hxxps://0x00sec[.]org/t/how-to-rob-a-casino/40556

Analysis

max time kernel
299s
max time network
300s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
22-05-2024 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://0x00sec.org/t/how-to-rob-a-casino/40556

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 6 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

MicrosoftEdgeCP.exebrowser_broker.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. = 01000000d25778064c5f87ebc4f4c7502f306d09328a38752058d543615a72e8a70ff1b5dabb631537536f712ab991370f543954e8c5d91ac330db7f1b91	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 65af544806acda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164C = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9f5f194506acda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-0876022 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{1F34AAAB-F12D-443C-B80E-26DBBF5779F4} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 8 IoCs

Processes:

MicrosoftEdgeCP.exe

pid	process
4268	MicrosoftEdgeCP.exe
4268	MicrosoftEdgeCP.exe
4268	MicrosoftEdgeCP.exe
4268	MicrosoftEdgeCP.exe
4268	MicrosoftEdgeCP.exe
4268	MicrosoftEdgeCP.exe
4268	MicrosoftEdgeCP.exe
4268	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

MicrosoftEdgeCP.exe

description	pid	process
Token: SeDebugPrivilege	3652	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3652	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3652	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3652	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid process

4252 MicrosoftEdge.exe
4268 MicrosoftEdgeCP.exe
3652 MicrosoftEdgeCP.exe
4268 MicrosoftEdgeCP.exe

pid	process
4252	MicrosoftEdge.exe
4268	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
4268	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

MicrosoftEdgeCP.exe

description	pid	process	target process
PID 4268 wrote to memory of 4360	4268	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4268 wrote to memory of 4360	4268	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4268 wrote to memory of 4360	4268	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4268 wrote to memory of 4360	4268	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4268 wrote to memory of 4360	4268	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4268 wrote to memory of 4360	4268	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://0x00sec.org/t/how-to-rob-a-casino/40556"
1⤵
PID:3968

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4252

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:428

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4268

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3652

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2712

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:504

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q7BUKSPQ\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\7PLS22MT\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\440fd21108f5ba9e5dfe06cca9fc842569d5a874[1].js

Filesize
367B

MD5
3b6383a60ac05d059fdbe6a64d4ef3f8

SHA1
f1642f2595c69d7c442e4525f40c4c2b94a8150f

SHA256
e819762553d01d7caa2a4f029b164dae8f80c84b499230d68772bea9592d157e

SHA512
22684c794777a7a1e2cc9d30c790b8a800ef78cc3824451d81ca9f483a91546f760549179c22d4bedb8ce6aed9c0498d417dc6b8a31742a43f756e2d20a53c94

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\chat-decc6e06981cda2b5913fa005b61b46f84c985afbf50be95772681ef1698183f[1].js

Filesize
784KB

MD5
9d2a5843caf27d3ceeee7ffaf7163e70

SHA1
d2f213c425eb979283798c16a5b936c9cf8d0957

SHA256
4fef238d1cc485afa3f53aae51aced38a13054654fbe7044fff331bef0b6a14f

SHA512
e0bb011cd977264763846c2fae44b65177ec1c81f09436662311e0069ce1e2ba7f715dc03caedfb3d26359383981d3a1db316c12d943755cf92ade9f9d54cc60

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\chat_87cd179c68f77a1d2535709c09116ecd05093b39[1].css

Filesize
103KB

MD5
f80802c13e40d86a3961de78491937ff

SHA1
4c149e556925c7b31e1105f326cee15258bad165

SHA256
f2bdcf25b388272fd02351c686e1b7f4a755b662616d629a7e3b880d8cd364fa

SHA512
6986b11fb2a7a571df175a036710358f094badc96716b1337d3efa8965c7937d2acab062c89ba889a343bb7de8b5ac6461bbacdbdc3f6ee11c524d11a145f2e4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\chat_desktop_87cd179c68f77a1d2535709c09116ecd05093b39[1].css

