5916e82e6c2481afbe68eaca27cddae6f8300129ac852ccd11934c48f7544973

Analysis

max time kernel
150s
max time network
163s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
02/08/2024, 16:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MantiWPF/MantiWPF.exe
Size

8.2MB
MD5

b95d746231fcec5e02fbbc91df346fb6
SHA1

be142be50f93919b3e1ad0a0019df24514692b84
SHA256

4f01f1b0d5f22d1b555a2890f176b9ff9269481ff8d99610968843e393430337
SHA512

21146da77836345c79269fd56d0eb0ddc97c2bdcf0de5b85c43e63b3cee8de1aa60be6c3a75e8a4c228681e4bcb986fe2d4236d0280ab564958e1458944517fa
SSDEEP

196608:7UwGkc6K6n6EkD+AXRs5oF3qheHA6Ra4yUg:IwGkc3ikDFs5Y3qsJa4yJ

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	MantiWPF.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MantiWPF.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "10"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "134"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "134"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "124"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "429379721"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f6d543edf5e4da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "124"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 8b2b04e0f5e4da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c8d1f2d6f5e4da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "10"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
5088	MicrosoftEdgeCP.exe
5088	MicrosoftEdgeCP.exe
5088	MicrosoftEdgeCP.exe
5088	MicrosoftEdgeCP.exe
5088	MicrosoftEdgeCP.exe
5088	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	1852	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1852	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1852	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1852	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
192	MicrosoftEdge.exe
5088	MicrosoftEdgeCP.exe
1852	MicrosoftEdgeCP.exe
5088	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 1420	5088	MicrosoftEdgeCP.exe	77
PID 5088 wrote to memory of 1420	5088	MicrosoftEdgeCP.exe	77
PID 5088 wrote to memory of 1420	5088	MicrosoftEdgeCP.exe	77
PID 5088 wrote to memory of 1420	5088	MicrosoftEdgeCP.exe	77
PID 5088 wrote to memory of 1420	5088	MicrosoftEdgeCP.exe	77
PID 5088 wrote to memory of 1420	5088	MicrosoftEdgeCP.exe	77
PID 5088 wrote to memory of 1420	5088	MicrosoftEdgeCP.exe	77
PID 5088 wrote to memory of 3812	5088	MicrosoftEdgeCP.exe	78
PID 5088 wrote to memory of 3812	5088	MicrosoftEdgeCP.exe	78
PID 5088 wrote to memory of 3812	5088	MicrosoftEdgeCP.exe	78
PID 5088 wrote to memory of 3812	5088	MicrosoftEdgeCP.exe	78
PID 5088 wrote to memory of 3812	5088	MicrosoftEdgeCP.exe	78
PID 5088 wrote to memory of 3812	5088	MicrosoftEdgeCP.exe	78
PID 5088 wrote to memory of 3812	5088	MicrosoftEdgeCP.exe	78
PID 5088 wrote to memory of 3812	5088	MicrosoftEdgeCP.exe	78
PID 5088 wrote to memory of 3812	5088	MicrosoftEdgeCP.exe	78
PID 5088 wrote to memory of 3812	5088	MicrosoftEdgeCP.exe	78
PID 5088 wrote to memory of 3812	5088	MicrosoftEdgeCP.exe	78

C:\Users\Admin\AppData\Local\Temp\MantiWPF\MantiWPF.exe
"C:\Users\Admin\AppData\Local\Temp\MantiWPF\MantiWPF.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
PID:1280

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:192

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2200

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5088

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1420

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3812

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OHP8MVFQ\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\DN9E3E3E\dotnet.microsoft[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\DN9E3E3E\dotnet.microsoft[1].xml

Filesize
84B

MD5
dad4017acb02d9aed861b9b47258aefd

SHA1
36041fba99593ebc925dfbf60277b1edd0adea32

SHA256
be96156b1e6f69d12706db872997551a389eccf03ced9c89d6f1442a01cbe3ca

SHA512
eea77049822def121415e25ef4aeda4031aa6769eda060a6ea66309b05c0cba8438b20e4bd686e7ed5fb4ca2e9ed2537403551a2c629b87ab8cb9434fe21695e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4J2O6FKV\favicon[1].ico

