hxxps://download2339[.]mediafire[.]com/s7wz84q67jagLz1e-SoTTsvxb-whPzStMkiFdvMm-vbPetC59GD6ICf1x9TDdReEM-cvpMMdVdK8NJPm8Jrv0A1SIeKtdr2SQp_hRQTw2axEFvAncHVLw8-8bbor6oi0Uhuu1PuxluVPcNgK-ITWjDHyOVzOFWGvI-1etXiu9gO7cFc/jmxcdbcpk7ml8ts/RB_scri%27%2B%27pt_install_x64_x32bit[.]7z

max time kernel
599s
max time network
405s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
06-08-2024 18:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download2339.mediafire.com/s7wz84q67jagLz1e-SoTTsvxb-whPzStMkiFdvMm-vbPetC59GD6ICf1x9TDdReEM-cvpMMdVdK8NJPm8Jrv0A1SIeKtdr2SQp_hRQTw2axEFvAncHVLw8-8bbor6oi0Uhuu1PuxluVPcNgK-ITWjDHyOVzOFWGvI-1etXiu9gO7cFc/jmxcdbcpk7ml8ts/RB_scri%27%2B%27pt_install_x64_x32bit.7z

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.com\Total = "111"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mediafire.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "751"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.com\Total = "235"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a94bbc4c40e8da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.mediafire.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "124"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.com\Total = "140"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.com	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
3280	MicrosoftEdgeCP.exe
3280	MicrosoftEdgeCP.exe
3280	MicrosoftEdgeCP.exe
3280	MicrosoftEdgeCP.exe
3280	MicrosoftEdgeCP.exe
3280	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	820	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	820	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	820	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	820	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3144	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3144	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1532	MicrosoftEdge.exe
3280	MicrosoftEdgeCP.exe
820	MicrosoftEdgeCP.exe
3280	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 3280 wrote to memory of 3220	3280	MicrosoftEdgeCP.exe	76
PID 3280 wrote to memory of 3220	3280	MicrosoftEdgeCP.exe	76
PID 3280 wrote to memory of 3220	3280	MicrosoftEdgeCP.exe	76
PID 3280 wrote to memory of 3220	3280	MicrosoftEdgeCP.exe	76
PID 3280 wrote to memory of 3220	3280	MicrosoftEdgeCP.exe	76
PID 3280 wrote to memory of 3220	3280	MicrosoftEdgeCP.exe	76
PID 3280 wrote to memory of 3220	3280	MicrosoftEdgeCP.exe	76
PID 3280 wrote to memory of 3220	3280	MicrosoftEdgeCP.exe	76
PID 3280 wrote to memory of 3220	3280	MicrosoftEdgeCP.exe	76
PID 3280 wrote to memory of 3220	3280	MicrosoftEdgeCP.exe	76
PID 3280 wrote to memory of 3220	3280	MicrosoftEdgeCP.exe	76
PID 3280 wrote to memory of 3220	3280	MicrosoftEdgeCP.exe	76
PID 3280 wrote to memory of 3220	3280	MicrosoftEdgeCP.exe	76
PID 3280 wrote to memory of 1036	3280	MicrosoftEdgeCP.exe	78
PID 3280 wrote to memory of 1036	3280	MicrosoftEdgeCP.exe	78
PID 3280 wrote to memory of 1036	3280	MicrosoftEdgeCP.exe	78
PID 3280 wrote to memory of 1036	3280	MicrosoftEdgeCP.exe	78
PID 3280 wrote to memory of 1036	3280	MicrosoftEdgeCP.exe	78
PID 3280 wrote to memory of 1036	3280	MicrosoftEdgeCP.exe	78
PID 3280 wrote to memory of 1036	3280	MicrosoftEdgeCP.exe	78
PID 3280 wrote to memory of 1036	3280	MicrosoftEdgeCP.exe	78
PID 3280 wrote to memory of 1036	3280	MicrosoftEdgeCP.exe	78
PID 3280 wrote to memory of 1036	3280	MicrosoftEdgeCP.exe	78
PID 3280 wrote to memory of 1036	3280	MicrosoftEdgeCP.exe	78
PID 3280 wrote to memory of 1036	3280	MicrosoftEdgeCP.exe	78
PID 3280 wrote to memory of 1036	3280	MicrosoftEdgeCP.exe	78
PID 3280 wrote to memory of 1036	3280	MicrosoftEdgeCP.exe	78

