hxxps://drive[.]google[.]com/file/d/1Got2W2VVC4aLNFodrD46TvTnAUOFBGkn/view?usp=drive_link

Resubmissions

04/07/2024, 11:42

240704-nt53yswfkm 6

04/07/2024, 11:40

240704-ns5qsswfjq 6

Analysis

max time kernel
79s
max time network
79s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
04/07/2024, 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1Got2W2VVC4aLNFodrD46TvTnAUOFBGkn/view?usp=drive_link

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
3	drive.google.com
67	drive.google.com
68	drive.google.com
1	drive.google.com

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "542"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 825f1d2407ceda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = cec3f01407ceda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount\url2 = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ea0b920007ceda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "651"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 60521c824fddda01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsTime\url2 = 0000000000000000	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "1580"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "426858217"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3f4def0707ceda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount\url3 = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "603"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "1681"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\msn.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "4530"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\ServiceTabLoadAttempts = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 11 IoCs

pid	Process
2964	MicrosoftEdgeCP.exe
2964	MicrosoftEdgeCP.exe
2964	MicrosoftEdgeCP.exe
2964	MicrosoftEdgeCP.exe
2964	MicrosoftEdgeCP.exe
2964	MicrosoftEdgeCP.exe
2964	MicrosoftEdgeCP.exe
2964	MicrosoftEdgeCP.exe
2964	MicrosoftEdgeCP.exe
2964	MicrosoftEdgeCP.exe
2964	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	364	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	364	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	364	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	364	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4624	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4624	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1836	MicrosoftEdge.exe
2964	MicrosoftEdgeCP.exe
364	MicrosoftEdgeCP.exe
2964	MicrosoftEdgeCP.exe
196	MicrosoftEdgeCP.exe
196	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 1772	2964	MicrosoftEdgeCP.exe	76
PID 2964 wrote to memory of 1772	2964	MicrosoftEdgeCP.exe	76
PID 2964 wrote to memory of 1772	2964	MicrosoftEdgeCP.exe	76
PID 2964 wrote to memory of 1772	2964	MicrosoftEdgeCP.exe	76
PID 2964 wrote to memory of 1772	2964	MicrosoftEdgeCP.exe	76
PID 2964 wrote to memory of 1772	2964	MicrosoftEdgeCP.exe	76
PID 2964 wrote to memory of 772	2964	MicrosoftEdgeCP.exe	80
PID 2964 wrote to memory of 772	2964	MicrosoftEdgeCP.exe	80
PID 2964 wrote to memory of 772	2964	MicrosoftEdgeCP.exe	80
PID 2964 wrote to memory of 772	2964	MicrosoftEdgeCP.exe	80
PID 2964 wrote to memory of 772	2964	MicrosoftEdgeCP.exe	80
PID 2964 wrote to memory of 772	2964	MicrosoftEdgeCP.exe	80
PID 2964 wrote to memory of 772	2964	MicrosoftEdgeCP.exe	80
PID 2964 wrote to memory of 772	2964	MicrosoftEdgeCP.exe	80
PID 2964 wrote to memory of 772	2964	MicrosoftEdgeCP.exe	80
PID 2964 wrote to memory of 772	2964	MicrosoftEdgeCP.exe	80
PID 2964 wrote to memory of 772	2964	MicrosoftEdgeCP.exe	80

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://drive.google.com/file/d/1Got2W2VVC4aLNFodrD46TvTnAUOFBGkn/view?usp=drive_link"
1⤵
PID:3800

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4548

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2964

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:364

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1772

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4624

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:196

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:772

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4912

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OHP8MVFQ\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\23SDAGO0\warmup[1].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D8L5CGE3\m=bm51tf[2].js

