hxxps://drive[.]google[.]com/file/d/1lcS3silVTAliDy5z1KBAZU2rb7vUg-AF/view?usp=sharing

Resubmissions

05/09/2024, 15:52

240905-tbbpaavcpc 6

05/09/2024, 15:49

240905-s9jbcatfkl 6

13/07/2024, 12:36

240713-ps1mhstaje 6

Analysis

max time kernel
1799s
max time network
1576s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
13/07/2024, 12:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1lcS3silVTAliDy5z1KBAZU2rb7vUg-AF/view?usp=sharing

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
2	drive.google.com
3	drive.google.com

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "132"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 69100d7021d5da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{7427D8FF-ADFF-423F-B5FA-0019268BDF91} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "701"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 30960a7021d5da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 27c20c7621d5da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000cbe47d0963dcd30285115bd3ec1d9aebfbf40e87c77b0a4370c339737458b6487355d19e682abebe8b476ec6597b20846b407057349fe0b7ea35	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "427639193"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "427655787"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = b4a4406121d5da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
4660	MicrosoftEdgeCP.exe
4660	MicrosoftEdgeCP.exe
4660	MicrosoftEdgeCP.exe
4660	MicrosoftEdgeCP.exe
4660	MicrosoftEdgeCP.exe
4660	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	1616	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1616	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1616	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1616	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2196	MicrosoftEdge.exe
4660	MicrosoftEdgeCP.exe
1616	MicrosoftEdgeCP.exe
4660	MicrosoftEdgeCP.exe
1888	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 3848	4660	MicrosoftEdgeCP.exe	78
PID 4660 wrote to memory of 3848	4660	MicrosoftEdgeCP.exe	78
PID 4660 wrote to memory of 3848	4660	MicrosoftEdgeCP.exe	78
PID 4660 wrote to memory of 3848	4660	MicrosoftEdgeCP.exe	78
PID 4660 wrote to memory of 3848	4660	MicrosoftEdgeCP.exe	78
PID 4660 wrote to memory of 3848	4660	MicrosoftEdgeCP.exe	78
PID 4660 wrote to memory of 3848	4660	MicrosoftEdgeCP.exe	78
PID 4660 wrote to memory of 3848	4660	MicrosoftEdgeCP.exe	78

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://drive.google.com/file/d/1lcS3silVTAliDy5z1KBAZU2rb7vUg-AF/view?usp=sharing"
1⤵
PID:4768

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:708

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4660

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3848

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1888

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L5P12AEX\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\836QWWK9\KFOlCnqEu92Fr1MmWUlfBBc4[1].woff2

Filesize
15KB

MD5
037d830416495def72b7881024c14b7b

SHA1
619389190b3cafafb5db94113990350acc8a0278

SHA256
1d5b7c64458f4af91dcfee0354be47adde1f739b5aded03a7ab6068a1bb6ca97

SHA512
c8d2808945a9bf2e6ad36c7749313467ff390f195448c326c4d4d7a4a635a11e2ddf4d0779be2db274f1d1d9d022b1f837294f1e12c9f87e3eac8a95cfd8872f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\836QWWK9\KFOmCnqEu92Fr1Mu4mxK[1].woff2

Filesize
14KB

MD5
5d4aeb4e5f5ef754e307d7ffaef688bd

SHA1
06db651cdf354c64a7383ea9c77024ef4fb4cef8

SHA256
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

SHA512
7eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\836QWWK9\css[1].css

Filesize
800B

MD5
567b2a9c2ff51e07119f91ab83539d8c

SHA1
c9bb920b539877ba8dd54b72461b5ce74e98aad8

SHA256
155036a4145981ebfcb13621ed3579dce388b21a9b24d35b398cde98ddef0bee

SHA512
d4253d572168cb7260da40174ae184a49bef79828de91397ed0c2cc9702872a512cfbc8c3a038e8b0a0e8766fd83cd94196156f4b823cf211c1719892ec22e8b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\836QWWK9\m=MpJwZc,UUJqVe,sy6,s39S4,syn,pw70Gc[1].js