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://download2339.mediafire.com/s7wz84q67jagLz1e-SoTTsvxb-whPzStMkiFdvMm-vbPetC59GD6ICf1x9TDdReEM-cvpMMdVdK8NJPm8Jrv0A1SIeKtdr2SQp_hRQTw2axEFvAncHVLw8-8bbor6oi0Uhuu1PuxluVPcNgK-ITWjDHyOVzOFWGvI-1etXiu9gO7cFc/jmxcdbcpk7ml8ts/RB_scri%27%2B%27pt_install_x64_x32bit.7z"
1⤵
PID:600

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1532

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:3600

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3280

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:820

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3220

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3144

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1036

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q22KK50K\main[1].js

Filesize
7KB

MD5
42cf75f59669b51f7848f625bdc75ced

SHA1
bd064bf6d38fc61d00532c4972376e37ef79452f

SHA256
d1a51e6d37685ea07ec5a5a7d53028efe8eccd1733d80dbf82cbd7f88874a45b

SHA512
87377a38469adfcb7fffb42ae99b3585bd69e19e972acce15c1ee1b49e8d9b15a0800e721a8ee32687685dbda5ad096be9897713d36ec00056b1cebce6049405

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\SGNSWTD2.cookie

Filesize
406B

MD5
70e47cc01a47c3333def95e8511dc6d2

SHA1
ad13c263bfb9f14d303b029f1390c5c3bb71a4cb

SHA256
d2d8aa9127acf3b178b237d289a428f4869007a02878b3ea63c1413a95dd1f33

SHA512
9851d4a02206acca104017d5a56c5a369a4a38a4b03851888cc366fec7490516657ec2a9e5e3e7648badbc324509b384d4277164ee0816f99b598dfd521c367f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\WW57R51X\www.mediafire[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\WW57R51X\www.mediafire[1].xml

Filesize
1KB

MD5
fdb0e17cea5e093440ce6a5d90a70d90

SHA1
4f57d36fab33073e8f65e185ef56203f43c73d1a

SHA256
51d68e9ae9fc6bd8e8cfa9fe625a4471deb2e8103c3dc70840c49dd3fda00899

SHA512
764dde2b5b6db8180b9df01642f7f8335e38ce1acf0208a9c7926fd79d7b882a3aed3da23d84963bd818eb08d6291938aa0afe4ada43566e3bca4733deeb8d14

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\0BCD25EK\favicon[1].ico

Filesize
10KB

MD5
a301c91c118c9e041739ad0c85dfe8c5

SHA1
039962373b35960ef2bb5fbbe3856c0859306bf7

SHA256
cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f

SHA512
3a5a2801e0556c96574d8ab5782fc5eab0be2af7003162da819ac99e0737c8876c0db7b42bb7c149c4f4d9cfe61d2878ff1945017708f5f7254071f342a6880a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SVVCNM9Y\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M6OX6DWV\js[1].js

Filesize
195KB

MD5
162473f28ad2eb01fa54d3df21cb33ca

SHA1
865832164ce4a84ed3e8d7cdbe68581bc0e434ca

SHA256
796156b53743720d9ee5c960345eb6b1a64f7f72fad534c038848af8ae08a9b4

SHA512
a627f4961c3f166a75fcdca94f9dbc0a8fa4dee3f899b1c0b94b1a7c7f46a4696946483d89c5b438d9babfe20f81b2a69ef465ced11efa5ece1750c6fc593447

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M6OX6DWV\m=el_main[1].js

Filesize
207KB

MD5
c4ba5903b728327f404aa7c04222d779

SHA1
2ec06aba566d8141994259e09a7872c93015472c

SHA256
0a82443eafb5dbfec3643ed313bd82dbd118da6e517b7e1cbe23283ec5f2960a

SHA512
e333a513e12aa43c2d70e312bbfa3b1c10f45fe7465063a5384a79008cdae8170e226627f8380edef28f64dc1ceeb11ee0161edfdd8458b4303d2fbda6960261

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M6OX6DWV\vcd15cbe7772f49c399c6a5babf22c1241717689176015[1].js

Filesize
19KB

MD5
ec18af6d41f6f278b6aed3bdabffa7bc

SHA1
62c9e2cab76b888829f3c5335e91c320b22329ae

SHA256
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

SHA512
669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q22KK50K\24px[1].svg

Filesize
6KB

MD5
2bd5c073a88b83ed74db88282a56ddfb

SHA1
d0ebfc376f8c6a44a8d4cd216817dcd7d0c33650

SHA256
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

SHA512
5c6c4a92e93fc0f6a675658cc84f6187fdebd3eee94efd07e24658736cba598f3bc7156b19834b13fb44c1d43fcb7df9fcca7f0a453037e30da76ba8f4b23b89