Filesize
1KB

MD5
282e9409fb46cedbecd648ab7158b49a

SHA1
adc93b39566826f8d79c737b992765e0dd2957b0

SHA256
7e8d9e9615b640016e9f07f7893a000a915848cd513f18263bd91e28e3366a0d

SHA512
142ed19fbb051653026ee421f59268309c74367de52789539ac93c15827d7ca0080035afb12c7fb14aec39f963431f064f00f4a88b093452d53c59b64f35d0d2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M9Z3J3NW\m=RqjULd[2].js

Filesize
18KB

MD5
e3d404c3a1608d49e6247981f8a7133d

SHA1
361daac45f10e4a395253c1471f053446c3c930a

SHA256
52008719a9bffad7e3b171ab873a9b72b7927e36094528bb8fe8594ab380d188

SHA512
fb8c8862122c86a325a930136855d9a1740b67713709290ac219f0e74ec0dcb2d1303266cff712b655639a5e7799f726d0608116e28b32b9fe9093d1d71b4dd8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XY7TBSDB\T9MNPMJN.js

Filesize
248KB

MD5
180e828c9c67e60b03a7a69e874d05a9

SHA1
8f7f4bbb879b616f7dcd9aac65fc48676594b20f

SHA256
7ddd1349fd2fbd0f8e1dda23331ce1829abbfcecfecfd8aaef88d5afab601326

SHA512
f3cc1da938bcd7b697fd6591f113322763ff571e719938ee0081cc7600fa1149292586eb4e174c07a98959e3c01cf3becb3d27fbd4a7887e0f843aa4289a2aa5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XY7TBSDB\callout[2].htm

Filesize
31KB

MD5
1bc5c0d6041fa02adc624dc9fa8d5f19

SHA1
89c9688b0ae737db6f1949793c73d7e3dd79d913

SHA256
3a72ba7bb35d8fe06273c26129fb39aea0b8f0ffbcb0681d0186c5f212a4cd49

SHA512
d7d86de548b12336a53ffedaa611e129313cb553c8be22a729b7f9018831bd7538dacfd1cd184029695fba37450835bc11b90485ce73de67ad9b6b9767c8f7b5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XY7TBSDB\m=Wt6vjf,hhhU8,FCpbqb,ws9Tlc,WhJNk[1].js

Filesize
15KB

MD5
bb9724fa2132d200297e87e7b2fa7062

SHA1
e9c00dcda398cf5b7cd1b40c43784e0e07005628

SHA256
2a6731a0ba94897361cd1a7eac50a1de5ca9e6b8a99f593a95735b87fa2c2f63

SHA512
9ebcb296b6b637509c15bf600c1c93f7b8aeabf1f38c09b5815d03aa27e0d4e25e413eca1b29b86b271327e56bf1f2447a084874282ed7641075aa2561f0e4ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\GK7OUZZB\www.msn[1].xml

Filesize
483B

MD5
6ac3fb0394ff36bbba7644cfa9c6f452

SHA1
086c96c316edcea5f9cc0edf3f48b6a402488ae6

SHA256
be99f4bd08fa1c37e840bb0c8f838d9227fafe6da1a47136905333415a467a1c

SHA512
8bc0f317e4154a8a53b8b3e9bf17330cb8ad25ec16ec00e48c9c2f2b044bf9940c5295fb816b375604a532a44ff7806e5beedc5f66aebf573f6e63fbe7291c10

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\AKM4261H\drive_2020q4_32dp[1].png

Filesize
831B

MD5
916c9bcccf19525ad9d3cd1514008746

SHA1
9ccce6978d2417927b5150ffaac22f907ff27b6e

SHA256
358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50

SHA512
b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OTL76J9M\favicon[1].ico

Filesize
758B

MD5
84cc977d0eb148166481b01d8418e375

SHA1
00e2461bcd67d7ba511db230415000aefbd30d2d

SHA256
bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

SHA512
f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SY0KG4SN\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF17EEB1B670AF5D07.TMP