Filesize
6KB

MD5
f7cc41e23f4431fe5cd81036f3866191

SHA1
f4274641b9e020ba69a3d7118d22ad000703f0ff

SHA256
7375c4f82a9c02079a8cff46ed6fa0851528dfe6046316ac3604c5d49246f799

SHA512
9e6e4bf1775ce6b2f966f30f2de39f910ef49405102d054eb9971888cceca152d32c6dcfec50c6520073f87c0904044a470f2a62f117530f6e290aac83af8355

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\836QWWK9\m=bm51tf[1].js

Filesize
1KB

MD5
a58539aa41f955500e64828c1e561fea

SHA1
19de8213e2031dc3405fd488c649c86b79c0d381

SHA256
d77fa5c107089d856a824d4979539f76675adc1ed9d41749ab8e2eeddcdb1848

SHA512
cb7a9bc0dc878a8b46e53f536559a94f2f74ee851d3e94e7e613eb0ac36fc51c6afd5cd3dc66b90e02ae9b9f6335d111f951660e3fcba8f8a7ccf285b68155c6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\KFOkCnqEu92Fr1Mu51xIIzI[1].woff2

Filesize
16KB

MD5
d8bcbe724fd6f4ba44d0ee6a2675890f

SHA1
d276fd769bcb675f8efe42ebe3003c1d3255f985

SHA256
aa4650a411dfe1c9beb794ffaf08c7909cdfbb05672d79b3a9976672cbba75ec

SHA512
23f757ea3afe6febe1e8ea935f0ee8690e1b1b1da511788b529cc2fc38f7e454153cdba6f84a6a0e19b294e5311625a03617cf98aac150f17b88a53f3ed8b72a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\css2[1].css

Filesize
609B

MD5
c9416551b401e8ddc4cd642b1348d60c

SHA1
75d238de4bcef07ec6afd81fa38a91a3a55adc2a

SHA256
cb7b5b067f94b97f8e98d0c0d0e2ef2add7725527ad7ea726ff7d6702f1eff9a

SHA512
b7b3054284b982026adc743f27da8d89050546049471cba9e380086a56dc01749041e237b932e187b566445bdc380ef3938c4f7932e33a6005344f7ccb14d5c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\lazy.min[1].js

Filesize
118KB

MD5
48989d542f51150a3a87a272ada40cff

SHA1
0d7b19c4626abe902c480e4e7891d9dbdbd4b7a3

SHA256
eaa70b79b657e5997b465f24c770db49638dcadac9aebe8ed36c11e219c5c69c

SHA512
10b2957c0489ec4d896ae027ae7952687ce0b56101687ad62f230b19219bfa34b05c129983c2c9763cdda9b398137e1a163dfbcade11154738415f83cd623a5c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\m=RqjULd[1].js

Filesize
18KB

MD5
641b0e49b459415b43fdb70f297fd24e

SHA1
8abc7a49fa2386f87e06497c4f9660fb81487845

SHA256
18b95011caf08f1e7021c3d8089c10b981601760c97f693d762c4c0ec75ab3be

SHA512
ee340ccd86967fc40a9984250740d29b05094664cf155f91c1f94d9a0bf386552213838cbb521d60feb82ffc655cbfd16a2a91708cfda48c96728b40cfbe9f25

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\m=_b,_tp[1].js

Filesize
184KB

MD5
c4b4310e6e9da7a4d80249ba89921b5e

SHA1
cbe58c50c390ffe7af986e5ea68f0e74db028591

SHA256
1ef082fd3fd33d421d9196d21cc26a14769cbe8705c31964938277af11a847f9

SHA512
43120a3e5384f67a1f81015fe5de9c79dc9818cfa6777985cf6a3fe2f0422aa056485fbef32b25a567065232535264b54cd40e9083d1fa4975f4e92904a9868b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IRG9ZAR4\m=v,wb[1].js

Filesize
1.7MB

MD5
47db1ee4e315f43945b17394c537a344

SHA1
f00c803f0ba179d38af5ded0564ced44f30616d4

SHA256
3178a22c4e87243ffee7f19d52770540f9d920b3450d3c43f31804bbf99f1064

SHA512
8886bc75cca043353f2dfce3cf3896d5c3d7299c6ed9f00a844e51f4dbfb0075b8d2993828bbeb08b9598f924bdc51376cf8fb66b76675f103f75ec9f15a006e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WJ79JOJ6\06KGOAW2.js