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q22KK50K\analytics[1].js

Filesize
51KB

MD5
575b5480531da4d14e7453e2016fe0bc

SHA1
e5c5f3134fe29e60b591c87ea85951f0aea36ee1

SHA256
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

SHA512
174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q22KK50K\gtm[1].js

Filesize
264KB

MD5
e63cbb2fab8f86bd9de3b6c2e3a45752

SHA1
b05681eeb30cf3ed83356cc4c28f5ad638a9a8bf

SHA256
ab0dad226992686b2b3f2272026ca32272edecf2df3da5c4164f74c8b4a1f7d5

SHA512
c603095b6dc6c662696c6234cd2bb7c4f6e7dc2068d95a1a0ca232083f365c0128e6a59acbba5a21c417bce0cd8f0cf10b40d6243906055be7cff5926e7c158c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q22KK50K\js[1].js

Filesize
331KB

MD5
7c023023f5b1ee7c7dde67df843e1e60

SHA1
7a7371220b925d0d8895fc08e150dc05a4532d12

SHA256
569d7e70abb9e90ca67bd0c65a85eed4101fca3ddebf78c42c47b72c9d133ebf

SHA512
f591e66557cd9a30e588b455cb34824288e0b8c57b7b7465c0ec43f7b4b73a3394ab8ae442b8899cefed6a79f1712fc22e07232896cbc9acad86f415d58316e5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UQ0KRP2U\translate_24dp[1].png

Filesize
1KB

MD5
c69c796362406f9e11c7f4bf5bb628da

SHA1
e489ce95ab56208090868882113d7416abf46775

SHA256
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

SHA512
d3ad560ed0fd29be7d2cc434694f09e5a6fbea8b29c0611aecb54a1b73b4d722c53f42a19dae9e3d5d358444e50fb8fffbc39d67ce751bdbc8c861f6f95d3162

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZH6LRILQ\amplitude-8.5.0-min.gz[1].js

Filesize
67KB

MD5
c43d9f000a09bd500ed8728606a09de3

SHA1
36ad6b0fa2c6bcd116fb642f25789fc2d08a68e6

SHA256
2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4

SHA512
802af189282aff84b1262a54e59463bdb9b07ec6d1dbf20fa26712b3e19a2212f1a31f2a2d4dd620d7d1313ceff43dc4272f51a7a2407296bf6d57c11e38801b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZH6LRILQ\m=el_main_css[1].css

Filesize
19KB

MD5
ece37b7141d806ee65edeed7e1a7fa4d

SHA1
4df420e785778e5e4ea1d3708e83f9177ecaf3f7

SHA256
aedbcc46e00deb73efd45fd02fe1d4b5264d2cfbd7dcbcbf1e1411de34237ca6

SHA512
c96590c5048ad20337f16a956c94a53f6257743d0ff6658a35a524a0936833382e5614f4f386658193bb7efed727b72290da4903879dcf6b8e012a2c859932c5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\WW57R51X\www.mediafire[1].xml

Filesize
1KB

MD5
f0373660e8e3fbc6eb43a36405f852fa

SHA1
670f213ab34cc18ba8a39651a6155a94290ad7c3

SHA256
9dd38757cbeef40ef0f5ecd37e14114db240d1c82fdee4b7b675097dc55bedbc

SHA512
4ca88d1a28625067f0dfd37c68dc65a88f1b835161a5a0b70d9bdb5d7933c5557f9eaf404dca892cdea00083e0bc66d2115f187d01f2bf9ee5e8e59456e60c34

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
2KB

MD5
9e7805a6b39bb529a72eca0662f05161

SHA1
acdf1a035a697b89e6da153ce47a5e1a520b76ca

SHA256
620873f52a01dc157f7106ace422ac106ed5b7da96973a21c2fc4fcc816c67b2

SHA512
f94bd96b28d4d7534e1c9a3c0be9b12d37565eca810bf0b1e2556d7e4572af66311d21b3615a97d95a2a1e325d69daa214255d6c955ca1b2e59317be9f83ef5d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\1BB09BEEC155258835C193A7AA85AA5B_31F2E951E09074A64485149D209EED39

Filesize
471B

MD5
91a02e9fbcf8e978808806db6f77265a

SHA1
987c2ed10d99164dc4da0861e59b323728ce6fbe

SHA256
34ebb163b209bdc2b9689495ff2c98a84bacb0c7918d3780cb02c26dcf98527d

SHA512
e162558c2728759a2547f1828c58a78788a366267096c78c8aa08cb52b0e8538859d8a55502b8f3ec1beada046853ddd82aa635a5bb47c2eac898edf786cf3f9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
3fba9cd71f36027131db26be46b4878e

