hxxps://drive[.]google[.]com/file/d/1fwJdsnnK8CE52uB6ttf5BOyA6_zlBL57/view

Analysis

max time kernel
42s
max time network
44s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30-07-2024 13:22

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1fwJdsnnK8CE52uB6ttf5BOyA6_zlBL57/view

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
2	drive.google.com
3	drive.google.com

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d098098c83e2da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = d0826da283e2da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\LastClosedWidth = "1280"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 4974e29383e2da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = fdf66fa283e2da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Packa = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{6A96B36B-FF49-44F1-B2B0-99208EE134B1} = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe

Suspicious behavior: MapViewOfSection 4 IoCs

pid	Process
3132	MicrosoftEdgeCP.exe
3132	MicrosoftEdgeCP.exe
3132	MicrosoftEdgeCP.exe
3132	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4920	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4920	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4920	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4920	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4864	MicrosoftEdge.exe
Token: SeDebugPrivilege	4864	MicrosoftEdge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4864	MicrosoftEdge.exe
3132	MicrosoftEdgeCP.exe
4920	MicrosoftEdgeCP.exe
3132	MicrosoftEdgeCP.exe
6072	LogonUI.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3132 wrote to memory of 1292	3132	MicrosoftEdgeCP.exe	78
PID 3132 wrote to memory of 1292	3132	MicrosoftEdgeCP.exe	78
PID 3132 wrote to memory of 1292	3132	MicrosoftEdgeCP.exe	78
PID 3132 wrote to memory of 1292	3132	MicrosoftEdgeCP.exe	78
PID 3132 wrote to memory of 1292	3132	MicrosoftEdgeCP.exe	78
PID 3132 wrote to memory of 1292	3132	MicrosoftEdgeCP.exe	78
PID 3132 wrote to memory of 1292	3132	MicrosoftEdgeCP.exe	78
PID 3132 wrote to memory of 1292	3132	MicrosoftEdgeCP.exe	78

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://drive.google.com/file/d/1fwJdsnnK8CE52uB6ttf5BOyA6_zlBL57/view"
1⤵
PID:4524

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4864

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:3012

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3132

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4920

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1292

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5784

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3a80855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:6072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L5P12AEX\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\75EX6ENP\cb=gapi[1].js

Filesize
122KB

MD5
7d41ce8af12a1020f76d0d4620a30b79

SHA1
913cdcd6daf53cecb2639d9a451c4f1f88071d9e

SHA256
2b4ae5731b6361fef2a0b2ea0d005ca674d5cfa837628dc8acf4140b2c8b3843

SHA512
f42cd6041d26407cb75ab57788a71aab626d3a94c50a2a4a04dcb6c89fb728695c44054c0dd79e3c2824bfa9188d6ca8e7a3cb71e6eef7f645f93839147ae0f0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\75EX6ENP\m=MpJwZc,UUJqVe,sy6,s39S4,syn,pw70Gc[1].js

Filesize
6KB

MD5
fafef991b71fbcebc0b6f7e2bd31c913

SHA1
0077d0c5f292a67b9e8ef0d1ccd7303186f9624e

SHA256
d084db6c76fa1c60e8e98d6abba64a4132eaf56cb35fb668e4a49c97a5ee7d84

SHA512
a27e890a9a70d1332ff9c5197f49617ab3866cb5219886758bb96c47a164495b915d6626c08ce4cb07e761b6521c84ef53a30bc83410f775341605ba31673a7d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\75EX6ENP\m=bm51tf[1].js

Filesize
1KB

MD5
1c3cc58d1238dbf021aa956365718fda

SHA1
4987b3754cb52820805b47118906fff2daae9a07

SHA256
9336d140abddeb7ac56d286e3f3ec08705e32d32cfd7954c30692d0de804ca3a

SHA512
d0fa1ea3519b25f9a496dbc815a9ba16ef0e145372d2e820596c57155bd8038dc8cc2db0897a29867c8e4067781991865e5146622f889ffe731e0a830c13f1eb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\75EX6ENP\rs=AA2YrTtu68wU8rQSEu1zLoTY_BOBQXibAg[1].css

Filesize
3KB

MD5
48f5c818894433670d96c3583ee2aa3b

SHA1
49be98e9c4dadcfcdbec38084c07c81ecef7469a

SHA256
0044ba73ab1aca417121434dc303867366beead312f0bbe2a1a18d9c397e12b2

SHA512
18d2d44dbfd07292d4b0eb6a08dc4ab22e6b8efdc4dd17dc30c683c0913eac27e0db7afacdf50e545522fb2ad1468f06af96f3ce8ad09872711032adac038b37

