hxxps://drive[.]google[.]com/file/d/1fSJ7JSNzkUzBRzlJegBKQ5WHVzESU-XO/view?usp=sharing

Resubmissions

22/05/2024, 18:55

240522-xk95zscg5z 6

Analysis

max time kernel
72s
max time network
72s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
22/05/2024, 18:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1fSJ7JSNzkUzBRzlJegBKQ5WHVzESU-XO/view?usp=sharing

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
66	drive.google.com
67	drive.google.com
1	drive.google.com
2	drive.google.com
3	drive.google.com
26	drive.google.com
27	drive.google.com

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9abeaabf79acda01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = ec19fcbc79acda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "3431"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000aa152f58c48558ba6c61f4e5674a885c8a1b86fd180490f97936d8605fdb7defb2380232af3c45abb2dc7b18cdb5ec6642d077c2d632dd8373dc	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "124"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "1307"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e7b7c2b979acda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 8 IoCs

pid	Process
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1176	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1176	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1176	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1176	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4360	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4360	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1644	MicrosoftEdge.exe
2908	MicrosoftEdgeCP.exe
1176	MicrosoftEdgeCP.exe
2908	MicrosoftEdgeCP.exe
2928	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2224	2908	MicrosoftEdgeCP.exe	76
PID 2908 wrote to memory of 2224	2908	MicrosoftEdgeCP.exe	76
PID 2908 wrote to memory of 2224	2908	MicrosoftEdgeCP.exe	76
PID 2908 wrote to memory of 2224	2908	MicrosoftEdgeCP.exe	76
PID 2908 wrote to memory of 2224	2908	MicrosoftEdgeCP.exe	76
PID 2908 wrote to memory of 2224	2908	MicrosoftEdgeCP.exe	76
PID 2908 wrote to memory of 2224	2908	MicrosoftEdgeCP.exe	76
PID 2908 wrote to memory of 2224	2908	MicrosoftEdgeCP.exe	76
PID 2908 wrote to memory of 1300	2908	MicrosoftEdgeCP.exe	80
PID 2908 wrote to memory of 1300	2908	MicrosoftEdgeCP.exe	80
PID 2908 wrote to memory of 1300	2908	MicrosoftEdgeCP.exe	80
PID 2908 wrote to memory of 1300	2908	MicrosoftEdgeCP.exe	80
PID 2908 wrote to memory of 1300	2908	MicrosoftEdgeCP.exe	80
PID 2908 wrote to memory of 1300	2908	MicrosoftEdgeCP.exe	80
PID 2908 wrote to memory of 1300	2908	MicrosoftEdgeCP.exe	80
PID 2908 wrote to memory of 1300	2908	MicrosoftEdgeCP.exe	80

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://drive.google.com/file/d/1fSJ7JSNzkUzBRzlJegBKQ5WHVzESU-XO/view?usp=sharing"
1⤵
PID:5060

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1644

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4620

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1176

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2224

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4360

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1300

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4828

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:6132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\callout[1].htm

Filesize
28KB

MD5
084e49c5afc74ff10674ea7327063cde

SHA1
e371c8caca3bab493dbe8ba43f169c72cfbaff5e

SHA256
89fbe3506367a5d36f7470738c26822a2eb6bc2a946ce0e104bda6d8967420a8

SHA512
cbc8f1da06d0b705670621b4d6e66902ff780eb3c9d1e78f12a24cd5aa7f69081a89800633ba80ef5c91690ccbceca4f61687908905d13a1d2a0ad0a4e2070af

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\rs=AO0039u2lcyMoVlyg7ViRkhPX25aShKV1A[1].css

Filesize
2.2MB

MD5
4fa995c8f5aeec7d8a9044bd512add9b

SHA1
48da102f60bef82383178e2fa44e1f345794b321

SHA256
9a800141157b9b56b6fe5536c21ed7347ea30c01f8d3940fcc1151282032b840

SHA512
5740db6de8edae90d46c10badb78e51a6343ed647e355efbe5439d63581a5be5970fc75fffeffb2a00f79512d916a0730b7cb6c02e0d6e8e0bc4929c2f4e4670