Filesize
16KB

MD5
f8b3a73eda93a3246b3c62effcdb4605

SHA1
9e7667739a2cf3419645240109265dfe9254c432

SHA256
5e4923327039e7449d750fd297ba3b1b2cd41cefb51643d96085d4d4f9219db1

SHA512
49f90cf76aaceb6ce929de873eb9993500d9c84ce9b885d2033fd69e4524783638b06c37fd0e22c642157003c833a6441e8d3695b721ace12bb06200e91d0d31

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\23SDAGO0\Chrome_Owned_96x96[1].png

Filesize
6KB

MD5
c101133ecb2d66f0ea98131267d2a10a

SHA1
8c038b9b39fa23e0ad2226f0016bf51fa0b86e37

SHA256
e3654539251df82d59096e81c875d1244ffb7ab92dbf3ce26f63f675121d8918

SHA512
751e9bfd75d1685a490972fe0d40fdbcda97607f6a500d051b400b002ed8c1d7cf9dab019388b74796c9afeaed4e317ac6b40a7e936d234536aeb0cb6c0d8434

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\23SDAGO0\KFOlCnqEu92Fr1MmEU9fBBc4[1].woff2

Filesize
15KB

MD5
285467176f7fe6bb6a9c6873b3dad2cc

SHA1
ea04e4ff5142ddd69307c183def721a160e0a64e

SHA256
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

SHA512
5f9bb763406ea8ce978ec675bd51a0263e9547021ea71188dbd62f0212eb00c1421b750d3b94550b50425bebff5f881c41299f6a33bbfa12fb1ff18c12bc7ff1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\23SDAGO0\KFOmCnqEu92Fr1Mu4mxK[1].woff2

Filesize
14KB

MD5
5d4aeb4e5f5ef754e307d7ffaef688bd

SHA1
06db651cdf354c64a7383ea9c77024ef4fb4cef8

SHA256
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

SHA512
7eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\23SDAGO0\css[1].css

Filesize
800B

MD5
567b2a9c2ff51e07119f91ab83539d8c

SHA1
c9bb920b539877ba8dd54b72461b5ce74e98aad8

SHA256
155036a4145981ebfcb13621ed3579dce388b21a9b24d35b398cde98ddef0bee

SHA512
d4253d572168cb7260da40174ae184a49bef79828de91397ed0c2cc9702872a512cfbc8c3a038e8b0a0e8766fd83cd94196156f4b823cf211c1719892ec22e8b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\23SDAGO0\m=MpJwZc,UUJqVe,sy6,s39S4,syo,pw70Gc[1].js

Filesize
6KB

MD5
7906690fc6377a84dff142972383b217

SHA1
83dd274c00dc187cb3b72bc0ed45b25f8a517f68

SHA256
a0f5835df65fcad4295db75a4f04895707c728ad49e559726e02e0030aaf56b0

SHA512
79337c266e41d8b8723e85bb4e85b822432cfc549d311588651668f3765a35bc2a8ab0c58e7556fa63ec2ac947d63889a828903421185b5f588b48da49c655d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D8L5CGE3\KFOlCnqEu92Fr1MmSU5fBBc4[1].woff2

Filesize
15KB

MD5
55536c8e9e9a532651e3cf374f290ea3

SHA1
ff3a9b8ae317896cbbcbadfbe615d671bd1d32a2

SHA256
eca8ffa764a66cd084800e2e71c4176ef089ebd805515664a6cb8d4fb3b598bf

SHA512
1346654c8293a2f38dd425ad44a2aa0ed2feab224388ab4e38fb99082769bbd14d67d74cac3ce6e39a562a0812f9bce0a623be233f9632dcb8d5d358e42f2186

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D8L5CGE3\lazy.min[1].js

Filesize
106KB

MD5
116cc7e0582da7623bde8b8a7d73182e

SHA1
630e83ff28d26f6b3aaec31f0f7ddd1a46ddba85

SHA256
ce2b4d53c425a2e0514565c31dfd1df94d62908a095fd49dc6829fc1820cc0a7

SHA512
cb27c63e855959b800b21f8a863464c64b80e8a123acf58bcc0856a1b45ab208a9dd51cae90ff77909d4c9c2879002fcb229901d52fc7f7ad99ba96a52b0b133

