3a9ac955ed1067308750c3ff4d0ee328427d4ecc806fdb73513616ebe37f6153

Analysis

max time kernel
150s
max time network
136s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
20-07-2024 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
Size

1.3MB
MD5

bc86ba14157a38a4b4f8e20e239bcc5c
SHA1

ef99216c5f6e81856d8db80d9145ca09cb8f04df
SHA256

3a9ac955ed1067308750c3ff4d0ee328427d4ecc806fdb73513616ebe37f6153
SHA512

70324a14ee1ca5e3d7ab4788fc7f13915a7a21c00686e3d0ff210a9615df43646f2d3afc282a03a9bca62006a20c2121ad29ca6b501c1e53a25fe4905cb0d47e
SSDEEP

24576:8OwKgRCkDML+Y1ZMP66ODm//VpAIJhDSb84imzMbJ7:TuCkMqY1ZMyJicimzMV7

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe

Drops file in Windows directory 10 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{09522AB0-88E4-4D0F-98DC-C8275DF6EE6B} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 372ccf34d3dada01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{7C4629D3-ED9A-4310-BC61-A56068DDFEF7} = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 541e9a32d3dada01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 12cfaa32d3dada01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
3152	MicrosoftEdgeCP.exe
3152	MicrosoftEdgeCP.exe
3152	MicrosoftEdgeCP.exe
3152	MicrosoftEdgeCP.exe
3544	MicrosoftEdgeCP.exe
3544	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeDebugPrivilege	4716	Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
Token: SeDebugPrivilege	2252	taskmgr.exe
Token: SeSystemProfilePrivilege	2252	taskmgr.exe
Token: SeCreateGlobalPrivilege	2252	taskmgr.exe
Token: 33	2252	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2252	taskmgr.exe
Token: SeDebugPrivilege	2316	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2316	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2316	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2316	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3092	MicrosoftEdge.exe
Token: SeDebugPrivilege	3092	MicrosoftEdge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe
2252	taskmgr.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3092	MicrosoftEdge.exe
3152	MicrosoftEdgeCP.exe
2316	MicrosoftEdgeCP.exe
3152	MicrosoftEdgeCP.exe
4348	MicrosoftEdge.exe
3544	MicrosoftEdgeCP.exe
3544	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 3152 wrote to memory of 5072	3152	MicrosoftEdgeCP.exe	77
PID 3152 wrote to memory of 5072	3152	MicrosoftEdgeCP.exe	77
PID 3152 wrote to memory of 5072	3152	MicrosoftEdgeCP.exe	77
PID 3544 wrote to memory of 1040	3544	MicrosoftEdgeCP.exe	82
PID 3544 wrote to memory of 1040	3544	MicrosoftEdgeCP.exe	82
PID 3544 wrote to memory of 1040	3544	MicrosoftEdgeCP.exe	82
PID 3544 wrote to memory of 1040	3544	MicrosoftEdgeCP.exe	82
PID 3544 wrote to memory of 1040	3544	MicrosoftEdgeCP.exe	82
PID 3544 wrote to memory of 1040	3544	MicrosoftEdgeCP.exe	82
PID 3544 wrote to memory of 1040	3544	MicrosoftEdgeCP.exe	82
PID 3544 wrote to memory of 1040	3544	MicrosoftEdgeCP.exe	82
PID 3544 wrote to memory of 1040	3544	MicrosoftEdgeCP.exe	82
PID 3544 wrote to memory of 1040	3544	MicrosoftEdgeCP.exe	82

C:\Users\Admin\AppData\Local\Temp\Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Ninja Gaiden Master Collection (Ninja Gaiden Sigma 2) v1.0 Plus 14 Trainer.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4716

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2252

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3092

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1372

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3152

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5072

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:912

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4348

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4504

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3544

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\MUDKVNDW\cropped-free-icon-bw_icon-template-psd-3-3-45x45[1].png

Filesize
3KB

MD5
1b8534f82cff92756805dab37817dbd6

SHA1
6cb40895e7ef9108566acac53bc0db7367cafbf1

SHA256
24534faa3fce37f3dd31d07b10bf19b11f8a3d41d9631426bc172ad1808e1164

SHA512
83d2234fd1b4c64ad4cceead4309ba7e510695e6cdcc34c03e2d569aecbebbdddac85ff9ec948b7a65ce04467adb80ff13abee886e12f7aea9fd0b395242d80c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

Filesize
512KB

MD5
bbbba0579b49c8ce1a9b8660b0c81558

SHA1
2cb98915433c3e97e8e79aab79d8543aead35be2

SHA256
edcab60657be08ee159784eadad7fb8040f0201c526293b3cf8c9920848b7b0e

SHA512
e21d59797020f8dec05c1df812daefab51f2510af278444d5dc800ea4bbb194fb7672ff52af334ffd2e4b3287cd3acfa976d2cd9e731138d63ac238fa44e115d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF9FC037FED20B5225.TMP