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\warmup[2].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GFIKWQ4B\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\K8171U3A\drive_2020q4_32dp[1].png

Filesize
831B

MD5
916c9bcccf19525ad9d3cd1514008746

SHA1
9ccce6978d2417927b5150ffaac22f907ff27b6e

SHA256
358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50

SHA512
b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\KFOkCnqEu92Fr1Mu51xIIzI[1].woff2

Filesize
16KB

MD5
d8bcbe724fd6f4ba44d0ee6a2675890f

SHA1
d276fd769bcb675f8efe42ebe3003c1d3255f985

SHA256
aa4650a411dfe1c9beb794ffaf08c7909cdfbb05672d79b3a9976672cbba75ec

SHA512
23f757ea3afe6febe1e8ea935f0ee8690e1b1b1da511788b529cc2fc38f7e454153cdba6f84a6a0e19b294e5311625a03617cf98aac150f17b88a53f3ed8b72a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\KFOlCnqEu92Fr1MmSU5fBBc4[1].woff2

Filesize
15KB

MD5
55536c8e9e9a532651e3cf374f290ea3

SHA1
ff3a9b8ae317896cbbcbadfbe615d671bd1d32a2

SHA256
eca8ffa764a66cd084800e2e71c4176ef089ebd805515664a6cb8d4fb3b598bf

SHA512
1346654c8293a2f38dd425ad44a2aa0ed2feab224388ab4e38fb99082769bbd14d67d74cac3ce6e39a562a0812f9bce0a623be233f9632dcb8d5d358e42f2186

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\KFOlCnqEu92Fr1MmWUlfBBc4[1].woff2

Filesize
15KB

MD5
037d830416495def72b7881024c14b7b

SHA1
619389190b3cafafb5db94113990350acc8a0278

SHA256
1d5b7c64458f4af91dcfee0354be47adde1f739b5aded03a7ab6068a1bb6ca97

SHA512
c8d2808945a9bf2e6ad36c7749313467ff390f195448c326c4d4d7a4a635a11e2ddf4d0779be2db274f1d1d9d022b1f837294f1e12c9f87e3eac8a95cfd8872f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\css[1].css

Filesize
800B

MD5
567b2a9c2ff51e07119f91ab83539d8c

SHA1
c9bb920b539877ba8dd54b72461b5ce74e98aad8

SHA256
155036a4145981ebfcb13621ed3579dce388b21a9b24d35b398cde98ddef0bee

SHA512
d4253d572168cb7260da40174ae184a49bef79828de91397ed0c2cc9702872a512cfbc8c3a038e8b0a0e8766fd83cd94196156f4b823cf211c1719892ec22e8b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\m=RqjULd[1].js

Filesize
18KB

MD5
c83d305e5e4709d0f809864fa68f7885

SHA1
92a60b3c5c7a904e00baf25b7178ec105e153bfa

SHA256
ef1e46d82b47e4f787671427be371f9b76dba1b170b041b91a495de6a1189bb9

SHA512
1bda347656411b956fb6aa3d5b89af534b0ee1c707ecc179ef5b9195ba53dd3176d90924fa86e5e6726488c260e75cb84b2b9be59c27acd2d5ac04e41d698733

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\2ABR8AFV.js

Filesize
259KB

MD5
c2d752c8e3a9b5bedbf4e3f94fd69382

SHA1
a6820a8b25a8bc8fdc3cd4ff9b69bcf073c0116c

SHA256
94e3025d9cfa99f088128e1029a033b4fca6d998354bffb44ef92f10e52a8102

SHA512
123e89968fdb954aab9034ecb31607b520b31cb391a77ca47f0cb0d904c502649d13edc03509f99033f2996526882bcebd16a08160dc1b861537ff897e951126