Filesize
6KB

MD5
4276d4d2aec5efe918fa51ea4fdb276c

SHA1
75090860cc22cfd2ca9f04a9239d4b8c0ccddd1c

SHA256
2287cbb0cd4a58852c2ffb570b0c6fa37d0f1a5799b6220beff40cf1492e1219

SHA512
2f1b781da4f0dd0dd17137ec9e57c3a74cbb9fc6fdcc6293efb22e7772e26c3bf79d6c96952b14706be3c56ff5f9310f4f0fe9e7b196053237677111da8316ae

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\chunk.703.6e7f5d748100a405901d-ec1f17a5bb4db1ffa0dbfa23af9218c47baf44dbaa8429f794165caceff937da[1].js

Filesize
328KB

MD5
4a8421aff4c141fbe9255bd30076795f

SHA1
89b83c8748127bc2a06aebbd2831ea6ecea63398

SHA256
6308dcc7ea63073ebd716129bee4808774383c35f134940c11060aa03fba79e2

SHA512
beed8b7efa92cdb97422e641a8b48e468b6bc488c684b5c789d6c5554cae4af14f0751385aa319a1ebdf395ee5cac04e8775597bef4bc4a3a9d6290fb173875c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\color_definitions_0x00sec-v2_15_57_a5ef387651921c3e4c7aa1108536015ba8299efb[1].css

Filesize
3KB

MD5
837b4d31da9e4b2211ec7c4edc896530

SHA1
4346258a8a994e9b856d7314f6ef6635f67cadcf

SHA256
2d934539d53626b35931973fa8246d79b5c099458f20eab5719eee8e0d082056

SHA512
0cf4701e4ab8b85ad7c7286ba03b956be4b14357d4f9607091bd4fbc89a80589a9160d37e0b8b10ebe01f37b30fd9bbee499007504c66734b9c1efd87225ae4d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\desktop_87cd179c68f77a1d2535709c09116ecd05093b39[1].css

Filesize
510KB

MD5
76681c0443ec585be682cc8e92006ee6

SHA1
8d2a9686b57eb6269a69ed21dff045c0c42f2ac1

SHA256
ddb496d2b3e4fc0b1a4b0e9179fba834bb5563e9262528a3a23d95366a59a6f4

SHA512
93d9e5860373397bfbe79351f87124c5f33d0514f0e07c89887f0a998601e72ce526091e90ea1e73755349e5613d42995055becb38bf4836b7e789cecdc86b9e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\discourse-64fedc7cd2fa993b5655a924bd960dffe88814dbfd60e9f4eac5a7265ecaa3a2[1].js

Filesize
3.4MB

MD5
ebf9a9e6f4428bc1868aa337ca0dd29d

SHA1
636001ce18a874f8a6555471ef6cff45d48db4fc

SHA256
4e0c327f1db99599158b2aa5552824eac07cecdc3e1e26fa5114b0c1d1d1d8e8

SHA512
92352461297b022f54dd751f7e14a71497659119fe1cfc60cf76a1248d7a005def0ee3b99805476ef1a3a7c049ee2b8bed9568e4597f68102fb09a880951a951

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\discourse-details-4cc313dcbef7c2a43d82c8d9cd301ad2bedc79dcb8f31645e1dd0a8b626ba7f3[1].js

Filesize
1KB

MD5
7cda554ad7a11b25f8a4f031b0a329c3

SHA1
35a8bce95212dbc6594f8afc2275f4911df8efb1

SHA256
c8ddcb194251f36b7660847c80f6e79ca6312f43d567318661fa348d6cf4bac2

SHA512
90abad394af2dbfe5f977e9dda005287fae0a295adb82ee64dac5d4f91df1f1e63bc12ce7cbb1ad3a2673760067490f95e1d0b4dd04c443116422607e7230ad1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\discourse-details_87cd179c68f77a1d2535709c09116ecd05093b39[1].css