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\75EX6ENP\rs=AA2YrTtz52bnQKD0_FuEioBge0VOKV8DNw[1].js

Filesize
227KB

MD5
780c670aa2efdc14e9e98bc130d4f7b6

SHA1
672d29a5d24e110713e075eb465a178005e361bb

SHA256
f1b89f7c47403558459fe7a8e1123cacd63863691c90654981a3ce27a6219c54

SHA512
29131bd3b780e0cd9b1aad7738c496823a154d31f4c7b1ad5bf468f203bf98c4382a0f37c1dc9e8ee3ef764d0568f173a06748ba90176657769b079c2d8cc4ef

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\901MWWMO\KFOlCnqEu92Fr1MmEU9fBBc4[1].woff2

Filesize
15KB

MD5
285467176f7fe6bb6a9c6873b3dad2cc

SHA1
ea04e4ff5142ddd69307c183def721a160e0a64e

SHA256
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

SHA512
5f9bb763406ea8ce978ec675bd51a0263e9547021ea71188dbd62f0212eb00c1421b750d3b94550b50425bebff5f881c41299f6a33bbfa12fb1ff18c12bc7ff1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\901MWWMO\KFOlCnqEu92Fr1MmWUlfBBc4[1].woff2

Filesize
15KB

MD5
037d830416495def72b7881024c14b7b

SHA1
619389190b3cafafb5db94113990350acc8a0278

SHA256
1d5b7c64458f4af91dcfee0354be47adde1f739b5aded03a7ab6068a1bb6ca97

SHA512
c8d2808945a9bf2e6ad36c7749313467ff390f195448c326c4d4d7a4a635a11e2ddf4d0779be2db274f1d1d9d022b1f837294f1e12c9f87e3eac8a95cfd8872f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\901MWWMO\cb=gapi[1].js

Filesize
206KB

MD5
01aca6d674132913ecbc9db2b2d9ad03

SHA1
c9fb646739e2ed2e18869867e3fcdd9364ff046f

SHA256
f41d574aeffffe2094c610397398b37da40813e31cded45f92037c49295f4d15

SHA512
c96ab1a80f2db279ea53f8bedbd1b2feb17c3ac7ff29181235883d78b065fca21c59c832b04bb6c50fc6cd56287f5fb7977a1d9a2dfb5c7ac45443d86f56bbd0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\901MWWMO\m=Wt6vjf,hhhU8,FCpbqb,WhJNk[1].js

Filesize
3KB

MD5
8177ed7559a049dc4833c130b10ce15e

SHA1
838c68c303c0282e5d9ea6fc0a21f44fc52a5446

SHA256
b662417f6cecb860d564b75c40c2026a9cba40c096109d56db480df3e6d5518e

SHA512
6fb7cc73438cd5b43720245a5763f84065295e599b6c9f9bcb8ce0a8045cf388e67cd3cfcb8f6243e4479965178bb84f39c1c30b9c80712f1288478a554b5cda

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\901MWWMO\m=_b,_tp[1].js

Filesize
186KB

MD5
a387bfe4373f8bafb7c3e1f7a32c10c2

SHA1
c1c2f8fa561b4c918d18e7f8e1fc0c5c461e09b7

SHA256
88fe11722dd06573277dc7b0e522f379fee49cc15ae17081dc214b24c96caa02

SHA512
07a3129dfdcac73103e03588750fb220a8f34198455b8d64889919fc4cb16e1c0c6cc78b06eaaff6c580ce513b16861017432e73c777c16973fb04bbbc3f8869

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9ZJEAVZ9\JULAVDAR.js

Filesize
260KB

MD5
e50541c540d008740255d474f8dd4cd6

SHA1
c5d8c0a9c82178fbfdaad0c6054237843711046e

SHA256
3819295ac380707e99189875f92f85824f65d2545ab23721ff8f23a1189cc27e

SHA512
d6f88b50e2eb0e1947112e814e0ea2e6ce0903510ea1afb42ef80240b6a4d9b44d234b82e04795aab84624c2b4f2058bb60cff75360d3988e0441c3a74ed45f3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9ZJEAVZ9\KFOkCnqEu92Fr1Mu51xIIzI[1].woff2

Filesize
16KB

MD5
d8bcbe724fd6f4ba44d0ee6a2675890f

SHA1
d276fd769bcb675f8efe42ebe3003c1d3255f985

SHA256
aa4650a411dfe1c9beb794ffaf08c7909cdfbb05672d79b3a9976672cbba75ec

SHA512
23f757ea3afe6febe1e8ea935f0ee8690e1b1b1da511788b529cc2fc38f7e454153cdba6f84a6a0e19b294e5311625a03617cf98aac150f17b88a53f3ed8b72a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9ZJEAVZ9\KFOlCnqEu92Fr1MmSU5fBBc4[1].woff2