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D8L5CGE3\rs=AA2YrTuab1saMfPg0iiAR9TwFTm87PY2ug[1].css

Filesize
2KB

MD5
3c858584931dfde71af9afbaad898d3b

SHA1
56a2e336ac0dbd7c842b882ea3fc1e9162e3a729

SHA256
d18929a68760eca65d614eeaad306a3fdf3262a47e0836e01062d3ceca027e52

SHA512
7305a38ddeb60e08d206dc9101d981cc3f139455d67c930db6258773201cc3340703e6a0a2e85d8e32ed623d34bb4abac02e9694a32f952e17b50e88b0019ea5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M9Z3J3NW\KFOkCnqEu92Fr1Mu51xIIzI[1].woff2

Filesize
16KB

MD5
d8bcbe724fd6f4ba44d0ee6a2675890f

SHA1
d276fd769bcb675f8efe42ebe3003c1d3255f985

SHA256
aa4650a411dfe1c9beb794ffaf08c7909cdfbb05672d79b3a9976672cbba75ec

SHA512
23f757ea3afe6febe1e8ea935f0ee8690e1b1b1da511788b529cc2fc38f7e454153cdba6f84a6a0e19b294e5311625a03617cf98aac150f17b88a53f3ed8b72a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M9Z3J3NW\KFOlCnqEu92Fr1MmWUlfBBc4[1].woff2

Filesize
15KB

MD5
037d830416495def72b7881024c14b7b

SHA1
619389190b3cafafb5db94113990350acc8a0278

SHA256
1d5b7c64458f4af91dcfee0354be47adde1f739b5aded03a7ab6068a1bb6ca97

SHA512
c8d2808945a9bf2e6ad36c7749313467ff390f195448c326c4d4d7a4a635a11e2ddf4d0779be2db274f1d1d9d022b1f837294f1e12c9f87e3eac8a95cfd8872f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M9Z3J3NW\m=_b,_tp[1].js

Filesize
184KB

MD5
7dea3d112984f2ff898616afdbfac34a

SHA1
613ac0b281ac641f0cb779f6d4fc4ba5eccff7b9

SHA256
b1935b50465e5f56d19738c574fbf971f189b3d8ac4f72ea8418cd73a845014b

SHA512
97b4d4dd8f49819e589c2d0eac3e98ff8c03d5bf6411d77c5e8d7071e3bd15c49b699701ef5879bb626b7b24a91a029deeceaa3970c0e67506f2506b463bf0db

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M9Z3J3NW\rs=AA2YrTujmk9WC0EHindAdNMw68SI00U6rA[1].js

Filesize
226KB

MD5
e3d50446d25e51694bf90a1d49ef73e0

SHA1
57a899d2070ea3fa03bc5535286266efd1cd7bef

SHA256
32a1254d7d15736d9278c0a38c97f366b4073c49635d6d3fc650a92defaed4f7

SHA512
5b2423aad3af358e471a26e0751aa44ba2dc4621520eb2de1dc7017b0f7c43413787c1ff6cce9c0abf1176a2ea28817b6fccb34aa5cd849a250c1315a9fdef13

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XY7TBSDB\callout[1].htm

Filesize
31KB

MD5
444251dbe49de1c739a8ace8b7600ea6

SHA1
5ef658d734393e576b872c364fb3d4082451bce4

SHA256
5428d8bf2ecbca0c8076457e5679aaee3168b841f25af923d48921f8b5d3af2a

SHA512
b3c5ddf485a622ee6e0629b62cdaa5f862eec9e7858b36fbcb6178bdbb2bb194e7ee945f4ca2ea0b3c1314bc367a3ac491dd6cac6d46ad1a250f55b2ca7f827d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XY7TBSDB\cb=gapi[1].js