Filesize
944B

MD5
5db857a9b5bcb114fa33bfee997f4a44

SHA1
bac0dbbaf62e279e7d5d602a9b941aecedc217e6

SHA256
ebbf9f45b9f010a1ccc44c17a8d8d92c522981b2f80100dbf49e623d1d70ded9

SHA512
faec78d88b1849c097b02d020d2aa5fed958ccdb24ef156a3f4344cde6f9a66bee091f6e2f8f44abe992b5f574f1476573f3e675cdf0107c6582897d8a7a33b0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\discourse-lazy-videos-a086289df0c760480a1ed07b2f2c53a9537a2d2c4fa3dc4184a6177675cfc06a[1].js

Filesize
6KB

MD5
59d994090a0addaf95ce624baa30c962

SHA1
31636c6874267b562bf9548dd82850b6989e7f86

SHA256
a8fd19baeb32eda1192dd37cbf0e2ea0f9752791f987b7100354ae5e2a02a461

SHA512
a3652a20f7eba2d868f2684528ef89db183dd102775f0321f2108256dc7cffa6a4b32df611da7dd15efb8976ca16caad9ae7aeb1bbb24ddae7b3029a447fc29e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\discourse-lazy-videos_87cd179c68f77a1d2535709c09116ecd05093b39[1].css

Filesize
8KB

MD5
5e2eac6478799fd73800cf789054557a

SHA1
0311c906a85a00ce49568b7d10af883bf9b36bd3

SHA256
caf7d5d77f867bdff7e769ba01d6d3af877f9960ffb800ea1dc0dccd2c636d00

SHA512
36ab39e4940ab53ac7984fd4a313ec11f29a5cdb412cfc6c7987765772ac67f8d80a0f42d6da4bae48afea471e0c82d2a6403cd8e6ad2159e682c8b6a75b544f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\discourse-local-dates-e3ba622ea7a76e4f7c1405c8ca99bf4bc6414933d835ca7553eb7e3a0ae6f0f2[1].js

Filesize
34KB

MD5
285dad2dda8371d5dc4e2b7e48081504

SHA1
1a911e120c0feb0eae411d16569c511b05548f24

SHA256
0866a23f9cd7e1c57c03b3eac59c3f5a338096b06c90f584608f4cd5e42a4086

SHA512
897b243f9b65501da80442912ca070408824413cb97ebf2f619529a4f1bbb3c9b9ae2d8ba116e4e654b190bd5cbc2f5af4e23f8d515c21697b1df8899c7b0eaf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\discourse-local-dates_87cd179c68f77a1d2535709c09116ecd05093b39[1].css

Filesize
7KB

MD5
77c413e8458e2821b29249afb66dfa27

SHA1
1b5b0313abc7b886c82f9078e40a5b843463f04a

SHA256
53b0be8de4fd9962bebe03f2ca02b59f8f0a466cf8cc0baf1167fc1ef6e73214

SHA512
f469912e932722ff1a9c3c1b20beacaaf6d2fb34a2f2f3f93e6a028e09b40d6ad870a74f22e170c8bbf8aad2d9dbe40d29f06aff00f50a46dac6dcbeeda2059d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\discourse-narrative-bot-4cf85d81804acc076fc2f587e4b1474e55808ac24ab19217564f0fa8d3271c99[1].js

Filesize
1KB

MD5
5e7bd9d2d8aee293a6e1af816fc56a91

SHA1
b687d8ab80aa8d93201158aaf3ac2cee4b62584a

SHA256
58d61a3ded0b47eba3fd448e88774279f43cda67bc32d6c224aa3e7e57037816

SHA512
b339b707d29b109a9983afbfb4694f2015f7fbee28150ebb4179b4fe489b70d5231c8034b7c7d8b1f6b04727b0a924376665852793ad98d23861d4d7a29fa95b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\discourse-narrative-bot_87cd179c68f77a1d2535709c09116ecd05093b39[1].css