Filesize
161KB

MD5
8565042b6db20c23647202bf4b95f11b

SHA1
9f0829cb3ceef14ac10e0b66338d8b7243a09101

SHA256
dd7958526f6b8510fc2a9a675056d78e029e62015e8913dda574ff5797ddb969

SHA512
dbf692b7219a3ea993ab939442a843ffbc7bcfe63bc62117a14ed7e953ffce595393e9f950649aa609a7a9a94b56003ab84cb82edaf2db3e4551434204085b95

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\BBAOZ6VC\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\cahcre2\imagestore.dat

Filesize
43KB

MD5
030a7cc2872088f4f53c6d9786d77035

SHA1
ac1d4b9f223165cef2d070ce87ac1ba2e37dcde1

SHA256
f408888e4690a0c8415c9d52e9d048bf036fbb46532f0bc000d80d9d8b571d0d

SHA512
afa1632825063a85d104417714cefd32913d93c87ab7f4d2438315c3b260899c39247a1c09519bd453009d010d87fc22eb6bc40ccdf4228da50eb5bcf93270f1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\894UG3H6\cda-tracker.min[1].js

Filesize
797B

MD5
4224409739020ba30e3752c0d1f273d0

SHA1
54980ee9df0ef712048572c80dc8d70710178538

SHA256
a840f2b9595bf4deab839d5eb1ce4b8f7c93576db27a62e7428920825b151f5a

SHA512
1cbf209bfbf939713608be74eb2aaa788d250dacc40349ef10ee50074c62c47d1c0b2ad2d4a88d23a9b81e2059843e2add2f867ea98daef3d7f19b7643765c4b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\894UG3H6\footer.min[1].js

Filesize
376B

MD5
33eb53d99fb8b6b0fc16b035559b20d5

SHA1
db024d172c6623da9c65ace778c802bd46a4f043

SHA256
0aa837fa8bbdc8d87bda9c64ca64732fdf87d85e2f8768b2220e1e03ab48df42

SHA512
6575c35d99efb1671b1083165e10a04ce93bd715cb1165af5964d9051dff1c5ec0e86b51487ee51eac4e62807182de5677467475f3588dbfefbab42f1e79e51b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\894UG3H6\general.min[1].js

Filesize
169KB

MD5
49b237e0e1b4d7f8e79eef67df8fc31b

SHA1
e84b25d606a998921900c18808ac1c1a727a0640

SHA256
c935dcc9f529f434237f4b507263236cd1fe9ee650735946a55a7f0c4f366018

SHA512
0c22d53148b3ca147f69e47ad156e906b7a7d5cbea402b3c77a37f42c5abdc060add4c6b6c56066893aa6b67af461b9aca1d43ed7f1243acf28df225a7d7b343

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\894UG3H6\open-sans-v34-latin-600[1].woff2

Filesize
16KB

MD5
603c99275486a11982874425a0bc0dd1

SHA1
ffeb62d105d2893d323574407b459fbae8cc90a6

SHA256
4ffc35ac4d5e3f1546a4c1a879f425f090ff3336e0fce31a39ae4973b5e8c127

SHA512
662dc53798ccda65ee972a1bb52959ca5f4c45066c1d500c2476c50ec537cb90a42d474d7dde2bec1ea8c312cc4a46e1d91ffb610130c2dc7914b65aef8a2615

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\894UG3H6\theme-toggle.min[1].js

Filesize
3KB

MD5
5eb247cbcbf666e2517e5f1256b52b5c

SHA1
d74454d4cba8f1c1aa8270ab092111ec63e69594

SHA256
e02f294b19ef5b7a0421ab25a055738f6f4baabaffb3030132ff08121a338459

SHA512
b3f7889850da89185ff6e48675d0e52f3550561c2b4ec6502a67fc06451846a51e47f4d16ae15f351998cf2592292c1f4fb455dcc9756a3b19a79e281afa24f4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A5OP8RK2\ca-ae3ce4[1].css