Filesize
122KB

MD5
c8f70ecf911eb38bf7baa1157d661e30

SHA1
82dce89c697c1dae3290764a2c3a36bd83ed2756

SHA256
9f661df876d6cdd9b5a68ca4b4523ffb2d53c291cfa521c0b9b3ca64c1637210

SHA512
e5eb7eb530f6584435a0c74da78a1acebf96554c9989c39cc22d09029d6ff0cf3193c53e3dd658bbc0264b2b00a40c6be1874521dcd120c9ee181e2075dffe84

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XY7TBSDB\cb=gapi[2].js

Filesize
204KB

MD5
3a82a498dddba2d7f6ffae8e61f6270c

SHA1
c04dec610fbefad4ffd41c2d72bc084115ac6230

SHA256
c02f7cf91aa3bb01ac3f3dc1ade67747c2df91f330f9aea81f6529162cdbcbcc

SHA512
316567310a1704d9e47e570bd519106ce625f9e70e99432101be3552f60700f5a1ae5786c3afe1eca729f55c1aa584b70137ea6c6066dd330b9b929946d16713

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XY7TBSDB\m=v,wb[1].js

Filesize
1.7MB

MD5
fe7030e7f452942170b5dcf181a4bed6

SHA1
c0b06b9cf8573086f3fcef1ae28022b06bec2822

SHA256
4edb08f474a004e74d8842661778946aa0f3aa4f6ab5d1ccda5fdbaa58f50f07

SHA512
88b40d783933862b46c0f353db9a4c4ab09e568e67453aa88b49ef5379f8e373deaa6e2f8b4939aea4e4018dfdd439d58ea1668fffb9ece7f97b20aa18b6d765

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XY7TBSDB\rs=AO0039vAKxSZNu74RGTJqPGdXXOEBBmVbQ[1].css

Filesize
2.3MB

MD5
b2dc04c4794627eaec0d472fff84b361

SHA1
a2e335b00c00fc8dcd6f20cb6bde15db2bf7c82e

SHA256
415b475e5f893bb2f9da4a9c708ac43e0d7ff53f3e2ac287ab8379275d7c398d

SHA512
c9bdb5ba348a7a03ea4949c50a98f03f9fa74cbc06bc4a019b506f3b268f63c858255ef59fe214c084a56244b11ec722049b0f44fb93e2b0d16d876a166c06d9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
8d1040b12a663ca4ec7277cfc1ce44f0

SHA1
b27fd6bbde79ebdaee158211a71493e21838756b

SHA256
3086094d4198a5bbd12938b0d2d5f696c4dfc77e1eae820added346a59aa8727

SHA512
610c72970856ef7a316152253f7025ac11635078f1aea7b84641715813792374d2447b1002f1967d62b24073ee291b3e4f3da777b71216a30488a5d7b6103ac1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
86bb172ab3c986a54a0373153e43197f

SHA1
beea12ea71bf37ac043450e9f9c2139cbffc33a1

SHA256
1876762e64b1211645b45cee74440f9218c80035a554b3876898e8676f414d57

SHA512
5a1071e1b12ea7e5833c7dbdde94d38b395495aef099684f1ce7948bedff7a04afaf55868542bd58db8084e2e0158cea18e456c384b3b6152f1004d4cc96219b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_5AF4A202BBC43FDC0CCC038EAC137D1A

Filesize
471B

MD5
7adb5d21cb7b127aded52edafaccc88c

SHA1
0aa27f20343bfc61c12b9f6006a9400825de4aa1

SHA256
1008cd5bad989f2471b6ab319d2534c45e767ed4680d00a494c291176b90a08e

SHA512
291b53dea5368588401c2cd0ef7ab3a75481da7e6a105edf90a929373e483f156619e48f916d590629f400f1cf02738bbb4a0bfb68feb8d81a7c57f85155aab3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_76B4AC942398240FF309817636D6DBC9