Filesize
54B

MD5
e05041538ba8b33881967df8f5bd427c

SHA1
bf0ec79b1807e6030d6d16f154a84a940e7e8eaa

SHA256
fb295aebead69f74d13d9dc394a9ff9ffa548e835c3f266fc0554107c872810e

SHA512
772a56ad1f6bf1dee858f9bfce5b0d849da9cde73acf9b7a6b503419a7db4ce90b72b6de7b4ff85421b38836fcc340ac14a3af8492bacd21e2034c4b4e591e58

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\discourse-presence-b513ec991a9367e0f43d204ecf5f3904f768e64ae360624b7a09df28f967fb1e[1].js

Filesize
10KB

MD5
5c54643d7fc650fe0c768092027d9f19

SHA1
8dabae854d642b36bd8464aff6e78db32ed1e45d

SHA256
a7be813f9868e770a033cff159fd006ce0e59ae17f5c2dda746dffca7a8e59b1

SHA512
ce5db2e05c4127fe032ccb848cad95aea3db5979b7af8c3670f895483defad4df4a5ec987714be419572d8dd541d8c80525c009186ccad626d1f9912e8505914

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\discourse-presence_87cd179c68f77a1d2535709c09116ecd05093b39[1].css

Filesize
1KB

MD5
d182313d3c9375487cb9151aa9b64d6f

SHA1
4e296af539b71249cc787eadbff07987e42058b7

SHA256
bfd02afe01c878e4aebf4ab6c9ceab72a21cb1dec202ad59740c531cb5cc35d9

SHA512
9462c0655ee16ee6af2665f0372cc1b36c78392f3da77c8ac95a7eb527ae17d60f68f88901f348703f2a36fd0995ba39677c835171d14b3aa13aa18576292e48

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\discourse-spoiler-alert-220d9ab271dbb2479455f1d706b09d67c13007618a43fe385a50af524116fe92[1].js

Filesize
3KB

MD5
5368181220aca12947ef19e5cde8fcd7

SHA1
2bc28c1b190e96c90557ed3ac8931e0f63f90b15

SHA256
77f65c2f8fc2ad80ea8c4a2831fbc1638480cb1be1364f1cb4791163276e0a98

SHA512
213bb1c74f708e214b28612c349427fd7084fa5822084cbc4fa9884318bfe9838ad07435c3c29332a20a81af2e69c113346b1448ac5b0a3ec0feb395ca1ef41b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\discourse-spoiler-alert_87cd179c68f77a1d2535709c09116ecd05093b39[1].css

Filesize
940B

MD5
19f9653f458acee74a9cec3e48c00dde

SHA1
0ac3d85d7bade62a1ae6bacd78658a917a0ecce4

SHA256
92c107e49964bff47f25e42d0b0ce999bc77f94acc10dd0006a9b10483accf16

SHA512
feaa1f11581abf10c1e6dee65b33e7158eda801aace3bfd34ff89b5c26191d0460f8baddefc48b60b8df3216c57941feb621ff2035811d72bfabc48f6464673e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\docker_manager_87cd179c68f77a1d2535709c09116ecd05093b39[1].css

Filesize
2KB

MD5
1f8bb61ab96289c5b9b89641be54076a

SHA1
8d4424a0eefc43e9d423799633ae6f78af7f3c69

SHA256
5ae495725a963602c9c32a6ad22dce9517a5343dec216b90195c79d5093945b4

SHA512
ee7920f9a3dd8ba07ad15483ac68a73179b3495ba6b7abd92c0286ec81e6d75a9ddce7e66a42a4822ab27525fe3c2a79cbef20a326d195f21a9927f67a50e4ce

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\docker_manager_admin-e2760c422f99dfc8a2340bc92e3861d2f86b5e6c2240e48c634218bd27ca7ecf[1].js