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\Chrome_Owned_96x96[1].png

Filesize
6KB

MD5
c101133ecb2d66f0ea98131267d2a10a

SHA1
8c038b9b39fa23e0ad2226f0016bf51fa0b86e37

SHA256
e3654539251df82d59096e81c875d1244ffb7ab92dbf3ce26f63f675121d8918

SHA512
751e9bfd75d1685a490972fe0d40fdbcda97607f6a500d051b400b002ed8c1d7cf9dab019388b74796c9afeaed4e317ac6b40a7e936d234536aeb0cb6c0d8434

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\KFOlCnqEu92Fr1MmEU9fBBc4[1].woff2

Filesize
15KB

MD5
285467176f7fe6bb6a9c6873b3dad2cc

SHA1
ea04e4ff5142ddd69307c183def721a160e0a64e

SHA256
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

SHA512
5f9bb763406ea8ce978ec675bd51a0263e9547021ea71188dbd62f0212eb00c1421b750d3b94550b50425bebff5f881c41299f6a33bbfa12fb1ff18c12bc7ff1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\KFOmCnqEu92Fr1Mu4mxK[1].woff2

Filesize
14KB

MD5
5d4aeb4e5f5ef754e307d7ffaef688bd

SHA1
06db651cdf354c64a7383ea9c77024ef4fb4cef8

SHA256
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

SHA512
7eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\m=_b,_tp[1].js

Filesize
180KB

MD5
672a78b2aa0bcc9e8701fd0ec0213e3b

SHA1
485f02bfe27250c2cd703a7a96f3cf2a507c4b8d

SHA256
26845d56746086229f94375d57dd04a6186792e24d7deae1780708383a62a4e7

SHA512
5ab1ec33e87f522f33e7026ff6a658598b91064fc496886376fe0b0ef3c4dc51d2e484d25b1c6c8b44c389eb694f808206f6160ad3fd6c4ae642d8b7ee2ce2a6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\cb=gapi[1].js

Filesize
203KB

MD5
e2965c7b2c07132ba0770965efe81ca4

SHA1
b1aa82452465dd74bc80bda33c62ce7ecb172064

SHA256
82b3f379a1bbb41de5081e80dd9583ad5e77c011b501cde5f9317463001f3ca2

SHA512
b88e3c8d16b64db36d5a87808c04ca91a30525765ed7ecf117684c2a99f3bc6f12ca7b93c3bfca99f7a3225a638a7ed0f1d25f47555ef3044a49575777f00dc3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\cb=gapi[2].js

Filesize
118KB

MD5
f46acd807a10216e6eee8ea51e0f14d6

SHA1
4702f47070f7046689432dcf605f11364bc0fbed

SHA256
d6b84873d27e7e83cf5184aaef778f1ccb896467576cd8af2cad09b31b3c6086

SHA512
811263dc85c8daa3a6e5d8a002cccb953cd01e6a77797109835fe8b07cabe0dee7eb126274e84266229880a90782b3b016ba034e31f0e3b259bf9e66ca797028

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\lazy.min[1].js

Filesize
105KB

MD5
936c777790659f304d0d75dd37c349c5

SHA1
c02a937cc205d9d9332b92e05c69836ceafee53a

SHA256
1252984607640507f1e1aed2558e401937ee530bb81fb2237619b15f953052b1

SHA512
7b93634962ea45c2ac645a9cc8bc959846dd453cda1cc8113cfecd5b29e88f78ac8c16dcd0c29b21f2ecc2f17f17363cde7d82d04844d5be50f8e0131b123f01

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\m=Wt6vjf,hhhU8,FCpbqb,WhJNk[1].js

