hxxps://github[.]com/Robloxexecutors1/Version-2[.]8[.]1[.]3/blob/main/Sysnapse%20X%20Revamped[.]zip

Analysis

max time kernel
41s
max time network
43s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
01-06-2024 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Robloxexecutors1/Version-2.8.1.3/blob/main/Sysnapse%20X%20Revamped.zip

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 8 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "3493"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ef167e2d51b4da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = bf45d92751b4da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\NumberOfSubdomai = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "651"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 33b1bc3051b4da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "132"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "542"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "603"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe

Suspicious behavior: MapViewOfSection 11 IoCs

pid	Process
2080	MicrosoftEdgeCP.exe
2080	MicrosoftEdgeCP.exe
2080	MicrosoftEdgeCP.exe
2080	MicrosoftEdgeCP.exe
2080	MicrosoftEdgeCP.exe
2080	MicrosoftEdgeCP.exe
2080	MicrosoftEdgeCP.exe
2080	MicrosoftEdgeCP.exe
2080	MicrosoftEdgeCP.exe
2080	MicrosoftEdgeCP.exe
2080	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	3796	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3796	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3796	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3796	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1184	MicrosoftEdge.exe
2080	MicrosoftEdgeCP.exe
3796	MicrosoftEdgeCP.exe
2080	MicrosoftEdgeCP.exe
1064	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2144	2080	MicrosoftEdgeCP.exe	84
PID 2080 wrote to memory of 2144	2080	MicrosoftEdgeCP.exe	84
PID 2080 wrote to memory of 2144	2080	MicrosoftEdgeCP.exe	84
PID 2080 wrote to memory of 2144	2080	MicrosoftEdgeCP.exe	84
PID 2080 wrote to memory of 2144	2080	MicrosoftEdgeCP.exe	84
PID 2080 wrote to memory of 2144	2080	MicrosoftEdgeCP.exe	84
PID 2080 wrote to memory of 1792	2080	MicrosoftEdgeCP.exe	90
PID 2080 wrote to memory of 1792	2080	MicrosoftEdgeCP.exe	90
PID 2080 wrote to memory of 1792	2080	MicrosoftEdgeCP.exe	90
PID 2080 wrote to memory of 1792	2080	MicrosoftEdgeCP.exe	90
PID 2080 wrote to memory of 1792	2080	MicrosoftEdgeCP.exe	90
PID 2080 wrote to memory of 1792	2080	MicrosoftEdgeCP.exe	90

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://github.com/Robloxexecutors1/Version-2.8.1.3/blob/main/Sysnapse%20X%20Revamped.zip"
1⤵
PID:2856

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1184

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4588

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2080

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3796

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3552

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4648

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3816

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2144

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1064

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3936

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:1792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OHP8MVFQ\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1QJVXDQK\Sysnapse%20X%20Revamped[1].htm

Filesize
152KB

MD5
7e19fc42cd7d22d581b8417c3ac53f6e

SHA1
ff0924ed1b6c692b6e141c92189071a8df60218f

SHA256
4f41adb505a1df54bd7ae4e579ec2de14e4e539369d12ae307b2775f7ea72e30

SHA512
f1a685d22f3d253863adc94b05e69b9668223318757f973549a9590c40ad3b291308be82ff9c3a109a74c0a8f593b9c69fe22e957d566e9339a7e92582f0ab61

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1QJVXDQK\element-registry-a9d225a6d5cd[1].js

Filesize
44KB

MD5
59435cc19fdd5b5e66db24f44f5e9841

SHA1
5e3e3b80b88444a6d0dafbba512e454c997c5a5e

SHA256
329abc23e877caf6c7652193c574b66ffd1e225766f62f0182d160251fd4e524

SHA512
a9d225a6d5cd39a7a4836438e3ffb39fd6a38956f88097ed8056be8a04c4e1858522a07ed7127eb1ffe2a8d1ffd66328e179dbf85b433e8cb0123902d406501b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1QJVXDQK\github-elements-d00866eeec16[1].js