Filesize
248KB

MD5
798710e792077e28736d2fd9e9caf2da

SHA1
c69d2d431f4dd11219f9cc75acc9ae389b53ee91

SHA256
3765ad455bece4411f9dd9448c968d5c817992a14bf0c24c1e8468da93fb728e

SHA512
9a85cfe383c44d9de2eacffbd1cdb30b189e75a98e3fc2d2c6041c39fe6f6e29b27864901c1b9e623f7240bc72f91d79f3affdd8de5307430087e0225ef824c1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WJ79JOJ6\callout[1].htm

Filesize
31KB

MD5
61ba12be81819bc60f1d99d5781d6a30

SHA1
780183482d6c1315f48f9b77d82ea13c7edfa6b6

SHA256
eb73ed4f945310bee831f6d59138171582047af4f1dd9982c7108f30a7e1a51e

SHA512
b094ea806582a3875572c86e4a8b5cb41c5259e35c1e456c4d1f1c4199b8e56a576e694d27d37d150eff66f9f1ad97cfecfe48f4c94652a90464f7932c2de56d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WJ79JOJ6\cb=gapi[1].js

Filesize
122KB

MD5
c8f70ecf911eb38bf7baa1157d661e30

SHA1
82dce89c697c1dae3290764a2c3a36bd83ed2756

SHA256
9f661df876d6cdd9b5a68ca4b4523ffb2d53c291cfa521c0b9b3ca64c1637210

SHA512
e5eb7eb530f6584435a0c74da78a1acebf96554c9989c39cc22d09029d6ff0cf3193c53e3dd658bbc0264b2b00a40c6be1874521dcd120c9ee181e2075dffe84

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WJ79JOJ6\rs=AA2YrTuab1saMfPg0iiAR9TwFTm87PY2ug[1].css

Filesize
2KB

MD5
3c858584931dfde71af9afbaad898d3b

SHA1
56a2e336ac0dbd7c842b882ea3fc1e9162e3a729

SHA256
d18929a68760eca65d614eeaad306a3fdf3262a47e0836e01062d3ceca027e52

SHA512
7305a38ddeb60e08d206dc9101d981cc3f139455d67c930db6258773201cc3340703e6a0a2e85d8e32ed623d34bb4abac02e9694a32f952e17b50e88b0019ea5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WJ79JOJ6\rs=AA2YrTvDBln1pR0UoOkMQQVWxWs0xeKWyw[1].js

Filesize
226KB

MD5
67a30532bb9f06a5cf2eb989103a8237

SHA1
75e9da0305b5fdf6a5f87085a3eb8aef935050f9

SHA256
00e074d7e7471c1e182512356ee7dd03755e9f5d4e4aada3f7816afc46d94e04

SHA512
8f476a80178fcc5cb0be565dc8c02577357087bdf803cd760b24952fa013c713ffea3d75a3e4d7834d238deb3b5389e623744534583246e26adb1f761ac82bee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WWQI7LX5\KFOlCnqEu92Fr1MmEU9fBBc4[1].woff2

Filesize
15KB

MD5
285467176f7fe6bb6a9c6873b3dad2cc

SHA1
ea04e4ff5142ddd69307c183def721a160e0a64e

SHA256
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

SHA512
5f9bb763406ea8ce978ec675bd51a0263e9547021ea71188dbd62f0212eb00c1421b750d3b94550b50425bebff5f881c41299f6a33bbfa12fb1ff18c12bc7ff1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WWQI7LX5\KFOlCnqEu92Fr1MmSU5fBBc4[1].woff2

Filesize
15KB

MD5
55536c8e9e9a532651e3cf374f290ea3

SHA1
ff3a9b8ae317896cbbcbadfbe615d671bd1d32a2

SHA256
eca8ffa764a66cd084800e2e71c4176ef089ebd805515664a6cb8d4fb3b598bf

SHA512
1346654c8293a2f38dd425ad44a2aa0ed2feab224388ab4e38fb99082769bbd14d67d74cac3ce6e39a562a0812f9bce0a623be233f9632dcb8d5d358e42f2186

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WWQI7LX5\cb=gapi[1].js

Filesize
204KB

MD5
3a82a498dddba2d7f6ffae8e61f6270c

SHA1
c04dec610fbefad4ffd41c2d72bc084115ac6230

SHA256
c02f7cf91aa3bb01ac3f3dc1ade67747c2df91f330f9aea81f6529162cdbcbcc

SHA512
316567310a1704d9e47e570bd519106ce625f9e70e99432101be3552f60700f5a1ae5786c3afe1eca729f55c1aa584b70137ea6c6066dd330b9b929946d16713