Filesize
16KB

MD5
b0000853ca771cdc9849ca5d10052f99

SHA1
185430aa6fc1c59087172579ce356462f9fc03cf

SHA256
97be5bf605654959d40d0cf922dd1c07f952e36775c705027169561c9c30547b

SHA512
18362e23786fcb000ea54edd12f2dd461dc86e8596cba016811afa16f19b78e45a9324eee5424994af9ea5f63ca8acfccebad92c35783d3acd88dfa429021880

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M0BJEU76\WeMod-Setup[1].exe

Filesize
114KB

MD5
09952e7eab2216ddc191643593967312

SHA1
81d592d103217e02911937b17432da7cfb1bb324

SHA256
e5973539e09594dc4b2d2205aa1276b03160a6157b97ec5b68252d10c3beacd0

SHA512
f35ea51917786df9e98246e7c52d2b3b14a3a6b3658a00bea6665ce264fcef58ea97082138b973f5ac4793923dd3e336444323984758f4f353e6fd8a1c2488e6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
7fb5fa1534dcf77f2125b2403b30a0ee

SHA1
365d96812a69ac0a4611ea4b70a3f306576cc3ea

SHA256
33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f

SHA512
a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
1bfe0a81db078ea084ff82fe545176fe

SHA1
50b116f578bd272922fa8eae94f7b02fd3b88384

SHA256
5ba8817f13eee00e75158bad93076ab474a068c6b52686579e0f728fda68499f

SHA512
37c582f3f09f8d80529608c09041295d1644bcc9de6fb8c4669b05339b0dd870f9525abc5eed53ad06a94b51441275504bc943c336c5beb63b53460ba836ca8d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
a2cf4083366422400557ae7042c7a105

SHA1
2d2e6bc4fa49d088d92e748f050ab70398cfa62a

SHA256
6e15abceea50bc8d66849bd97be1198369ad18717e8842262723f09b96c5fecf

SHA512
e2722a69258f45c9479bc37d893e77269b1e28334edec3d5f69d56cc8418e2794b76c06581526b18ca488af6ea876c31a011457e0ce139afd099539de4fee5f5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
c78ab93100936bc5c3eea34c8d25f1c1

SHA1
f517251c28851944c5d024bcff85dcf28ce4d624

SHA256
5ff527a297b8f41b2ac6edc46ffca40358b96efb861021c4e2512e7e3f1d720f

SHA512
e4c3cdd33e9000cfd5052cbcd6fd3f25eaa057faa472ae98651f24bae04c41b755302e5e7864597917e92e3109922e5f6c39cf8f6232145c0e244d0262493516

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

Filesize
512KB

MD5
2cb0f88521b8e3acc6042f7f19d2ffea

SHA1
bce684f6daa37c356d2963a550ed80c7625b7833

SHA256
9f06b6528f1b5adbdd484c93a93adb7f2ccf3ca06a5e42f0a133bc2609fe4b1f

SHA512
129d48116b375b304e25fc7af060e34bdd932bdb1e73caf48e85a7f0fce362fee7c4d0785e14a0a848ccbae423053feb1e68d6fabb9f19c0863baf255b7c73dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk

Filesize
8KB

MD5
ae5db0a7c48e7007db4d4150016ba003

SHA1
e35b9e36efb1edbd5ed04bb56af00d437c755ccc

SHA256
cb5c7c218cf71477ae7f2586d7bedd8be90018ec0c4a8d194e7de5e951fffb70

SHA512
9c4feddbd8a3ff57db8b7723713601704eb7f4ac28c1a39da6e1343e620933c30390513ceae7a0f747bf5d7eadfeb18891f3e92fa5f311d83c786b8fc7237a19

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb

Filesize
2.0MB

MD5
e11798a966dab2e6f724db2997aada7a

SHA1
4549205734dc477428dce43902252d755f04dfc3

SHA256
990109467a677838f3f1c137e5237942236f079af6ddbc501ed8976a32d42e8f

SHA512
18006034b27bea1057b6d048f843874a60d9b4cb1a61eee40e961f259752b59ac0a85a8f3b8ed92bc6f26d6b0f113b60a6c1c3babc88f6fdca75c153cf418956

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm

Filesize
16KB

MD5
47d63c061bd4ba2f88b1edfdc6abf0c0

SHA1
db8ad19a632b48e8149887e0e53b091ecffb2b2b

SHA256
2117b7d8d0eb74297c02d899320a483d6a819110ebeb81e64e38db96600fa437

SHA512
995b6d60d29167a7ac1af30383c96f4ecb4917a8cacedaa10750f78534fd04f5640fc9327b7b3f80afe4826f75990f7e9cfd3876c2d0e02f975c714a35e7d46b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{7C4629D3-ED9A-4310-BC61-A56068DDFEF7}.dat