Filesize
36KB

MD5
e46e26a9ac3f25749dd6d438ae7b94a1

SHA1
c83794dd7918248c3712a68cd6f5774f0343c9bc

SHA256
227a04aa9fe928e7b148714b632e22a33267da50f1cfb5701902e0ba6541582e

SHA512
79a44a62181b794f6d215e86011bed975b4ea3d0992af9b0c17e970f168461639d69f636368b0262f4ac7c90cc3605298fc4a93d022fb8ef5c8cb03f97757452

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\poll-e0853168feaa56847afd9b32b2bfece111915605b8bbd82e3a895cc9d11e031f[1].js

Filesize
63KB

MD5
7701ca1101539f98aed36c0ac62a7eba

SHA1
071ac76c88280bfa752f1df7d7810dcf746073b6

SHA256
4288070ffd8c37510acc91b885ff0dd5fa137ab01402ac3affdb04241d5e6873

SHA512
12a6f5164331d55f9aab0cf7f4ebd06a5395437194a0b831cd5be70f618da0da9cbc68139b498c2f9ec66ae680b7464101b5f10c3c95823a6e7732d89e4917fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\poll_87cd179c68f77a1d2535709c09116ecd05093b39[1].css

Filesize
9KB

MD5
ac6c531284833682bc6e4f45f4fda8b9

SHA1
e46f75ed367d37d0700cb0deb6bd733805d3822e

SHA256
b057a9943dc6d77d1c95f85aba44d7520f5f2ebb857fea4b2ca2db460c6e50f5

SHA512
a06492464117d30ce2c8e3c13fa8de899b05b82854bf862fc9086d343484d9941faed7fb3fe147ae795ee1c6ae3576576ea522ba21cedccf32f51f3012a737c8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5LWPE8UN\vendor-91d760b3108ae149d4b238c442ad44b9a2a581a7856958903d65bdcad303d4ff[1].js

Filesize
1.1MB

MD5
6a03bfc83ad143bbf3e345a4e98140b6

SHA1
5f808777a43718ef341d96a2827575b030052571

SHA256
60a1ec2ee47e62b0a1b30cea5bfb19a5851d409625af2500b507fce95792f3dc

SHA512
93a555fc83d18b61ba47b3e8f0bbb872755ad8ac9b3bedb62189c1c970ea39f8a11449fd15b3c1f46285139cc7e9a1f0f55251a2ff8fefbf2c9013cf3495b010

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ER2IFQ2K\desktop_theme_46_f36ade55bf80933494fe3b5fab518f477de3bd4e[1].css

Filesize
1KB

MD5
cacdc0b3afcbdcb402dce85df9298104

SHA1
f6eda4c8f168f28cf67a2def964e74b98bf1fdb5

SHA256
3d94deb9689e928b55509367f971c47ed63f3160c4f18591e45e0f31f44d61f5

SHA512
a63744a495032c96caf57b4a2ce80c74f43becc900ea3f0bef3967baa6eabacba372819e2b4aebd7a64e25eb911ea3095d44c527fb9f4165ee15995f237c7b9e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ER2IFQ2K\desktop_theme_57_8c0e890a61cdb4c5833a9f9c96664ed164e7d645[1].css

Filesize
64B

MD5
3d0d412621f8924f8062051aa96fc75c

SHA1
b66c6a41c33458eee09e15bf1127417a4ff385eb

SHA256
6e0ce014775c3215906f0b80f8a3c96d5197a04cd89deb7ca9a5dcb63faec1cd

SHA512
b3f2158741eb8b4bc71215383a6db5650e5fee72debf3097a0aff6a984294badce2407ccc9add9895bd91b047be934f64dd9f07d3db3dc6f55f553b5d082a9fb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ER2IFQ2K\poll_desktop_87cd179c68f77a1d2535709c09116ecd05093b39[1].css