Filesize
32KB

MD5
264b24f967a8d05dd0201218adc97de2

SHA1
ba486fd16e0b13f1b891e6cecf65bf25b6556589

SHA256
2f1a381361307258eee4659dd52c5ef9d5fd8323512c179c252834312d0fe2f6

SHA512
d00866eeec16979a57b083075deb93ec737a0d8d7547f7b1a5fd9af4787d49332d4f8e1be8d184a6081909ffea1bd86d10909b6867d185e0e33a140dc7d7e9e0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1QJVXDQK\vendors-node_modules_smoothscroll-polyfill_dist_smoothscroll_js-node_modules_stacktrace-parse-a448e4-f17a27f30529[1].js

Filesize
13KB

MD5
e7e4593fc2e398b643ac46f72fb64c2c

SHA1
ff807a2fffcf90fadc032dc284191da75b1a3b45

SHA256
c2aa448500cc9bf17d5b318607d25f1d7a27ff5a4d0bcd1fd72f09b24fe9c3dc

SHA512
f17a27f305292f98031a79ed141ca71b8881070db030000ff52c7519ab6af5ae65fc83fcddf5cdfecf903c9ec1633e8dd7f117590fb47a8fba3011afafe00132

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J6UP2M1D\dark-4589f64a2275[1].css

Filesize
48KB

MD5
f61d3d72b892ced3002fed1b6dae1a06

SHA1
efe5d615d7f12c1e089ed7e68238d3e161b7ef4b

SHA256
b459cea038df58dd56e1cc7df606193ea027792427343f4d35a535fb0e96ebcd

SHA512
4589f64a2275cb4827c2f43b254ce635913bf9eb54a20d479c2cd12b1c506105de508d551bad833ee1e9396c31e50a552d5186966ac974646e84330c3348161b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J6UP2M1D\github-f1af66156f94[1].css

Filesize
121KB

MD5
837cf1bcc858f007f7639fac65f6426d

SHA1
9b4377d76468d6786dde49e0521d173e633f7db3

SHA256
6ba40ac0936fe04a8fa60d907799d58d481ab153323d65b92ccc9219ccf6ba19

SHA512
f1af66156f947ecedc848f7ea645fb556da9a697d818a7a0c6daaa26530a42fa29d9be6f9fcc1ec5bb35ac81fd3e7b16b5e17a369965525acca3c44c8efbd19a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J6UP2M1D\light-f552bab6ce72[1].css

Filesize
48KB

MD5
57b715fb666fb30b8734dc22bc74467d

SHA1
9fc81a5dceb105e5cc83b1b3b859d3f54b8ac898

SHA256
e9f53883f1a355c1c0eaf1e6c7e9a278da8cd726c7da7a5db462ebe436496d59

SHA512
f552bab6ce721c39d04a62d52ccb9d360387b45011a271807c7c677c45458ad0acd77c5f618a3172dddf0dec7d555f78e6d3b6217becbc97d28d62763f26da13

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WC8C72FW\code-33498bbbf39d[1].css

Filesize
30KB

MD5
c33214069c8aaceb09d0bda33fc0dc53

SHA1
e048f70e3ec7acd9e07aceb3054b5946e57e0423

SHA256
dbe4579afad9456e07fd6eab0e4e0f6ef895e360fe26c5d4b3867f54081eabcc

SHA512
33498bbbf39d518a3b435bc1ba104a944183437fdc155a5dfaa6c4b3d67993b9e01661a416a53975889059e4a5d4a3ab164afb30634f6c6ffadee24d2893450b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WC8C72FW\environment-2168885ea2b8[1].js

Filesize
12KB

MD5
9cc4cfdbadea1eb96bc923f120b5405a

SHA1
2c0051d7fda65f19b520fa7813ae87eac2e81e64

SHA256
3de027e86916dea9ccca9f0c9435cc20da1480bef2a797f6544074f462b1e5d7

SHA512
2168885ea2b8ab820cd72d6e85ec6d968a54db7f3a4135408e3411173bccf5c46fe49007ad553c7783873960881ccef4dac25e3a352c6efbae17180d0bb26ddf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WC8C72FW\react-code-view.98a0f4bdacd6223a0b70.module[1].css