Filesize
167KB

MD5
b7af9fb8eb3f12d3baa37641537bedc2

SHA1
a3fbb622fd4d19cdb371f0b71146dd9f2605d8a4

SHA256
928acfba36ccd911340d2753db52423f0c7f6feaa72824e2a1ef6f5667ed4a71

SHA512
1023c4d81f68c73e247850f17bf048615ddabb69acf2429644bdaf8dc2a95930f7a29ceae6fbd985e1162897483a860c8248557cda2f1f3d3ff0589158625a49

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A5OP8RK2\culture-selector.min[1].js

Filesize
1KB

MD5
a7d39d299ede945b34ebb570580d6686

SHA1
a1d32e04c5a0d72978dbb6ae531ceb9ef319e225

SHA256
e84d57bf859a256815362f36a4ff7f5ee6ba1dcfd02d8ac02673353fdd0a0ff1

SHA512
c6a619dcd8b7e07d5491c9963a89f4fcc9d48e3fb14dbac57f0470988b48eb378224966b094c3cdbff4689674c49d6fd51fd0ec6c031d6902f8f2bc9154d4355

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A5OP8RK2\dotnet-framework-runtime[1].svg

Filesize
42KB

MD5
5aaa8c37cd59979b920cd21c4a50a38d

SHA1
0ee61e3b2d58513b92cf4c6b5114c1beb55539e7

SHA256
db6c6f42e1d56092fb2c3d317968077cb29435139274faefbf4ab7681955bec6

SHA512
0fb4c45db9f29963fce195e79b4e9963e57a50ef0fcab74466d6034834e0099f1f344a8569973d4c1ece05d9b70b5938b42ead4fabaa08de7d24c911df28c235

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A5OP8RK2\ms.analytics-web-4.min[1].js

Filesize
153KB

MD5
8c0374ae846cf06e4448a785fda96d93

SHA1
1e668e9c6264e7cd07f32d1884dab3a699527287

SHA256
ecb0bf38c5c4e4e1d00ee2131e694c2a62b5be0e8d398129be1799b831ce6137

SHA512
3815a689ddec2c25a6ccf6f9bf114fd773fc07d9a89e7cbf29db94cd4fe02c0f4298a1628181feb5e9510ac7afdf11f21e6f620b5b5a82a2233209f962320da6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A5OP8RK2\space-grotesk-v12-latin-700[1].woff2

Filesize
11KB

MD5
514360ed1b78e71aabe58ecd08f36706

SHA1
1062c179ea2f74b5db67f9d7822c556ed25637dd

SHA256
751851e72654508ca07678c61bdacd91b772d725f531dd8a6f62e6f941e11ecc

SHA512
1827c1a0189570e775bdcd07657e720e0bb27c2157ff46307cba551eaa16822645e388321081eb13cae7f4d024038b5279cff897a4c86c0ecd4428e60a5dac5e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A5OP8RK2\wcp-consent[1].js

Filesize
272KB

MD5
5f524e20ce61f542125454baf867c47b

SHA1
7e9834fd30dcfd27532ce79165344a438c31d78b

SHA256
c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

SHA512
224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HCO574KV\2b-8e0ae6[1].js

Filesize
134KB

MD5
b9c3e4320db870036919f1ee117bda6e

SHA1
29b5a9066b5b1f1fe5afe7ee986e80a49e86606a

SHA256
a1fe019388875b696edb373b51a51c0a8e3bad52cd489617d042c0722bdb1e48

SHA512
a878b55e8c65d880cdf14850baee1f82254c797c3284485498368f9128e42dca46f54d9d92750eeeb547c42cab9a9823aa9afab7d881090ebbfa1135cdd410b6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HCO574KV\ai.2.min[1].js

Filesize
120KB

MD5
30f39ae5d1d05a439046a7640510b486

SHA1
716efa29594edae8832bb8b12e7fb19bc06e06fe

SHA256
bde9be4cbe799089a419225f87c2a9986043f6c7cb55853aaadab7200713f136

SHA512
f67fdafca801746226acb9d2ef6d90070dd1d8a5a08bcb5dd1c94631f1559373c56d9796a5633cac03e1a5a384cf01d60c080a6ef16cea4b52aaa93ed364b55a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HCO574KV\analytics.min[1].js