Filesize
3KB

MD5
884e24c9cf4886031c3b0059015de452

SHA1
8ff59e9fd2d451fbb76d81e0908702c3484a15be

SHA256
ceed4f03edf69c0bee6a425529b3757b9101885019542978e09acc23da7a8275

SHA512
6e2740aa54f63297e061a6446594988418780c2a15f006543c77db86a8e6383e85c1d797ae79904e04e108a59c67d25f3c924fadf7979cc3a7a0345691cbcc9d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\m=v,wb[1].js

Filesize
1.7MB

MD5
6724603b537c05ad3658eb3d6e0610da

SHA1
3560a2e97a506d976d70ca8dcfb38d8da0540d32

SHA256
fe37cef93b7c1bf71af1dab8b788112fdc4925761f6e57017e29d7051e96d4e2

SHA512
21bc8c1ba76556a8d74e3918c67da0c7cb0b8a827ae1c9ae2e656fbd753f445f0d09ac93371f8cf9da32f27d236a7070f035dc2883a0c274a37489db0b128cf8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\rs=AO0039vhLftuuC0TdIgmGUKp2VxJhRNj5A[1].css

Filesize
2.2MB

MD5
cff39f88d78d75bcd45f33c055da4f1d

SHA1
7f7db99a853bf8b7796be36905367b9eddf811ec

SHA256
2efe66cbaac837cf7064bcb87711603ce0293d407f984b771aabb61414c44438

SHA512
699f0e0112f2cf6915f3910a604ca032357f057c6ba65664509b5c1396cf6500b35c77a04276c1fa30af9b3752d70d3a45159c8b23cc859b8fd215054f2e8bdf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\callout[1].htm

Filesize
28KB

MD5
c580e2b6dc155a093f7a7ba0f7e5051d

SHA1
f2f973507ea21ece26a4d6041992810aba89ab3b

SHA256
06195b44ab32f843372b31a5577dd8bcacb610977fe272a21e757c26b7dd7042

SHA512
949a05195cb655916960594eddea998e6f5411f38c8476d3217e2da4fba4763eae040e50b093e858a1acee4405f13da5ab7669a960498a454e614130215fb625

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\m=MpJwZc,UUJqVe,sy5,s39S4,syn,pw70Gc[1].js

Filesize
6KB

MD5
d8deeb4bb13e3ad044b1a22880a79bef

SHA1
bfc3aecdf670a82bf29eb6fab73949e8490332fc

SHA256
dcc63fa0f69d99cc0e56dbf4bd7ce4ad965a2ac54679fd25f2a3a7f4a3b9ab98

SHA512
1f2ae4bab66dcc394b832e3fff4fcb6a81d139b99026af7d5178cfbb9903d5acabd776926600de75b05b39e123f8ead6809f28f08ea2223b6af4c07bfedc8d59

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\m=bm51tf[1].js

Filesize
1KB

MD5
a4f3deab365439d2edc98893aa344319

SHA1
69ae5a9c66d989aee3e51f2fcc4fddf5a5c56799

SHA256
c5349ada37967d34e308b209738783cefc8718c83173b596d59aca2709c2a0f4

SHA512
0a183afdc562cfef27db6f207bd04f2ac84a912780b4638903f5ac9dfbcf6e143f45d51273d9f0f77586b662f52f953f79650a6a4f4d30b70ec8ffce197e4e33

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\rs=AA2YrTs74be_nloI4pEoaS7eJYnNYpJ4fQ[1].css

Filesize
1KB

MD5
6ec989de62df88da46cb04d4ef164d06

SHA1
39f40c99e5091984f414e38a217c90554ba809a3

SHA256
95bac848dfbc30c1452deb69f05891aed70c7c9042428826cc7d85f53f2da702

SHA512
53f085e353f1ea003ff4c52b740b4c582cd7b0418bf489373d512c6db58b11656a7532c9215445f17bea91f8a05b8e13f561b6053a590638b68b7078283556f5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\rs=AA2YrTv0bh5E547l0EuuqJgDkmUjYi_Jfw[1].js