Filesize
15KB

MD5
55536c8e9e9a532651e3cf374f290ea3

SHA1
ff3a9b8ae317896cbbcbadfbe615d671bd1d32a2

SHA256
eca8ffa764a66cd084800e2e71c4176ef089ebd805515664a6cb8d4fb3b598bf

SHA512
1346654c8293a2f38dd425ad44a2aa0ed2feab224388ab4e38fb99082769bbd14d67d74cac3ce6e39a562a0812f9bce0a623be233f9632dcb8d5d358e42f2186

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9ZJEAVZ9\KFOmCnqEu92Fr1Mu4mxK[1].woff2

Filesize
14KB

MD5
5d4aeb4e5f5ef754e307d7ffaef688bd

SHA1
06db651cdf354c64a7383ea9c77024ef4fb4cef8

SHA256
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

SHA512
7eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9ZJEAVZ9\css2[1].css

Filesize
609B

MD5
c9416551b401e8ddc4cd642b1348d60c

SHA1
75d238de4bcef07ec6afd81fa38a91a3a55adc2a

SHA256
cb7b5b067f94b97f8e98d0c0d0e2ef2add7725527ad7ea726ff7d6702f1eff9a

SHA512
b7b3054284b982026adc743f27da8d89050546049471cba9e380086a56dc01749041e237b932e187b566445bdc380ef3938c4f7932e33a6005344f7ccb14d5c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4FQUVMS\css[1].css

Filesize
800B

MD5
567b2a9c2ff51e07119f91ab83539d8c

SHA1
c9bb920b539877ba8dd54b72461b5ce74e98aad8

SHA256
155036a4145981ebfcb13621ed3579dce388b21a9b24d35b398cde98ddef0bee

SHA512
d4253d572168cb7260da40174ae184a49bef79828de91397ed0c2cc9702872a512cfbc8c3a038e8b0a0e8766fd83cd94196156f4b823cf211c1719892ec22e8b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4FQUVMS\lazy.min[1].js

Filesize
118KB

MD5
e5fac0d6ffcaadd75020efbe09518d4f

SHA1
53fa589e878139d9f88cdb009b7687cdb697ddc6

SHA256
054479d12c972e67b68e356ff809d63fafefee27e1c4bebee6be8b58736f2878

SHA512
32d486f4cc518ad8cff4dd603caae59a82b6d5dce0e4b9ba095392f7d8e84e53f7b368c3063dcb476fda3c8d97d9a3eed4ebcdc0d6220ead760d37ef324f52be

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4FQUVMS\m=RqjULd[1].js

Filesize
18KB

MD5
e95653e4fbc897499096fb0d822740e7

SHA1
851b7c1a447e1c0b20fb151744118c20109a1a5e

SHA256
6e907a0bdaa5a79461b71a7196261826f886dc179c39937f47da69b78479d396

SHA512
831095b46f1de2f05f7efc904fb7406a973b2094c24a3060481d0f00c97a3ede2b69d8b6ee9c05c49aec1e0de2b9ce5f73f31e5028abfb6b34c525c90b9a25bf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4FQUVMS\m=v,wb[1].js

Filesize
1.8MB

MD5
76e1552dae5474a4640ecac9f64db740

SHA1
fde346c7de1ff7e3b13dd641cbd00ffd62387eef

SHA256
2ef26c1f1090ff29c78807cfc696598a9731f7c8a9caacfa6fbbf75987b9e7e4

SHA512
abc306d89df1b33e093755592fccf98912e1d694d034200cb84fbba4f7f15251c0153502baae59950cdcec11daae465b759f184b6cd3b5155418dd5a628c4809

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4FQUVMS\rs=AO0039tZmqueSQoJzpO2J3QiTrdMbK7hcQ[1].css

Filesize
2.3MB

MD5
cb7e0e17413bb2b32ad95ac37db03504

SHA1
561fee87ca7be9e2235f59b8c54972d7236092b3

SHA256
1ebf9dc59b3a486aa2918be8467febfb227902f300b9a49a5be3ac734a7fe493

SHA512
4d91d06e8ea819a5106434332f02ae65adf23475f6cf0fbb54d017216e4622e55115118a63cf3986ff81292f9c35fb5c08f055dc69e41e0d8df2b28c19285397

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\W7KJ4SZ8\drive_2020q4_32dp[1].png