Filesize
901B

MD5
be68b89fe4e3ada3d9cad4ca7b3d9feb

SHA1
f377a6bdc9b2c91a9c1df1c3833f7be6c392ada3

SHA256
ddc6c36c303b66ad6b3bd501e0047856e2773c3f9114d35b98af2447aa44a240

SHA512
98a0f4bdacd6223a0b70befd5864efe24073d10d5168c51796f9e79d0ff67016de9e190ba9e199b67cc4abc792f5b78e5bf94f3b793855b6d4bd875f816ba5ed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WC8C72FW\vendors-node_modules_dompurify_dist_purify_js-810e4b1b9abd[1].js

Filesize
20KB

MD5
917054ff94af6b65ef610aa7b541865a

SHA1
ae699adc368c0bddf428d4f17cec479c6d96cd6c

SHA256
3b0d2012948870af14b480bed5535b34c5f7e649a2c9c13234c319fbf8d2d7db

SHA512
810e4b1b9abdcf5f10506f484ad38bc17cae973d1609d2d8d51bb4a8eb8d3c542cacfe6e4b1c31a062238087e216dfe4206064e8c1dc4cb5d961fc8e97a5a1ea

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WC8C72FW\vendors-node_modules_github_auto-complete-element_dist_index_js-node_modules_github_catalyst_-392fe4-1327b94f3269[1].js

Filesize
26KB

MD5
5ff54a67c72cc7fa84817e0fe75b510f

SHA1
1a1cf59fbe8d463ef12b0a5e1a11f0050e47e57a

SHA256
81a187c88d2cf527154d681ca1891c122b519035673689e706956ed74747e4b4

SHA512
1327b94f32699e098e60e1814a5ab921f75d4f594c1036974572b69d3b70b6a4179021afe9f55b70fd956e5f6c1223ddddeb4e0fda25c42f98aa25f581969bff

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WC8C72FW\vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_delegated-events_dist_in-b63d41-209f14258c8d[1].js

Filesize
17KB

MD5
66bbc8cd9047a60834eb7d2780b82305

SHA1
bc12a8439f2681fe5358327ad270416912b6a147

SHA256
88bda48a59ff29866ec711b693f23cbe44ca2cab539ea01ed2b5e18209bc6aeb

SHA512
209f14258c8d0da36404a07edc7cf13a13bcc48a0d9dd74ab3fba8c5db418b829f6e506c9e1cc19e4f4ec58802181538bb265607d25aabef2bb56fe74e1f1f35

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WC8C72FW\vendors-node_modules_github_relative-time-element_dist_index_js-c76945c5961a[1].js

Filesize
14KB

MD5
2cabd818fb8745b2fc7d5f92594269b8

SHA1
88108fecb3839f06671c2a21e35163e0e414b2b0

SHA256
55cdbee6ddce98f5c299a24fb9851501f46ff0cdd2ef3b2f7bb572a3940b462d

SHA512
c76945c5961a4f5b2cb1f85bd3cbb35d5e81f611c3ba05543acfe870728e94e9719c9331b65f4c2c8723960c5ac1e9cac0495a892f049b41ed3ffbe899b93700

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WC8C72FW\vendors-node_modules_github_selector-observer_dist_index_esm_js-9f960d9b217c[1].js

Filesize
9KB

MD5
683a7fe431bded8fbbf7b5189a1b8209

SHA1
2fb527473877ea06ec6b023690ce933c216c5d07

SHA256
f87c5b59b8f353c8762f2e44e1f82feafab882a96a0fad135dc6fc1555872ab3

SHA512
9f960d9b217c457d467a9510dd9797c4ec9df9a892c0a3e1746b2b87dca8ec191dc901e983bc509bc282004967b6fd588dbff5bf70bc7e20a5ca32bc7f1d772a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WC8C72FW\vendors-node_modules_github_text-expander-element_dist_index_js-b2135edb5ced[1].js

