smoothscroll-polyfill_dist_smoothscroll_js-node_modules_stacktrace-parse-a448e4-bb5415637fe0[1].js
Filesize
13KB

MD5
331e44e17e9ff14023510b990053a71a

SHA1
096363b6e8794bbd45a352d3cc8cfc4946b832b2

SHA256
7db9b2cf77bda551dc5b202710a2ebccc88a74f6d807a8eaf19d3624befba34c

SHA512
bb5415637fe067dfd3bba724d1e3ec440d342feaef6d42226cad26c535dab05ed798c92b46104b1cc843345e11d3e40a72a051c7730438fc2ea59abad6b2b26a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HPMU25CS\wp-runtime-cbf820ed770f[1].js
Filesize
41KB

MD5
cf8bb99e98db30153798b3eb4be1912e

SHA1
0c2bdd28cd5f9efe194136dcb93316ff931a5715

SHA256
1674f67fc740884ddc67a1fe564b635200feb6ba3c7792ebd83d05f398ba03e0

SHA512
cbf820ed770f045bfa80ac3b2d2695fc77fa3ee950b07cea7a3fb3f2f573effa8fd73cf49bac90007a014a299d8d6c2b3188c40847b5aa1e11cf3d23dfae1195

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TQ0DVTHJ\light-f13f84a2af0d[1].css
Filesize
46KB

MD5
deca261177994c06974b8eed93ab0d5a

SHA1
6df91477da6dcfd0ccbf51fc39f2f31f03acd8fc

SHA256
7dfb4dd6d5448e12ce18a0c186a890f6b9e4550e9e160e83fefcaacdf6decd9e

SHA512
f13f84a2af0df501d75659ef3682b9991894b860be2045d686b276698831c211d69a7df233fa82880f83c633226187e5c4fbfaca2a9983fc0b52454f78fece98

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\XJGLV5VF.cookie
Filesize
166B

MD5
e2efb5501d81bacc006e5f27ef78ba1d

SHA1
1f1b0db7997b76cd135c5df78882d7633eeaf312

SHA256
df6dd711ca99ec8a74d03a632dd3d2a334d626ac09ae9c5d35e3dd86434e3099

SHA512
814f291c63b85964f4511e9e17276333da09581c51bbe63e7566d43c78c02a981a4be39829f812a9b83b8d2ae1823bd5444a6574938de15182d0aa5bc0d1c150

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A66A8DB907BADC9D16AD67B2FBFFDD5C
Filesize
281B

MD5
d82d94a395d6576f059d9679a4ff301d

SHA1
f36a83281466d3376668d84f22fba877b79e21a4

SHA256
c2f71395fcf6c51c615fba1120dbe728dee39ceac9b81faf76279ff9c9aa58a6

SHA512
1ac01ac73a2a7aebf5f58016eb2883db2569a60af4977905b312225b3a951f6fe06ae18d98ee2dd2fc4286d268d0447bac0c37df6eec8f4eb36816fc1b72bd12

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
Filesize
1KB

MD5
80840bec0300c2749b5eb7113919a5d8

SHA1
353b9e4642ec52157a663c2799fe2b502abc6200

SHA256
19fa66bc083d56765964329291f9c6591abd931f41944589172348d35615e798

SHA512
d6c317a56014d32881c670c701d4849912d92ab7d0158689d2a9d89b78afaa98901d95e83856acb1fac677d6358001d85cb5c444e95db8211e0e34e5b6343511

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
Filesize
978B

MD5
068bffb1bcc37658e15e70c2abb29bd1

SHA1
bab14b4d02fd24c6f5eeffd2050e8f632f08cf93

SHA256
3be8156cba861e9ccb47101114c12f88477189d0ab5432ea131d7d5cb509e186

SHA512
30e697270f8dd85ebd0b1e2024f3d5ee96d38aea48def5df92e38ea745a414f92918ffe11c435eceace6db3f6c59d7653c160204dc69b73deaf10d8fb064f2e7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5C
Filesize
480B

MD5
bf9d6dce24c44fef9e8939f8a28f2694

SHA1
58fdd091cf4220ce943d891f5208a96f7e133dae

SHA256
0c242bc5b4ee39882445cb29ea5fd4816e4952ae227fd95b0e6d297244df4fb2

SHA512
1c19e09c1df771f6c7a7904b614045a7714330b34936602464d114ea143fcd10c7397f6c3e5e561d8fa9d321cf6fd5a201b68f320b8151e0e9ba4b4feb1d65a7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
Filesize
482B

MD5
7f41f07169b0d748c165d292bdd05b0e

SHA1
a56db3e9dbabf921b8d50125fa75619750b7ea90

SHA256
926c8c0f8a50d6c0b5c8de1e197fe2de30054f6583f1c8160cb11d096afc3267

SHA512
a5ceba227edc37d7c5624ad3c4649cad04e54533765c991deef5e3f46dc6173c08d1ce869b704fece448ae6b7f839f085522991ed27772630bef57ad66c4b4a6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
Filesize
480B

MD5
4f7ba0d2e7881edcab2f5a6236926008

SHA1
b7e9ee5a432dff64f2bb2dd285c0eee9f93cc7c1

SHA256
86d2154b37cfb86b5e3c6a4a62eccf6eabfd6e1bf7512c432e8eb9be8a1f5bf0

SHA512
5b970813b600ed88f21065f6b73d604aee2e9e61117807535c677f012fcc20857a57c08a8cde1a6af4b0712ec958f9c8e35ea442ff9933899dea0220ca5b481c

Download Submit
memory/652-44-0x00000205ACB80000-0x00000205ACC80000-memory.dmp

Filesize
1024KB

Download
memory/1388-16-0x000001F281E00000-0x000001F281E10000-memory.dmp

Filesize
64KB

Download
memory/1388-0-0x000001F281D00000-0x000001F281D10000-memory.dmp

Filesize
64KB

Download
memory/1388-239-0x000001F28A4A0000-0x000001F28A4A1000-memory.dmp

Filesize
4KB

Download
memory/1388-240-0x000001F28A4B0000-0x000001F28A4B1000-memory.dmp

Filesize
4KB

Download
memory/1388-35-0x000001F286060000-0x000001F286062000-memory.dmp

Filesize
8KB

Download
memory/3116-213-0x00000221C8A10000-0x00000221C8A12000-memory.dmp

Filesize
8KB

Download
memory/3116-215-0x00000221C8A30000-0x00000221C8A32000-memory.dmp

Filesize
8KB

Download
memory/3116-223-0x00000221D92B0000-0x00000221D92B2000-memory.dmp

Filesize
8KB

Download
memory/3116-221-0x00000221D9290000-0x00000221D9292000-memory.dmp

Filesize
8KB

Download
memory/3116-219-0x00000221D91D0000-0x00000221D91D2000-memory.dmp

Filesize
8KB

Download
memory/3116-217-0x00000221D91B0000-0x00000221D91B2000-memory.dmp

Filesize
8KB

Download
memory/3116-209-0x00000221C8A80000-0x00000221C8B80000-memory.dmp

Filesize
1024KB

Download
memory/3116-208-0x00000221C8A80000-0x00000221C8B80000-memory.dmp

Filesize
1024KB

Download
memory/3516-184-0x000002D9D8710000-0x000002D9D8810000-memory.dmp

Filesize
1024KB

Download
memory/3568-65-0x000001F9A6D00000-0x000001F9A6E00000-memory.dmp

Filesize
1024KB

Download