Filesize
2KB

MD5
38b34dd10999b35d3ea49d72d442d61b

SHA1
9f448f4af683e7359906f603bb2cbba37148d721

SHA256
b8129c1b9a7b8a1467493c917ed1d007f7297a58a4ebc09ac73d958e28969ad1

SHA512
cd30aeec91fb944644236665b19aa5e34371b75e76a310bfcab80e2e0528a0363f15865f54e26b4f58f8c3e313f716adbce6b720e50b332c227f994fdd973e5f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HCO574KV\bootstrap-custom.min[1].css

Filesize
232KB

MD5
68455c141226e4fe7137573fc038bf9d

SHA1
afa6d311a7b3e0c93a14c6f92d85fd6984a78b17

SHA256
d51b5112a562cc707e889ce669a0e5be8d84fd47d314dc669584b615219249ae

SHA512
24b2efb25a3e7007d9594800923d6e9aa3843c5ecc44412a7ac7551859995b271596539f71485ceef05ca442c7e8b1bf6f770aa960d524ecba1a12489d452138

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HCO574KV\cookie-consent.min[1].js

Filesize
2KB

MD5
e8461b5f6a92c484b9b77ae2e5f0cd06

SHA1
0aa93613cb84f76a7a8038566ae39d4ff7e03288

SHA256
6f511e4c5d44853453d6840704ba07a04e06d47011f74920d76b6c580fe6123e

SHA512
9fd5584edba7db6c3e6ffddba32164ef689c873263e980f6de40d1f8dfa9b081b29080425e03156ccf13da3aa90240155408b63a8442a5365139dcae8803a467

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HCO574KV\open-sans-v34-latin-regular[1].woff2

Filesize
16KB

MD5
e43b535855a4ae53bd5b07a6eeb3bf67

SHA1
6507312d9491156036316484bf8dc41e8b52ddd9

SHA256
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

SHA512
955a4c3ea5df9d2255defc2c40555ac62eeafcc81f6fa688ba5e11a252b3ed59b4275e3e9a72c3f58e66be3a4d0e9952638932fa29eb9075463537910a8e0ce6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XHEQ4MU9\RE1Mu3b[1].png

Filesize
3KB

MD5
9f14c20150a003d7ce4de57c298f0fba

SHA1
daa53cf17cc45878a1b153f3c3bf47dc9669d78f

SHA256
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

SHA512
d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XHEQ4MU9\gpc-data-sharing.min[1].js

Filesize
217B

MD5
0554032e1c38be8a9d0a4a5c6973ce43

SHA1
20c98add41d2cef29274560bb357884c40a72523

SHA256
cc8c32e30e08c43092c6ad4317b18c2d0a8f425bcc9de7bb5965384f9fc3f16e

SHA512
fa13e128442c5aac2f2c1e142f66376dfd3daa6c015e040ac64a7dcbf11d911844fe53dcfdaddcb621e2b9df6f9f4fbbd197d604da25ab01a4cf5a1eb73df024

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XHEQ4MU9\main.min[1].js

Filesize
36KB

MD5
99e112166fce2620aaa9cfa8d175a306

SHA1
5854df9bfbfdc035535ccf4774fabe04e56ef45b

SHA256
18c1c45e4ac4d0c02a1510be7de55ec533ee139225f7dbb279cc3035a9a99264

SHA512
95669ae20406f5f30a4b3ca3ee860d473bb2afa337e1c304db3a342e1c82d2513145c65d3f9cadcbf69ec2d508455817469726279502e5b91a9f8756a06c6ec9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XHEQ4MU9\mwfmdl2-v3.54[1].woff

Filesize
25KB

MD5
d0263dc03be4c393a90bda733c57d6db

SHA1
8a032b6deab53a33234c735133b48518f8643b92

SHA256
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

SHA512
9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XHEQ4MU9\open-sans-v34-latin-700[1].woff2