Filesize
505B

MD5
6b8450c6079ba3023bbdaef4fb6280a4

SHA1
90f7c04846ce8488882a8339d8efcefb39075369

SHA256
f1ed8efad59f6c17a638e52383cc5a7b2f7f2753f076587608daf983ec759d5d

SHA512
4c533d64de33799338b37877ac9d2882949fbf98ec8ef1f0e11794db1c45708db30a9fab6391b00c7d8a4b8d480a66168ecfa9419b708e456dbfb9d599cbb3a3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OXRAE06T\browser-detect-c399db69e034d820ef38e57658e3cdb88a8fc465a37ce264136dafa217a5525c[1].js

Filesize
463B

MD5
4d5506cef8979a8b4339de4a89d6f02e

SHA1
1acf2b7d8c844fae1ea538094878f56dcd902db5

SHA256
1f14f4e7ecb1852b55f31955819b70d465162d9fa291a72d63c8c46965df70d3

SHA512
60436621d21932c3a56f419a5bbacc437ab35002bf5694984a4bc0c381f8bab90be63595e1ab0daa11d2cd07b42146b28c7ef6fce61b21b48ee165d7f681764e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OXRAE06T\browser-update-6b7b897b96bd83d8e5ed48d31f4871dc0b3225f920b75e6bcd83a357a4400291[1].js

Filesize
1KB

MD5
95968cc734fc678985a8adc7d2c6b594

SHA1
eb434eac685310c46922e3ee8d016eb32685b162

SHA256
5a3746f1501face8f03ad3eab8cc17801d7281b366ac90e6a6e2f06d5de6c711

SHA512
e42d1d7a28977fe71a82154429755caccfcfda2cc9a7142f0f1bac99759b7eda543a0560b9328c698c9938eaa391a54bc964432b1fa24319b1355015498d4401

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OXRAE06T\start-discourse-f3056e616a73a8dd97138fb95ba66f99895cb7fc4abda0de35c91bef09cf40f2[1].js

Filesize
552B

MD5
03ee133f92e9718818c1353575d74b11

SHA1
dbe30bb348d87f2bbf9d5e8a35c851da33aa6382

SHA256
e12789bf31f3806d57f33bc680e41778a9a4925faa0d81cfcaa85876c95b4616

SHA512
5b7f0e9d1d83521e21bfc56e234e219dd2bd408d0f25aeb7f95093d8b17283f89189c80139cdd44ed1184417744441b74c4caecede613ec0331ded115992e109

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YAMNA6LF\3.0[1].js

Filesize
2KB

MD5
1a3be845085b8d94a2997a3a472feb42

SHA1
bca8b08e62be2f0cb66455ac325dc560987dd455

SHA256
6f0ad9f3ff31904d6a4962296240ac2afa342ab957442389db0d04a33b40ef78

SHA512
218f375afe49ca7960b6fc5ffe921ddae1fb2332f46ee5c292587dc370164cc857f533677b4fb60dc2341ca95096a5f3ed3d1615d5411144a034f9260082cdad

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YAMNA6LF\chunk.143.4b09a2968853589e05b1-a6b6121410259a5a715f39e35cc2dac85351c8d8696034778d4c44c58fed20a1[1].js

Filesize
3KB

MD5
60b6eae5f8c0941f62a51b22f30ca14a

SHA1
63b3a579316d841e343ed7ed3f11e7e6164ac8a9

SHA256
ff72c28bfd0a5790f91d8b8b3866170418b85ff4d06cce2f52407de50bd03d9d

SHA512
23681dbb4f2031d1266c70e4b42075e21c512792f75629c7bd8870fe8507223fd37381424669096372b0afecba8ee849ab4baeb5576c612428c3aec0f297ded5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YAMNA6LF\en-68959642866bc83e544f5844024fcf41532da12dc437c73eb9790edff9a54ed5[1].js