SHA1
c839565e9363293ea446bf258c42ced6106b5a59

SHA256
18079d501c1034d39a679e1d0ba65b409c3bf5b41e3a740c19e3831335212992

SHA512
738be30e81b2b4067abd4a298aeb871fccdfa0a785c1f6d268a39e4062ce34b77b3ebec725f41d10495af41e83eddfdbcd98a4a4dc1a5846506950442c685ebb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220

Filesize
2KB

MD5
084c29a4401fb1b5cae3c849be759c5a

SHA1
6c3bc2873ababbae73810426753ee577e9434802

SHA256
6d8bda4d7725c65f3f9c5a4c8228c42e00fc484227acfe21c04463f88e62f34f

SHA512
cd7b502e0897ebf0f4c81d5ad15940d646046b7e5e2f1b82bbecda43610210f583a81bf1dd2607d7f11abee468b7e43cce71fbfc835e5187e048f98dbc8dc1f0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
7fb5fa1534dcf77f2125b2403b30a0ee

SHA1
365d96812a69ac0a4611ea4b70a3f306576cc3ea

SHA256
33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f

SHA512
a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691

Filesize
1KB

MD5
acf7ad98834cb23f0e34e6310e5534da

SHA1
082287ae7a5556b816579186ab4d6af6f9fabfae

SHA256
1cf8a626888835f052e341753ca93ff284df608360616d2532022887c8e563c1

SHA512
67d52a8e229dac3dc65336ee098b2b7c7f7065b8204fa2bfc64b383765bf1666f443941db08e440dfbdb5218f4253a808c86017d556beb8df286b6bacd601a56

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_68D058512F3515153DEB95A1F4E72552

Filesize
471B

MD5
8ef285159a6a207caf0eae0081213562

SHA1
48905f4d469167408298263ac14e86a44408c048

SHA256
c68101de8ebea7aaf219175e7c25c192c70dfa9d1c8ba4551e7d8a0e84cb3195

SHA512
4bf107a3729b6ff65621237c6d9821bf22745ee4a7487eebba4d533440a248b93a698f38c962a027b038b0ce458d6bd2a132bd6d561026cb088e98560ec18c93

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_BD094DBD6C208A0E1DA0426D465799ED

Filesize
471B

MD5
fbca6685e03a3d4e7b28346365b150f9

SHA1
1928b3bda611f61fdba97f2f9cb9dae294df5485

SHA256
fe6a900004f781766c3625483dd95fd7270346bf33c021409649a056bd549bf0

SHA512
0d06e72d8a617f1c95576ee35e5441f423438253c582e0d865c51eb66cfaf832ad98701f90f0e623bfd8393af69d1a07c2e3423bb0c79ed33b8976a3c37fa0b9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
9b2ab34648e3f7c3f8947ac281e1a455

SHA1
831bcb16ff845ae115002ef729d163d0370a352b

SHA256
64bbaa0152075d4eea62b443cf4c00fe866adf83026742b804a1f130aac5c378

SHA512
ac867270ce7c153627c67f9b27c861ad96b0f752ef6c7e6a630140f474af2ecc8e02bbe3bfb06d907ae965f76798849bc69065d0830ddd1b55a914b288bb3600

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
488B

MD5
e72c6cedf2bfbdcc41b918d71e166af1

SHA1
3690267e1aa09f50b3c664bc19a9dcff3f996b65

SHA256
66ddf63266501d80f4642ed07c99f199cf3abe6942a043a8984c5016e447fd0c

SHA512
4c87ade9248c01178bf9b0cc6209eda5b3238de355eac297fe6d3df3544142db00748ba1a432b029d21ae4b74e29f3670549603a505e5aa343be7514f9b6c9bb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_31F2E951E09074A64485149D209EED39

Filesize
486B

MD5
4929faf1c827931133f8431bef730e7c

SHA1
dc129a0b09b52b0db90a2b2edadbac3c7268ca0b

SHA256
1642e1b34dee6362c7e8381f3ea5a0cf12c41c9b183269fb6eee33f59b2b36dc

SHA512
54a384e7f98c326ed99244d930b9da362863ed7146d84851a1f914dd97b0f081e46b37b72e0d34f7408aa243e151861c03dc5756932f8ade66b848b2c3907489

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
682146327648b7805d671296c9363eb2

SHA1
db541bf4f30059a188c1c114c908e99f1c50a3a5

SHA256
e2eac004eb2f3915a6d98c992af47e2d83d55f03a43ded7c5838d92e8a5cafe6

SHA512
b562deec3591d0d8c9bf6b68ce8a7088af9062b3f47bbdaa1130a30a44586736f7164578020ab1ade2783ee01fa26c09ec01bea8913b99d6cd16a965f11d2f2f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220