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WWQI7LX5\m=Wt6vjf,hhhU8,FCpbqb,ws9Tlc,WhJNk[1].js

Filesize
15KB

MD5
4f612c1958c18e3a3fcfbefa38d0127a

SHA1
d61bded82248cc5c7f63ef93abfc181e1000077e

SHA256
3db6c98bf823b59c96e02ef5b8851f15f3b7cf54e3c020d0787abdf067609544

SHA512
ed3883628a3a3ed4f03165099baa106654d606f9039079aa6e46053fd05264877f64c19b275f092f93d456660d5c981cf3858199f2a6e43373ff1514426e6cbb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WWQI7LX5\rs=AO0039sMyZxaqRFt4HMiVvRp_6eumjfA7Q[1].css

Filesize
2.2MB

MD5
17fcf6186626c743c192757c11a0c777

SHA1
d1158d503d9c456736636c4c78bcc17008ec2900

SHA256
c32bb4952e79f75e7665b8b415964f4616bcc24739b5eed21ce5226660c6aa7b

SHA512
6d34e0e3727261eb34f8f319694aeac2f641b332b694a2a45f4f041532b1d4f66d3219cf7c5156f15c0cff093a1eef60fff1a66edda2bc0591b2b148bcd74c4d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\FR9BN32Y\www.bing[1].xml

Filesize
1KB

MD5
8e7c2034ddc836fbe0263457e82173cf

SHA1
459111bf3af6b08a81490b0f7b1dc9ab48b10c3e

SHA256
65ad11e288abfe9cfcf18d2b1acd66130a6d991de342719076723cb850e600ea

SHA512
078fcdc5366d2a3cb2a5f1763910ad8e05717876909663b0ffc76c2c9dc68f7674ba6fa7add9dc6e3d802df1fe03d7f19d7483cca578d137fef2d4b7fa42cd2e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\HHFC1QXP\drive_2020q4_32dp[1].png

Filesize
831B

MD5
916c9bcccf19525ad9d3cd1514008746

SHA1
9ccce6978d2417927b5150ffaac22f907ff27b6e

SHA256
358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50

SHA512
b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Q8Z4HTQM\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
memory/1616-45-0x0000025767380000-0x0000025767480000-memory.dmp

Filesize
1024KB

Download
memory/2196-327-0x000001911CEB0000-0x000001911CEB1000-memory.dmp

Filesize
4KB

Download
memory/2196-0-0x0000019116320000-0x0000019116330000-memory.dmp

Filesize
64KB

Download
memory/2196-35-0x00000191137C0000-0x00000191137C2000-memory.dmp

Filesize
8KB

Download
memory/2196-16-0x0000019116420000-0x0000019116430000-memory.dmp

Filesize
64KB

Download
memory/2196-326-0x000001911CEA0000-0x000001911CEA1000-memory.dmp

Filesize
4KB

Download
memory/3848-322-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-348-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-349-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-345-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-347-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-342-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-341-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-340-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-339-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-334-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-333-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-332-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-324-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-328-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-320-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-323-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-321-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-319-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-318-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-317-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-316-0x00000269B99F0000-0x00000269B9A00000-memory.dmp

Filesize
64KB

Download
memory/3848-230-0x00000269CE680000-0x00000269CE780000-memory.dmp

Filesize
1024KB

Download
memory/3848-132-0x00000269D5D40000-0x00000269D5D60000-memory.dmp

Filesize
128KB

Download
memory/3848-98-0x00000269CD120000-0x00000269CD140000-memory.dmp

Filesize
128KB

Download
memory/3848-85-0x00000269CC1C0000-0x00000269CC1C2000-memory.dmp

Filesize
8KB

Download
memory/3848-87-0x00000269CC1E0000-0x00000269CC1E2000-memory.dmp

Filesize
8KB

Download
memory/3848-89-0x00000269CC3A0000-0x00000269CC3A2000-memory.dmp

Filesize
8KB

Download
memory/3848-83-0x00000269CA560000-0x00000269CA580000-memory.dmp

Filesize
128KB

Download