Filesize
5KB

MD5
e877e127de2891b0a5021a7ecd02a393

SHA1
4d73e9d02cda4296f81a03723fdb4c39efedc24e

SHA256
3ea8ccb764d75349b0f88b021b6d3b5d31a38d145b2b61a1386eea6e7dce5dc1

SHA512
75534d22841c801573a8b26fb08b9fb5d0df1301e57fb41ec94ea6867e586bb575689b148a888b7480678e1f53dcdf1b4275aa40cee49b26e2756704e3cf0bf5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{F6939E34-46F6-4E5E-ACC9-59AFA2C38282}.dat

Filesize
4KB

MD5
790064363606643cc550631834e2bbf8

SHA1
956cdfa2d0a686264479f18acc58edcbe2e777b8

SHA256
09a629cd3f2d54c9f38b530d430375041c65a2d28346d8a9645cf2dc008fe4ac

SHA512
e90d04cb1251f8bced7a7edca89004a68eb82416c71baa2d7ee7a9ae61e82a13c2db35ac9425c969bae48e4a471ca074e52b8ffcc5f5fe1daf41ef21b103e0b6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{FF536903-4685-44A9-8045-578229538D7F}.dat

Filesize
3KB

MD5
d90bc6c2858523f6ca5067ddb102fd09

SHA1
8df2460be804913da3343fc221746807ca5b5d01

SHA256
ffbd1f15952bb5af4b3daf5774fc95d3332a2e4608de34f7e736bf2c4db4c99f

SHA512
ad76df6020bd6dbb6f98c8c638c4c4cfbc635976b78d05608d5443c824cb9ab8a5d3e9d3a8d206f6712093edd48184a3d922e87ccfd2b08d25b0dae0fd547595

Download Submit
memory/912-107-0x000002AF59D00000-0x000002AF59E00000-memory.dmp

Filesize
1024KB

Download
memory/2316-73-0x000002174EB40000-0x000002174EC40000-memory.dmp

Filesize
1024KB

Download
memory/2316-74-0x000002174EB40000-0x000002174EC40000-memory.dmp

Filesize
1024KB

Download
memory/3092-30-0x00000260A0320000-0x00000260A0330000-memory.dmp

Filesize
64KB

Download
memory/3092-123-0x000002609D7C0000-0x000002609D7C1000-memory.dmp

Filesize
4KB

Download
memory/3092-65-0x000002609D7D0000-0x000002609D7D2000-memory.dmp

Filesize
8KB

Download
memory/3092-46-0x00000260A0420000-0x00000260A0430000-memory.dmp

Filesize
64KB

Download
memory/3092-116-0x00000260A46F0000-0x00000260A46F2000-memory.dmp

Filesize
8KB

Download
memory/3092-119-0x000002609F4E0000-0x000002609F4E1000-memory.dmp

Filesize
4KB

Download
memory/4716-28-0x00007FF8FD800000-0x00007FF8FE1EC000-memory.dmp

Filesize
9.9MB

Download
memory/4716-24-0x00007FF8FD803000-0x00007FF8FD804000-memory.dmp

Filesize
4KB

Download
memory/4716-1-0x0000028418B00000-0x0000028418B3E000-memory.dmp

Filesize
248KB

Download
memory/4716-2-0x00007FF8FD800000-0x00007FF8FE1EC000-memory.dmp

Filesize
9.9MB

Download
memory/4716-5-0x00007FF8FD800000-0x00007FF8FE1EC000-memory.dmp

Filesize
9.9MB

Download
memory/4716-29-0x00007FF8FD800000-0x00007FF8FE1EC000-memory.dmp

Filesize
9.9MB

Download
memory/4716-0-0x00007FF8FD803000-0x00007FF8FD804000-memory.dmp

Filesize
4KB

Download
memory/4716-27-0x00007FF8FD800000-0x00007FF8FE1EC000-memory.dmp

Filesize
9.9MB

Download
memory/4716-26-0x00007FF8FD800000-0x00007FF8FE1EC000-memory.dmp

Filesize
9.9MB

Download
memory/4716-25-0x00007FF8FD800000-0x00007FF8FE1EC000-memory.dmp

Filesize
9.9MB

Download
memory/4716-6-0x00007FF8FD800000-0x00007FF8FE1EC000-memory.dmp

Filesize
9.9MB

Download
memory/5072-93-0x000001A3ABBA0000-0x000001A3ABBA2000-memory.dmp

Filesize
8KB

Download
memory/5072-88-0x000001A39BA00000-0x000001A39BB00000-memory.dmp

Filesize
1024KB

Download
memory/5072-90-0x000001A3ABB70000-0x000001A3ABB72000-memory.dmp

Filesize
8KB

Download
memory/5072-95-0x000001A3ABBC0000-0x000001A3ABBC2000-memory.dmp

Filesize
8KB

Download