Filesize
225KB

MD5
cc6116cab3338414247ee7296bac5b32

SHA1
57bb3a2266c7e495b0847c0cf2c8be7101948012

SHA256
ab7de5fb52a419ced3c8f9100212062b4c1e8ce45d69b06678992d6881c27ae9

SHA512
414cc61f4d1f813020c6237bc92d9275b2107c37c7616e24438e663d3c9fabb4ea1a0f6efa7be3b7f17a9a9708fa29eac6dbf5374b8e990545981473d204b8de

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
6728aea2631b86a76c237508d8ba9b55

SHA1
7a670f95cac088313f7558869162fe01c6dc0ec9

SHA256
e1dd7380c6df33cd5702b032e0e359029d3ef7630f06ceb42cfdc154fd0baf7b

SHA512
533080cd1ec40b8530cad5c9914e0a5156d225f7392283ed2607eda4f1db4a6930002274060ed9130a6f634222c2e15818e16a50579cfe7f5274d028d31212f5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_05B056B983E25E9B4D43BC3D9283D686

Filesize
471B

MD5
1f050492972a35d848f44d323cdc1ab7

SHA1
5131e6190ba80ba759c8281be09bca8208963162

SHA256
28930e9de28b742ba3783c03027340379b57a9f61a1fe7371cc9a7e4c19e1690

SHA512
29013e57339d91373247b96f37e4fd179529ad25c2dfbbc1a460f67d639997a25c5b7afa7359bd0b44fe4c520e41760c5f17eb3843a2f211e2edf24ac4b12185

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_242CEA72AD255CEF17D8B88AD3038326

Filesize
472B

MD5
20c36fb69613e7f4acdb52c2e04f45d0

SHA1
071e6454db0e4d3e26745f59d3c68d62846b224c

SHA256
12411510b26b49b0313ee5582042b21a6f5176384d8e7c02845c8b3eaa87ed4b

SHA512
0c088a8f85413b34720e9d68cfb55a80f3e6adf2d5b4f161f125099d7310d031b57a8d493a16aab417f08f1d238bfc0375f0de7ada2ee91448d27ef50021a184

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_36A4FAB910EB1F125B6CD991C126FE65

Filesize
472B

MD5
171f40b0cd5bc6a18c31811219e3a4e0

SHA1
56a765643010e753fcbda73115d949dc9605616e

SHA256
bcfeba88f185e74ba586d4c817e30b75c9326fc7c0f32578e952608f71376fd8

SHA512
f260139eeda32ab1d75bc705504aefebb1452d96d553c3af8c5095f5ac2a840d070830a7b52ecbdd366d216d2bd24dba7d471f4b5f9753d99da01fb799986cd6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_8DBDB314F582CFB69D8C0359C37384D1

Filesize
471B

MD5
303281e6dcec852e8e88ec90504e6398

SHA1
fbed9efb3dd68503093a4a30f1f4e15599306dbd

SHA256
2ee340e2c33e863733dac165927d5f9657ba7781fd45f5916fd0b1e3f01068dd

SHA512
6c5d2a3a594bb0e6bffea33a1e5043420df5513c184e3085fe4b27b4c827db18e4abd253ccb40322f56080ca2c5799d3d948885fec10cfa128c162e7077dc593

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_14E1B642F024BBD68B11BF0550012BCB

Filesize
471B

MD5
ac661befc954194199ab2fae93c419f9

SHA1
a7446c993bc300fe86be9e698b3f3f859885f50f

SHA256
79c7e7db052a14ffe8e79fa9c09cea2fef9d15cb241dca2fa71a7910c274051e

SHA512
1e3abf562ee0babc9ce6e2f4a114485a38a81f2a7dd607f5d1c28483398437f9ea9ce67aaa84353b4328d33aa9501b5bb7188234fc72b6f6fdb6a6131d66a2c4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
f7411543fd7bb44ca0c88b3312f21aac