Filesize
327KB

MD5
2bf8a71410d295bf1f60b29fcd3f9830

SHA1
a7dc47a47288a003adf57529b41ed65fbe1e73a7

SHA256
5929df1c9be0372281172e062a8d03b4c8373abdfe6a99bec0122818238ce643

SHA512
6225e08f63444f07d0527327ee1fd809b89725670e41114319db590ee89ced16cf7e65f759f533f4d75caa49a684599ff83d97a0f958abb79ac043100b2befa4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
cb35bd9d6c5a4fd50a9263018bbd9784

SHA1
efec24f93d2af7bd01969c36870ebc928fa6c790

SHA256
be648ee93df285417e494e28c01e3ab8f3d043845f4d3b397dfd137d187ed612

SHA512
ac26182fb167458da4b465b118720470859e8028db8d3d71ddbe0c5be0e46b9178c5f7ccb8b1252c38754e27da1af546f8d2f6e32e1bfcbeac0d510aa831bf11

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

Filesize
1KB

MD5
309c95415720109e4ae1c575b0533774

SHA1
ec4ef4ceebec34c053f9daa1462975824eabfb36

SHA256
0e06aaed61807174306d960f32ec56f98dbc310cff1a6d8901a6434e43fad401

SHA512
b81124a255c82eca8ab251eae55b0ae54a4e0fd226dbba352cbb6ca144a0c2860f425cae0994b3c4b0b8fa4a68c0fc00fd7cb6787eb9a556dc08cdb14e817dbf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
3a483c7557b69126a5920ae944d0e64d

SHA1
55e8c86eb877b47b9142f01fb00124e042630957

SHA256
9ec32bf3e0954d9e2142a0c2c91803def5aa4e4a1d342e53fb64be38f88c6ac5

SHA512
62baabe294f53e7ca8749d05e152d0aeed181e712ee8a7ec8d5db7f185cfd381b7f5bd84542d9b485f844f5f744db9830b1d0241259ad9a924faca8a27be8214

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
2b567d8ce90f13a015c51326e529254b

SHA1
785d4248cdc8abd55de1da07ad928e4dfccd1c85

SHA256
53345c4b4dfb5a0894b2ac514697b4eb65b87cbf2d0862e6910b575de3c64bcd

SHA512
48c0a562d5beb0a0fd095d476d0d5718d4c6a6bc4b0b22c8f2a665eb3ba48b01de5cb506d2480f0a29128b4e54e63506dff65aeb01477e1b2293cbaf9e676390

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D03E46CD585BBE111C712E6577BC5F07_5C7AA733A26CC779AF88EBB5B7FEEFA4

Filesize
471B

MD5
8c896e491e4bb7bda1bbaa27e77115f0

SHA1
e92e0ad563483acb9dcf0aac1885df006e508eb1

SHA256
d92a6145f234ca4686c5ce1dab1cf3344acde6e993ea000976b6ff09a342ee09

SHA512
824b87f88abc5a92dfc9ff928eb190d5aad6f067b504510d7188e4ac939bd14862b4f6139250537a07908bff93cb81a41ba22fa290df1b0976d844f5a0226668

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
37b405ce893c67efd298d681bcd07bba

SHA1
6011e98df1b7dedd07f50d5c16388f1f9d7e2a3d

SHA256
ba3a69a0fcbdb2f769f81f5bd7ee295a0d21796ce523599e2d66bad3d9bfe49d

SHA512
493c8b31ed6b64745bff95d5d770e50c8df200c5439e15b1133a431e9b1e4bfeeb43221b8f1e5ec12af57c5b91ac50dcb0a33e46bec744274671e983521daf5c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

Filesize
438B

MD5
f2b5ae0c945eebf497c8a30d8a564be6

SHA1
57e5058dbfef6a46b2920b76e2fd801601eb838c

SHA256
572043b3f845e24bf7bf6a8ec46ba19a336d3172b5a5b3a20054394f8989e4fc

SHA512
8bbf971194c41f741adc9f8c5a2a53ad59f76f1a6f146d0f75cafb65885602bd0a1b026c3bfebbe020940a1cd97e1c217e08c969f4ef2912de32737f5b7a366e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
3b8fed4884dccdd9e0ae819bff92bb0f