Filesize
15KB

MD5
e45478d4d6f15dafda1f25d9e0fb5fa1

SHA1
52cb490cd0ee4442ede034085cda9652b206f91c

SHA256
d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72

SHA512
2ac423249ec837efa35b29705f55a326dee83f727e867269b86005cce144ca8d435f7412bb0bc9babdb9ae17419e4a0314b2923bee6a5acc96c9909e9eb48645

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\C389FD106AACA95B265CC81A85B3522B_B01925B2B46F5058A43DABB371773EE2

Filesize
1KB

MD5
3e9cb5b84305ffc5add7843fe696bb8c

SHA1
eab55c96613e9349310f8e38241a2ad3edbf5069

SHA256
f30c50e73831a38916d635d763455696b9150b12a363e9e314f9ebd77a4a8233

SHA512
8020f4ee019ba3e42d85bcb044b838062785e6d090e97b27c96acd51236e8c81e01eb598cf9bb57f41f39362eeb6ca8d926bc3fd171bdaff661212ff0a60a8a3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
471B

MD5
43f454dc746725aec4baacba5d698970

SHA1
dadd52c65cb666610ceccbb753f1fe57d10c03f8

SHA256
0288b990033c4baba3ea83e06bd2a12cda0ce903daa6e24f66e5ef2678591757

SHA512
5e2755b1481b9ba84f7d0942ddfa3717dc19a75cde435779cc98da458d09b1e2d4c836e0c2d6ccfa62ea779cb2cedcc2700c29e8ee7e6a0b0d6243e830385f14

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
471B

MD5
7b576dbb11f4ac62c38daf80c941585b

SHA1
1fe2a373726a715e28bfc1a93bdd04d67ff2e465

SHA256
0567f23da32d90da704a17e9cf11a226a82b46133ab787dd5dc065b52cf6d2ba

SHA512
8f5607696272a059220f76ed2f1045c2b8cdf4d307923bafc4f82cac31f9835c09706df4ea6ba9c903d0ad8c1f7fb429f4716cc7f6e12752671e9bdbe8fc226d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
471B

MD5
af247e98aea5bb24f2642fcaeb8bf205

SHA1
b29811809a26dbbd33c5a5d4e6e97b693bee095b

SHA256
4594d842b5eb72f1ad08154fef1fbea5a3bdc312fc83155683a4467189c96530

SHA512
b9e4fd9a028ac89eae4e6f390807ab6e4fd28a690e48f6e8526e49f0d7004eaa6169350c0911971aa42eb63d2b0c9fa3986e732bc1fb32d427ae58e7ffa676da

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\C389FD106AACA95B265CC81A85B3522B_B01925B2B46F5058A43DABB371773EE2

Filesize
564B

MD5
3beb7ffc02645e1b50a973af37dbc39e

SHA1
85e6beccb2e7d1580a2cbd374b9a206de14997d7

SHA256
098f110be6ebd4f7f655b4268b64d0ac559ea4773db888a4f259dbd3831d7385

SHA512
2d7f87557ce0bb93e713f21c8ca039e609529ae9273c628119e5adb7fa1d50a29cd645ca8613ad2de3f482a5e1c70e73a5b09a47892849f86a86568cdae1efc2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
f7f2f277ce39d85ee573ffe318c30d31

SHA1
34f08eb439b1ebe35f53f9bda3a89d767f5c7304

SHA256
49d0c6e7393003f05c1aaa132e8a5d799388f2cf0642ba70a455cc71c92053c9

SHA512
079cf5893dbe5bb0ed030aae1c8dbe44fe61d4772b3e6a55d6beed809f71a80107077a88cf9e7e4357258019e6400c4ed2146fc2501d60b6ee64cc71cf89788c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
412B

MD5
838691cf305facf09eb4a8f89af1756f

SHA1
f62516aa2daeb246f5b3cafcf8e091678b89f6c7

SHA256
95adea7879f0b620c70744580e2111c1be98e49ad8a527e4a576544a584f6ce9

SHA512
11b745632ec0c0c2cd75e33b247a62d48d9311cb68d591017d0ddb687491921a003cd84391c54ec5432b71aef6cbd732ca1ee4192131798006e90490425be81b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
412B