Filesize
11KB

MD5
3f5c04894f0202a67ec6f0354c1f9acd

SHA1
6a6bf35008b0121bb5806e68bd5f87b20ba72f17

SHA256
0dd1ec9da83fce11b3bfecf9aed67d4f33f7a1d4bd3f04dd1ed941f3b4c8b3fa

SHA512
b2135edb5cedb3b45ffb96906170b242918156621c0d13000d18ccffcd2f20c2f1e2827b391cbe89f499745b748ae99bc51b972b4234ba739624caa4d2e33862

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WC8C72FW\vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-4ac41d0a76fd[1].js

Filesize
9KB

MD5
4e684fa742abc9befc4748e8a4680586

SHA1
25129f277cfd66774a3c47db8b22c19b364bdc25

SHA256
97652a00703643a49de00ea59316fd488cf72429b599a62d7cfae464f7bf5a96

SHA512
4ac41d0a76fde41832af2c742d4a063ecea83aafd5233ec46f82938fd5ba06aebc0a69fe241df477fcdf08b1a8e6d6f02e0a42669a351ea50b3056ebc8eefc9d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WC8C72FW\vendors-node_modules_primer_behaviors_dist_esm_focus-zone_js-c7679f99a1f3[1].js

Filesize
8KB

MD5
f4c247ce967cbfd4ab3c833c9b82ab6c

SHA1
c3d38f4f6dac79bcb91b4fe0c3f8dabe23b5455f

SHA256
9934ea98e9391532afa53b20441b8a9157ca4914e33643be75172478a82c8e70

SHA512
c7679f99a1f36ab562986302c30fd1445585810dc1ebb2804a61c59384378af7f6a1a514dace66ae79e582baab7d882d47fb7f9081eb7d70061ccbd931ccba6f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WC8C72FW\wp-runtime-e6b3826e3283[1].js

Filesize
41KB

MD5
521ee9bb90f3cc473d236c0a8ff61385

SHA1
12769bff2bee7b2a2006f4a72db71717473edf0e

SHA256
5f0d3b6a198987512b1479af0cb9d7cd597b69b734dc512dee66b33d0a6f51af

SHA512
e6b3826e3283e705da00742b098e8f6384893c5d18b1b4965994bbdde7221b128039ad52ea21ed6017606fff6f958517812b766d9a36e56941aa384ca4ce774a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WQ45COMK\global-545513c45073[1].css

Filesize
277KB

MD5
00dd87ad233982361cfc87d246086590

SHA1
54ca129f85a02ced8e26ce325a7bbe36a11a6d5d

SHA256
b7251f9d9119c23f1a2a83192425003284c58d5b117f30c551c2617addaa42b5

SHA512
545513c450732d23237cc1844c0c0e07b92ca929c9f6dcae347e600217d83aeadd1d08e19eb76181343b9cf7ab37d1bfb2e2277e09944a66183a5cb176a32943

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WQ45COMK\primer-fa3434a1ba0a[1].css

Filesize
330KB

MD5
9d810cbc96c21361d02f677103a34e7d

SHA1
cd540740f4c7a135d65bbd9e30b265252f877e12

SHA256
273e68d7232307185309cc38ab390b80fa30e8f6c09675349fc10d6c2d9b2ae0

SHA512
fa3434a1ba0a7d83b4ad5753c0f59371ce5092f12dbd6ddf9d2cf31716e21ffb5fb10d4ff2a1be7cf1734b1c9ca0050dd7d7803cab44b452c4d2a193abc0692b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WQ45COMK\primer-primitives-4cbeaa0795ef[1].css

Filesize
7KB

MD5
f78dad1c29b12057a61e4031fd6cd307

SHA1
36953db7f8d8ef34aedf6d6a608287f1b93586f5

SHA256
6b4f34714b5e626392f944037b222b232adb545d407f96136d31934f685a0a5d

SHA512
4cbeaa0795eff125cd72798ad6d5db8682a910a200d54aa52dcfd3e8334f62a59eb4a2d7eec3158756bc196e66559f7e08a7282e7c507902b26891a6ce3eff09