SHA1
a2bf3b51617270ea9ee406c31fbffc1712fdb886

SHA256
1d9b4fa817f4b8823e4951e1b8a90bd097cc20efcef516fe622f6d4086de48e0

SHA512
f3ce5214165bdd260529ca8f2d7f42579291dd5f573075ac6bb936e8f878170318cda639a9956e97857ab25c3705edb6677b790d644ed916779d03e5c03cdbfd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
dcb2a7231ee606b1cacbc30e21b0394b

SHA1
ec9a0d9a099710cfd83daf1f9dbd3a38d20f503c

SHA256
92c8194e560d395a79bacd68396797736d61bf1826c80d4f516ad35817c2d809

SHA512
6b3b7cfdd9bea687acd32130f992de372e1b8e8709b1ea2e95d7fa2de7b6389a96ba9c7b94c0f32193ef12f8eb9263b87b596533b61ea421ae8dd6fbd7ebf82a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
d4a7e1017c503b5b72d0322782b30f89

SHA1
5f9d8ecb4d24eef25101159787473a5dd6042944

SHA256
2ef14bcd7de6c6ee9fccd2e9441433c060bd34900ffea28c702dea6d8d642641

SHA512
21513c26a51c51b2f92a74461dfb344a36f8d51fb758a47a1448737058024c353d7c66c44d150dcf1dedc22546bf582f42bb27a69d860a7be90317720b97b4c7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D03E46CD585BBE111C712E6577BC5F07_5C7AA733A26CC779AF88EBB5B7FEEFA4

Filesize
426B

MD5
76219599b0f7046baff4d9fba85ecfe7

SHA1
f937c6d1b704e08a2e79f8d66a8e171883937b1f

SHA256
baf26ae54b9fc535bf781e0143cbd73bddc7be9656ed268917032c000460a1a1

SHA512
c5e5982cf9156f3db58fa367aa4a621f0d83bdb176b8423126fcd56fb287e1ab2095d60ea16837f4a3647b540fff8d06bc0c6be87c90ffaf7e223241327b4dc1

Download Submit
memory/504-200-0x00000184A3CD0000-0x00000184A3CF0000-memory.dmp

Filesize
128KB

Download
memory/504-182-0x00000184A3A00000-0x00000184A3B00000-memory.dmp

Filesize
1024KB

Download
memory/2712-142-0x0000029C96DE0000-0x0000029C96E00000-memory.dmp

Filesize
128KB

Download
memory/4252-35-0x00000298B36D0000-0x00000298B36D2000-memory.dmp

Filesize
8KB

Download
memory/4252-16-0x00000298B6520000-0x00000298B6530000-memory.dmp

Filesize
64KB

Download
memory/4252-233-0x00000298BE800000-0x00000298BE801000-memory.dmp

Filesize
4KB

Download
memory/4252-234-0x00000298BE810000-0x00000298BE811000-memory.dmp

Filesize
4KB

Download
memory/4252-0-0x00000298B6420000-0x00000298B6430000-memory.dmp

Filesize
64KB

Download
memory/4360-202-0x00000290A3800000-0x00000290A3900000-memory.dmp

Filesize
1024KB

Download
memory/4360-213-0x00000290B43B0000-0x00000290B43B2000-memory.dmp

Filesize
8KB

Download
memory/4360-211-0x00000290B4390000-0x00000290B4392000-memory.dmp

Filesize
8KB

Download
memory/4360-217-0x00000290B4490000-0x00000290B4492000-memory.dmp

Filesize
8KB

Download
memory/4360-215-0x00000290B4470000-0x00000290B4472000-memory.dmp

Filesize
8KB

Download
memory/4360-209-0x00000290B4370000-0x00000290B4372000-memory.dmp

Filesize
8KB

Download
memory/4360-207-0x00000290B4340000-0x00000290B4342000-memory.dmp

Filesize
8KB

Download