MD5
4c9d1c943997aeae0bc9504b2d174a1f

SHA1
dda353edc8f3cfe7ff9c876c80bca5403b629cfd

SHA256
5895698d3068013f05e76ba07480243c0add5faf52ed4a9d036d18cd33af5d2f

SHA512
98e0846f183c58b002fee950e8c9cadc609f0fcdb9156c1c7486db54d299b12522e5323edf6625a1b3ea9fe15bb71b616e57ebd2ca5f9e373e042f478d4ee230

Download Submit
memory/192-16-0x00000239FFC20000-0x00000239FFC30000-memory.dmp

Filesize
64KB

Download
memory/192-328-0x0000023986370000-0x0000023986371000-memory.dmp

Filesize
4KB

Download
memory/192-329-0x0000023986380000-0x0000023986381000-memory.dmp

Filesize
4KB

Download
memory/192-35-0x00000239846C0000-0x00000239846C2000-memory.dmp

Filesize
8KB

Download
memory/192-0-0x00000239FFB20000-0x00000239FFB30000-memory.dmp

Filesize
64KB

Download
memory/1420-263-0x0000028C2C630000-0x0000028C2C650000-memory.dmp

Filesize
128KB

Download
memory/1420-224-0x0000028C2BEE0000-0x0000028C2BEE2000-memory.dmp

Filesize
8KB

Download
memory/1420-173-0x0000028C2B0E0000-0x0000028C2B1E0000-memory.dmp

Filesize
1024KB

Download
memory/1420-220-0x0000028C2BE90000-0x0000028C2BE92000-memory.dmp

Filesize
8KB

Download
memory/1420-228-0x0000028C2C1E0000-0x0000028C2C1E2000-memory.dmp

Filesize
8KB

Download
memory/1420-296-0x0000028C307E0000-0x0000028C308E0000-memory.dmp

Filesize
1024KB

Download
memory/1420-216-0x0000028C2B1F0000-0x0000028C2B1F2000-memory.dmp

Filesize
8KB

Download
memory/1420-218-0x0000028C2B210000-0x0000028C2B212000-memory.dmp

Filesize
8KB

Download
memory/1420-222-0x0000028C2BED0000-0x0000028C2BED2000-memory.dmp

Filesize
8KB

Download
memory/1420-226-0x0000028C2C1D0000-0x0000028C2C1D2000-memory.dmp

Filesize
8KB

Download
memory/1852-45-0x000002DD71400000-0x000002DD71500000-memory.dmp

Filesize
1024KB

Download
memory/3812-446-0x0000023AC1AC0000-0x0000023AC1BC0000-memory.dmp

Filesize
1024KB

Download
memory/3812-409-0x0000023AC0FF0000-0x0000023AC0FF2000-memory.dmp

Filesize
8KB

Download
memory/3812-473-0x0000023AC7440000-0x0000023AC7540000-memory.dmp

Filesize
1024KB

Download
memory/3812-498-0x0000023AC0E80000-0x0000023AC0EA0000-memory.dmp

Filesize
128KB

Download
memory/3812-496-0x0000023AC0E20000-0x0000023AC0E40000-memory.dmp

Filesize
128KB

Download
memory/3812-527-0x0000023AC6690000-0x0000023AC6790000-memory.dmp

Filesize
1024KB

Download
memory/3812-442-0x0000023AC1620000-0x0000023AC1622000-memory.dmp

Filesize
8KB

Download
memory/3812-362-0x0000023AAFCB0000-0x0000023AAFCB2000-memory.dmp

Filesize
8KB

Download
memory/3812-359-0x0000023AAFC80000-0x0000023AAFC82000-memory.dmp

Filesize
8KB

Download
memory/3812-365-0x0000023AAFCD0000-0x0000023AAFCD2000-memory.dmp

Filesize
8KB

Download
memory/3812-367-0x0000023AB0500000-0x0000023AB0600000-memory.dmp

Filesize
1024KB

Download