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WQ45COMK\repository-2e900f0ac288[1].css

Filesize
29KB

MD5
0e753444198d619939444d6f8d168f7c

SHA1
830a3b21b982bd016ace447462d1ffcd0e91c1f6

SHA256
93687313c07170c3ef1624982cdad4939f9ddbc088b24da5882dddaf1fff0058

SHA512
2e900f0ac288f08a8f9053cd191db0f007263da300cb50cad02ae785cdc1bc8debd76cefee03471f7ae6641ada999e765160e41fba8d812bc7ae668a84106e45

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\A0GP20ZI.cookie

Filesize
167B

MD5
7011f605425e54272c10e83fc3fd48c5

SHA1
179b36b880ea14de168bf0391b763461a8fa0cc7

SHA256
b0f4f94ad6cae99b75cb8722dac66921e41e39bf46641eef5b68f2abf235636d

SHA512
bcb3a99453c0d1769acfc8f458e82107be881394a6f18dc771624f3e580acbb3d65186745f72bff987ca8dfb6a5c2c2d32a939dace26dcfabe0b25e4b07b4299

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TU8B9YZ8.cookie

Filesize
279B

MD5
19573dca7e70b210ee0adc9f3898d61f

SHA1
1d3ce10e051317685783d45629d75c170043b239

SHA256
ac5a85ce9531cdae0ba6a7e89471404d6784a8aaaefa03f512cb69ae2445c997

SHA512
80bc6da37e7dcca80fa375cfeeaa279b72ab322832ef787fc83e922ec487160b9bf0247c51c2b05902ef813d863bf53cb94f94cdfea92be3e3c8d947e00a04f5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A66A8DB907BADC9D16AD67B2FBFFDD5C

Filesize
282B

MD5
ff24ac34b750092a94186c8e52fb4d7d

SHA1
30ee6a11bfe71637ce78a18db523461d425e7279

SHA256
aa59a1d866ce19af4c07c41fab7b0f076071028ca5d48e60bbd29d3cdd66b548

SHA512
78b8fde2cfb3bfb6982e7f106e866138f98a05c2dd437941197800bb8c039dc17056e5cee29aaddc75c82237f3c97b6a636683a5c8ffe63ff57d2880e9889e35

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
1KB

MD5
76d4d147245ce8da3cf3a4aff0bc5611

SHA1
edf7b96b65cbe3e3ba82799502871c790d9ebb78

SHA256
46d3ed9486f6c000d1e52b27979054fdbd340efe906522441306ea0c189276b6

SHA512
631a6e44a0b135335bfd4cba07fdebd7bd688379f4012b0d3219f36680d1b735572e69601c631d9a1137aa615a4afd3bb91087d04bde887bd1a1130fe46c5dd2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
979B

MD5
61c060748daca8556274bfabc587f30e

SHA1
05b5c3bd691071c2071f7864a15ba98f60cfacfc

SHA256
d3a4273f83db93b4afe9c06918806d71e6268a4b8b41cee65e047cfaa1af548f

SHA512
5a8566c72fa10bf6380096f57f5b3c638e347d4b40adb8706a50f84095d0047c39e72f1fe413f05c819cee4f84b6208d9702e2cbdc2f52e22321bb204edfc4ec

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
471B

MD5
65981c7ef08eac7221ddf078fd1cc7e5

SHA1
c7810d6dc03b33ed4dd004cf790f8bbf22ab5edb

SHA256
92728cb1d22267be7fb9dd688fa7025118e39f99d5dd7b0b950b5db66923bccf

SHA512
74916cf30f113a847c6ba6992c96753b0aa039a6aeda0ed721231b7b70b2a0fcdae941b1ac02a51175617e2eec58e669fc1cbe9ce42924b953303c31762a95f4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5C

Filesize
480B

MD5
c826a60a96370f264c224958e5486762

SHA1
a4c9d69719e8fc36a74b71dbd8ddd4cddf74f568

SHA256
8ad7b1e9e9c0852f14c8b67789cdac0645da79cdf4ec29909b485b8c16cb7bfa

SHA512
a75a4a4dd84277842e42e1dbb6cf20fae91f362123e89ee3b55a327c1566c90028939c7f6c1be935d91a0d3cf28ac9516f74282afacc59b65f46a02f3c80502d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
409fb3c3b2629697ad025b91ff2872c5