Filesize
472B

MD5
579ba5dbc1de1a0e2e554ddf2930ef97

SHA1
830c9e452464e987df5acc795b55e6dc339fd59d

SHA256
79d5fc35a30a40754283beba4b15343aa61e7b37cc2c388033cd6b1a569d6dd1

SHA512
f9d3e20ea94321886bffac3da4d961873b30fd5776ad524c827de333f999d5e6016f5f8ddb44fb4c8419d4e786a50f06bf5dbf1ef1f6755126cd15fbc3856827

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_A3D4688236962EEA03574DE4F61B95D9

Filesize
472B

MD5
0c820e320731fe71355204a07e7f95bc

SHA1
240fcce81b2999a1b28a3417bbf5177ff9f229c2

SHA256
5d1af5edc1b5ab0e08d7f580c349a94ca3dafaa1c6ab093e9c604821c30f1874

SHA512
37315f4e22ebec2f0252c5f155df94814d9b46a8dc05ac0761f7653ea6f170ce96a65c45439facfd421e632e8b1eeb6ef8b30721a14409968d28ced61453223d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
0fedcbf07f1e663d0359800a7227de7e

SHA1
2d4f0641807e77cf74f94ba8ae4ff465a590fcdd

SHA256
ae50324afc9a62fc8bc1e6ffa36411df8b19690cf2e5968afb9bc396e3d347ff

SHA512
a5a4297118500ea2c557f38e7c9f85c11ffa5eb096a0bced664530d5b504fc4f9d8d6df232e060204300e95d9556a0281ac50513650fdd54f41dc17cd4a720e2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
4d811341cfa4ed4b6d6f008993c621d1

SHA1
e192ab5dc547d1c2020aa8998b38c477dbed0b44

SHA256
b438eea9da390b2559f1cf19784f0f6e7546228cbd086629093855e92aa7ab3f

SHA512
0be366a90654c459a0b5b7bb209e4d1f07b40ed4572f39f9d01e4ea06d97c7db0bf030789bb43b54010630172720f275ca9ba5aff2b92770bf4e55169fb40872

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6DA548C7E5915679F87E910D6581DEF1_5AF4A202BBC43FDC0CCC038EAC137D1A

Filesize
410B

MD5
3085b926511ed44f84b3056c89a7bb25

SHA1
7762b333c95f6627584f4832da7e6cfea4d797d8

SHA256
87087d34b6d9c8c25fa18b06a5e56b5b3b3e39733a95ee26b3ec8081890b9c4c

SHA512
23125d00f1b8a68e3fe520fa6d3aff19a1db51a856228e1c8bebf7b48b0637c8f0c7bd8e43c5bae2da843892368ab8775df408f6b1c3188182d94bc1a62521cc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_76B4AC942398240FF309817636D6DBC9

Filesize
406B

MD5
2920bdd94983a3ea70668b02f0e87e25

SHA1
b56165384ba181eebb49447144c63d11a4c1ef55

SHA256
fee406afbb45ae5add7be023e500608d3d4b40fc31b5e84b3b6ad98f6a3d7546

SHA512
d14742df38e8ab8793b5e246e9e38190fbd7348af34c05763498a92bb328dc3c998333f5a1f19744e62c7ec37a563ae4242b9f2987f3470093fbd48adec07e1e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_A3D4688236962EEA03574DE4F61B95D9

Filesize
402B

MD5
70708a5273b5edc3097c918e6bd44eca

SHA1
dc8d3586bf79137058da1ada3e1b52166d105f9f

SHA256
66a863293af18c4d3a44683ede6ff5c5797361ceb5576d8aef666da374a70893

SHA512
dcc05ab27108852844fe95820322273d299e3a0566b67d3e3d6c2f311a6ac82ab741eeffb22c5ec3149d232bf1b4bc99c1305e3868f2d64c906208c14e777245