SHA1
9c0e444355ee35ccd4de874b91cb0e913fa94612

SHA256
0a155a68d53e6cfa9e6f9b7025179a05054508f9786616c2d97fa5e26cd610db

SHA512
7d3ab0deae6a2206eb4f3be6beac08049012265d9ac96bea5c89ad62481acb116798a523df21c5811f8e41048c4f8548722f3dcc3eb234feed8b6b6844bd37aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_05B056B983E25E9B4D43BC3D9283D686

Filesize
410B

MD5
f5987938fcda09b6afea390e566ae556

SHA1
0ab640538d3b668a543f2bf8ca22c6cc4616c7ce

SHA256
ce9576cbf01ca3b11adf4e7bc1248652269e7dfe617ee7a4d433f1b9717bd452

SHA512
52164556e787d009f90320865cd3ffcf3617fc65d4395a53288b04099c9d52b98c7561eaf14472f02ba11f76e84aed61164eafa4451f5f7b3e8a40240df9e8fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_242CEA72AD255CEF17D8B88AD3038326

Filesize
402B

MD5
1bc8735832c6154c0e396debefcf0723

SHA1
0dca101ced9f469867d481df180a5801f8c18a73

SHA256
2c7e2c0ef37c9572b8bf0392d4db812ca403172ebc506e71e30e732e071c024d

SHA512
c11e4c8a777ca7a4c922161d2ea4c4a3b31b16a2ef501e063cbc5efb700ce6fb5ddf152aae6441137c7986b3ddc23eae095c658e3c4bd205e2c522f032245959

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_36A4FAB910EB1F125B6CD991C126FE65

Filesize
402B

MD5
53483d7ac2eccf8ad68e221b4208381b

SHA1
3438517bed4039118e5b76679a95af5f21eb7944

SHA256
ec4d78e51dba9ec274577c7df7034c469a2f4105f931d2f5f9c2e434b6a47899

SHA512
fb9ca881b7248fe601edce9fbecf24742cc03c78fbecc56165cb1a1e8f9964578a3d8cc2644960ecc8de644d9924c04cc4eaed429c14f7ea01191e0a535fc5c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
564671c2e8ff3d301880ab2f299be0b7

SHA1
94c61259f28e02f78ff4b8d5b89489acef96c990

SHA256
a5df335274b4eebf197b23d2d981c72d8c566930d782964258856fafb0736d29

SHA512
948f45af4c4f114d19eaf5369091831c601395d193bf4e3c4434becd0cd9b61ed6342dd0a2ae7da56f367d014e1298864a42c5bf3b322e3e5ce45e4bf7408a11

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_8DBDB314F582CFB69D8C0359C37384D1

Filesize
406B

MD5
97b955156f86a368268c6d913528b8c6

SHA1
e52eee48548f739417a95233f91e9f51a97e6f58

SHA256
501c9c3e28e46320f8c530d0ceb5c6749be49bf1249e093f16d334df14c4f633

SHA512
d52572996b8652e4a1469f96ef04993f4c16ee9443c0e443395cf4eef059aa9486c965d3bf2511fdfda51cff5e9feed653200b9bb7cf298ff8bce3a732bcfef3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_14E1B642F024BBD68B11BF0550012BCB

Filesize
406B

MD5
73ded7780d02fce9f694290b74200bc0

SHA1
6c7f19d25e2596db685a4773a9fb1d3cdd1e49e1

SHA256
5cbb792e6adce2e19c64f24dd1cc1e8b379eb99c322337ba46b287184b89c365

SHA512
2805e6faae7e59dc52fd0056797c8a99cf7806068d759b609d4fcbf70fef1375648e2fdd10238b43ded9ee63881750eaafc101d5d625c371f099e22c0556ba67