Filesize
831B

MD5
916c9bcccf19525ad9d3cd1514008746

SHA1
9ccce6978d2417927b5150ffaac22f907ff27b6e

SHA256
358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50

SHA512
b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF6F25E97F119F6E9B.TMP

Filesize
16KB

MD5
1f2cf9b4c65b9405b419a1454228d86b

SHA1
373e22ca8c9b492e1dca750d9a5fee8c15e0a2b9

SHA256
bd87e3b4217cd70a725c8951b2e49e079e522804b8f28bd31307886083b353fb

SHA512
524b3e80fb04cfe7c8660fa4b43423f035635333fec291a7f4e4e3f6490a5f15903a773202e553c2715e6fd5779cf1e63f422288741075b5fdeacb384f696106

Download Submit
memory/1292-198-0x000001C71AD00000-0x000001C71AE00000-memory.dmp

Filesize
1024KB

Download
memory/1292-317-0x000001C716340000-0x000001C716350000-memory.dmp

Filesize
64KB

Download
memory/1292-83-0x000001C716760000-0x000001C716780000-memory.dmp

Filesize
128KB

Download
memory/1292-340-0x000001C716340000-0x000001C716350000-memory.dmp

Filesize
64KB

Download
memory/1292-341-0x000001C716340000-0x000001C716350000-memory.dmp

Filesize
64KB

Download
memory/1292-342-0x000001C716340000-0x000001C716350000-memory.dmp

Filesize
64KB

Download
memory/1292-343-0x000001C716340000-0x000001C716350000-memory.dmp

Filesize
64KB

Download
memory/1292-345-0x000001C716340000-0x000001C716350000-memory.dmp

Filesize
64KB

Download
memory/1292-347-0x000001C716340000-0x000001C716350000-memory.dmp

Filesize
64KB

Download
memory/1292-346-0x000001C716340000-0x000001C716350000-memory.dmp

Filesize
64KB

Download
memory/1292-344-0x000001C716340000-0x000001C716350000-memory.dmp

Filesize
64KB

Download
memory/1292-328-0x000001C716340000-0x000001C716350000-memory.dmp

Filesize
64KB

Download
memory/1292-322-0x000001C716340000-0x000001C716350000-memory.dmp

Filesize
64KB

Download
memory/1292-321-0x000001C716340000-0x000001C716350000-memory.dmp

Filesize
64KB

Download
memory/1292-319-0x000001C716340000-0x000001C716350000-memory.dmp

Filesize
64KB

Download
memory/1292-320-0x000001C716340000-0x000001C716350000-memory.dmp

Filesize
64KB

Download
memory/1292-318-0x000001C716340000-0x000001C716350000-memory.dmp

Filesize
64KB

Download
memory/1292-89-0x000001C7185A0000-0x000001C7185A2000-memory.dmp

Filesize
8KB

Download
memory/1292-316-0x000001C716340000-0x000001C716350000-memory.dmp

Filesize
64KB

Download
memory/1292-315-0x000001C716340000-0x000001C716350000-memory.dmp

Filesize
64KB

Download
memory/1292-85-0x000001C718560000-0x000001C718562000-memory.dmp

Filesize
8KB

Download
memory/1292-129-0x000001C722680000-0x000001C7226A0000-memory.dmp

Filesize
128KB

Download
memory/1292-98-0x000001C719430000-0x000001C719450000-memory.dmp

Filesize
128KB

Download
memory/1292-103-0x000001C719670000-0x000001C719770000-memory.dmp

Filesize
1024KB

Download
memory/1292-107-0x000001C718AD0000-0x000001C718BD0000-memory.dmp

Filesize
1024KB

Download
memory/1292-87-0x000001C718580000-0x000001C718582000-memory.dmp

Filesize
8KB

Download
memory/4864-16-0x000001D301920000-0x000001D301930000-memory.dmp

Filesize
64KB

Download
memory/4864-333-0x000001D3080D0000-0x000001D3080D1000-memory.dmp

Filesize
4KB

Download
memory/4864-334-0x000001D3080E0000-0x000001D3080E1000-memory.dmp

Filesize
4KB

Download
memory/4864-35-0x000001D305B80000-0x000001D305B82000-memory.dmp

Filesize
8KB

Download
memory/4864-0-0x000001D301820000-0x000001D301830000-memory.dmp

Filesize
64KB

Download
memory/4920-42-0x0000025939B00000-0x0000025939C00000-memory.dmp

Filesize
1024KB

Download
memory/4920-44-0x0000025939B00000-0x0000025939C00000-memory.dmp

Filesize
1024KB

Download
memory/4920-43-0x0000025939B00000-0x0000025939C00000-memory.dmp

Filesize
1024KB

Download