SHA1
30e848943122598d61fa9486946aedd0ccc89b7d

SHA256
5ce7d2172089bbaed11c977ebd04815c77087188c2d332e99fa597f744308347

SHA512
efabe454ff90bb10528e4808bb81c30f06895c4011817390301eed988b8678497b53726b00f04103f8817598af24a9ce4fb768be45d5f9bc310677c9f8e9e5b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
7a9c0c17dbcda90341f89c6025070599

SHA1
d2f51a29d20f29adcc19719d4a3060ffafaa434a

SHA256
962cff6cf62aada93f541af07ebd7b823f418789185433e7e35a50b61bf299f9

SHA512
2e02e089d0947ffae1b53f0de5d938a41e0d0a45128d7d57143bca669902721a524891fcc34f2f62ea1b53541e7d42d76d2ec2b34766a999e1a507e73c2a9e51

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
412B

MD5
b47c5529bc9f6abc365245b48cc2b994

SHA1
a0b1da928290d014193c6af7111b5fbc38348aab

SHA256
4d21267b50b146b4909544a691c0c6973dcb6df9d148c3d0d4cbb7f93283d258

SHA512
3771bc4ee1f22900d359556e3a9cc206897dad45604515af92a6acdc7876f2a93ab31fad3e15f454cbf1988ae0e0931290191b73ecd0be8b1f8d711f507be757

Download Submit
memory/1064-233-0x000002A893990000-0x000002A8939B0000-memory.dmp

Filesize
128KB

Download
memory/1064-228-0x000002A8936A0000-0x000002A8936C0000-memory.dmp

Filesize
128KB

Download
memory/1064-185-0x000002A883010000-0x000002A883110000-memory.dmp

Filesize
1024KB

Download
memory/1184-0-0x000001FB96820000-0x000001FB96830000-memory.dmp

Filesize
64KB

Download
memory/1184-35-0x000001FB93DF0000-0x000001FB93DF2000-memory.dmp

Filesize
8KB

Download
memory/1184-16-0x000001FB96920000-0x000001FB96930000-memory.dmp

Filesize
64KB

Download
memory/1792-280-0x00000178C8000000-0x00000178C8100000-memory.dmp

Filesize
1024KB

Download
memory/1792-279-0x00000178C8000000-0x00000178C8100000-memory.dmp

Filesize
1024KB

Download
memory/2144-147-0x000002C257CC0000-0x000002C257CC2000-memory.dmp

Filesize
8KB

Download
memory/2144-144-0x000002C247200000-0x000002C247300000-memory.dmp

Filesize
1024KB

Download
memory/2144-149-0x000002C257CE0000-0x000002C257CE2000-memory.dmp

Filesize
8KB

Download
memory/2144-151-0x000002C257D00000-0x000002C257D02000-memory.dmp

Filesize
8KB

Download
memory/2144-153-0x000002C257D20000-0x000002C257D22000-memory.dmp

Filesize
8KB

Download
memory/2144-155-0x000002C257D40000-0x000002C257D42000-memory.dmp

Filesize
8KB

Download
memory/2144-157-0x000002C257D60000-0x000002C257D62000-memory.dmp

Filesize
8KB

Download
memory/2144-142-0x000002C247200000-0x000002C247300000-memory.dmp

Filesize
1024KB

Download
memory/3796-44-0x0000028F42300000-0x0000028F42400000-memory.dmp

Filesize
1024KB

Download
memory/3816-134-0x00000223D3200000-0x00000223D3300000-memory.dmp

Filesize
1024KB

Download
memory/3936-272-0x0000020C3CC50000-0x0000020C3CD50000-memory.dmp

Filesize
1024KB

Download
memory/3936-273-0x0000020C4DD00000-0x0000020C4DE00000-memory.dmp

Filesize
1024KB

Download