Download Submit
memory/1176-45-0x000001AF47400000-0x000001AF47500000-memory.dmp

Filesize
1024KB

Download
memory/1644-35-0x000001C0D3580000-0x000001C0D3582000-memory.dmp

Filesize
8KB

Download
memory/1644-16-0x000001C0D4420000-0x000001C0D4430000-memory.dmp

Filesize
64KB

Download
memory/1644-0-0x000001C0D4320000-0x000001C0D4330000-memory.dmp

Filesize
64KB

Download
memory/2224-319-0x000001E1CD750000-0x000001E1CD760000-memory.dmp

Filesize
64KB

Download
memory/2224-140-0x000001E1E0120000-0x000001E1E0122000-memory.dmp

Filesize
8KB

Download
memory/2224-325-0x000001E1CD750000-0x000001E1CD760000-memory.dmp

Filesize
64KB

Download
memory/2224-323-0x000001E1CD750000-0x000001E1CD760000-memory.dmp

Filesize
64KB

Download
memory/2224-322-0x000001E1CD750000-0x000001E1CD760000-memory.dmp

Filesize
64KB

Download
memory/2224-321-0x000001E1CD750000-0x000001E1CD760000-memory.dmp

Filesize
64KB

Download
memory/2224-320-0x000001E1CD750000-0x000001E1CD760000-memory.dmp

Filesize
64KB

Download
memory/2224-337-0x000001E1CD750000-0x000001E1CD760000-memory.dmp

Filesize
64KB

Download
memory/2224-326-0x000001E1CD750000-0x000001E1CD760000-memory.dmp

Filesize
64KB

Download
memory/2224-318-0x000001E1CD750000-0x000001E1CD760000-memory.dmp

Filesize
64KB

Download
memory/2224-317-0x000001E1CD750000-0x000001E1CD760000-memory.dmp

Filesize
64KB

Download
memory/2224-316-0x000001E1CD750000-0x000001E1CD760000-memory.dmp

Filesize
64KB

Download
memory/2224-242-0x000001E1E0F40000-0x000001E1E0F42000-memory.dmp

Filesize
8KB

Download
memory/2224-246-0x000001E1E0F60000-0x000001E1E0F62000-memory.dmp

Filesize
8KB

Download
memory/2224-221-0x000001E1E1300000-0x000001E1E1400000-memory.dmp

Filesize
1024KB

Download
memory/2224-324-0x000001E1CD750000-0x000001E1CD760000-memory.dmp

Filesize
64KB

Download
memory/2224-137-0x000001E1E0100000-0x000001E1E0102000-memory.dmp

Filesize
8KB

Download
memory/2224-134-0x000001E1DFED0000-0x000001E1DFED2000-memory.dmp

Filesize
8KB

Download
memory/2224-327-0x000001E1CD750000-0x000001E1CD760000-memory.dmp

Filesize
64KB

Download
memory/2224-329-0x000001E1CD750000-0x000001E1CD760000-memory.dmp

Filesize
64KB

Download
memory/2224-330-0x000001E1CD750000-0x000001E1CD760000-memory.dmp

Filesize
64KB

Download
memory/2224-328-0x000001E1CD750000-0x000001E1CD760000-memory.dmp

Filesize
64KB

Download
memory/2224-117-0x000001E1E07A0000-0x000001E1E08A0000-memory.dmp

Filesize
1024KB

Download
memory/2224-90-0x000001E1E8C40000-0x000001E1E8C60000-memory.dmp

Filesize
128KB

Download
memory/2224-82-0x000001E1DE3E0000-0x000001E1DE400000-memory.dmp

Filesize
128KB

Download
memory/2224-333-0x000001E1CD750000-0x000001E1CD760000-memory.dmp

Filesize
64KB

Download
memory/2224-334-0x000001E1CD750000-0x000001E1CD760000-memory.dmp

Filesize
64KB

Download
memory/2224-335-0x000001E1CD750000-0x000001E1CD760000-memory.dmp

Filesize
64KB

Download
memory/2224-336-0x000001E1CD750000-0x000001E1CD760000-memory.dmp

Filesize
64KB

Download