Download Submit
memory/364-42-0x0000027798BC0000-0x0000027798CC0000-memory.dmp

Filesize
1024KB

Download
memory/364-43-0x0000027798BC0000-0x0000027798CC0000-memory.dmp

Filesize
1024KB

Download
memory/1772-329-0x000001CC3ED30000-0x000001CC3ED40000-memory.dmp

Filesize
64KB

Download
memory/1772-323-0x000001CC3ED30000-0x000001CC3ED40000-memory.dmp

Filesize
64KB

Download
memory/1772-337-0x000001CC3ED30000-0x000001CC3ED40000-memory.dmp

Filesize
64KB

Download
memory/1772-338-0x000001CC3ED30000-0x000001CC3ED40000-memory.dmp

Filesize
64KB

Download
memory/1772-339-0x000001CC3ED30000-0x000001CC3ED40000-memory.dmp

Filesize
64KB

Download
memory/1772-341-0x000001CC3ED30000-0x000001CC3ED40000-memory.dmp

Filesize
64KB

Download
memory/1772-342-0x000001CC3ED30000-0x000001CC3ED40000-memory.dmp

Filesize
64KB

Download
memory/1772-340-0x000001CC3ED30000-0x000001CC3ED40000-memory.dmp

Filesize
64KB

Download
memory/1772-336-0x000001CC3ED30000-0x000001CC3ED40000-memory.dmp

Filesize
64KB

Download
memory/1772-334-0x000001CC3ED30000-0x000001CC3ED40000-memory.dmp

Filesize
64KB

Download
memory/1772-332-0x000001CC3ED30000-0x000001CC3ED40000-memory.dmp

Filesize
64KB

Download
memory/1772-324-0x000001CC3ED30000-0x000001CC3ED40000-memory.dmp

Filesize
64KB

Download
memory/1772-333-0x000001CC3ED30000-0x000001CC3ED40000-memory.dmp

Filesize
64KB

Download
memory/1772-327-0x000001CC3ED30000-0x000001CC3ED40000-memory.dmp

Filesize
64KB

Download
memory/1772-328-0x000001CC3ED30000-0x000001CC3ED40000-memory.dmp

Filesize
64KB

Download
memory/1772-335-0x000001CC3ED30000-0x000001CC3ED40000-memory.dmp

Filesize
64KB

Download
memory/1772-322-0x000001CC3ED30000-0x000001CC3ED40000-memory.dmp

Filesize
64KB

Download
memory/1772-330-0x000001CC3ED30000-0x000001CC3ED40000-memory.dmp

Filesize
64KB

Download
memory/1772-82-0x000001CC4F480000-0x000001CC4F4A0000-memory.dmp

Filesize
128KB

Download
memory/1772-331-0x000001CC3ED30000-0x000001CC3ED40000-memory.dmp

Filesize
64KB

Download
memory/1772-219-0x000001CC53840000-0x000001CC53940000-memory.dmp

Filesize
1024KB

Download
memory/1772-133-0x000001CC5AA80000-0x000001CC5AAA0000-memory.dmp

Filesize
128KB

Download
memory/1772-93-0x000001CC51E80000-0x000001CC51EA0000-memory.dmp

Filesize
128KB

Download
memory/1772-88-0x000001CC513B0000-0x000001CC513B2000-memory.dmp

Filesize
8KB

Download
memory/1772-86-0x000001CC50FF0000-0x000001CC50FF2000-memory.dmp

Filesize
8KB

Download
memory/1772-84-0x000001CC50FD0000-0x000001CC50FD2000-memory.dmp

Filesize
8KB

Download
memory/1836-312-0x0000021C77130000-0x0000021C77131000-memory.dmp

Filesize
4KB

Download
memory/1836-313-0x0000021C77140000-0x0000021C77141000-memory.dmp

Filesize
4KB

Download
memory/1836-16-0x0000021C70B20000-0x0000021C70B30000-memory.dmp

Filesize
64KB

Download
memory/1836-35-0x0000021C6FBC0000-0x0000021C6FBC2000-memory.dmp

Filesize
8KB

Download
memory/1836-0-0x0000021C70A20000-0x0000021C70A30000-memory.dmp

Filesize
64KB

Download