Filesize
486B

MD5
d2fd84006d3f767205fc88134fa4c672

SHA1
010591f05cfaccc02d6b523dd3eaccb4ef142e5d

SHA256
89faa7ae5365a5f136408cb510e5d44569395b2377c96700ba83daba57239d75

SHA512
92d62223e33907d4da203a6a91a43e989c7ab2df4b071381fe0d3060b2fa145f50b709635526f8900c049307bb9200a2f769aea0d53ed982092baed8230c91af

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
bf01799c1a625a6992fe0f7cbfae3de5

SHA1
3f0921435e6f0159868c8603b75d6a70cefce8d0

SHA256
13394776afa5dae9c707813e1221f1cc127729beeb432bf169505fae4a67df18

SHA512
eb107892819be333bd08d0e5c8e3b3489fa4e676187e26d07206a94dfb9aeba436998dce21d49c18caf96b6cc57bd9d54cc197f63eaeed5eef05fee0ce0988f3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691

Filesize
486B

MD5
ba78f555a2fc37daf04d02355beccd23

SHA1
dbeb2ef8a43108cbdbd600ba8c58070481fd6805

SHA256
422c49fa8e9333f4a83f32d5cdd708a346d0bfcafbdee2c48d594ad2a6bd88fc

SHA512
1e52995dabb80e4e99afa89dbc198d1b40f4d8e2276b41f3b7c7aa06f4b1e829e3f7a6aefcffdfef1d7365960554ba6a11924c30037275680d1d60f43400a5bc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
4a5d98e965ccb65ab4cec002eafff26f

SHA1
935a6f6e0a8bce064a481fc90a1f18c13bd097f7

SHA256
c42c22e8ca6cfc2e5d7bb7ab77b815f12653b9ee389601333de9e132b5e104e4

SHA512
d9610b66cc1f5b11809be674afdb6b164890254c404a1de7bcc949a34d373b1b70c66ea84cb0503461c9ef17dacf64d761509e34cb66d21d435e2b4e7df535c8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_68D058512F3515153DEB95A1F4E72552

Filesize
406B

MD5
130c71b7237ef3590c705222b1683c9a

SHA1
e124052eb20a222ae1b39e16b867ade4431f0aee

SHA256
f42acd446a7d72f18f40d3cef82b3953f21f3304bae4f2640dbb9ab09af3e221

SHA512
7cdc2ab31fcde10735fce6874413bd894cf1dd29ad879e8bc84056f198ec8f49e5b2e4322bdb1610c8f4c726695490bb0fd17e473d5f6cd2aa5d5584a5018aab

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_BD094DBD6C208A0E1DA0426D465799ED

Filesize
406B

MD5
ceba9e0cdbc84708cece7a701998e17f

SHA1
8a7288cd94abb4f6b21805f624266cddcf726cec

SHA256
382d190f83408a6c57870be88b82ba49b880ec38adcda3ef48e2325bb1e9388a

SHA512
bc8c9e246fc160a40b2341b5e4b4d60e15c229928a3402d04e774fcf4e2b48982c824bba7b2c6e6e9a81d07a261f52f227708829909dca98af1782c330b4983d

Download Submit
memory/1532-0-0x00000237A3920000-0x00000237A3930000-memory.dmp

Filesize
64KB

Download
memory/1532-35-0x00000237A0EF0000-0x00000237A0EF2000-memory.dmp

Filesize
8KB

Download
memory/1532-315-0x00000237AA5C0000-0x00000237AA5C1000-memory.dmp

Filesize
4KB

Download
memory/1532-316-0x00000237AA5D0000-0x00000237AA5D1000-memory.dmp

Filesize
4KB

Download
memory/1532-16-0x00000237A3A20000-0x00000237A3A30000-memory.dmp

Filesize
64KB

Download
memory/3220-240-0x0000013A99BB0000-0x0000013A99CB0000-memory.dmp

Filesize
1024KB

Download
memory/3220-232-0x0000013A976D0000-0x0000013A976D2000-memory.dmp

Filesize
8KB

Download
memory/3220-227-0x0000013A97690000-0x0000013A97692000-memory.dmp

Filesize
8KB

Download
memory/3220-372-0x0000013A83BE0000-0x0000013A83BF0000-memory.dmp

Filesize
64KB

Download
memory/3220-373-0x0000013A83BE0000-0x0000013A83BF0000-memory.dmp

Filesize
64KB

Download
memory/3220-371-0x0000013A83BE0000-0x0000013A83BF0000-memory.dmp

Filesize
64KB

Download
memory/3220-370-0x0000013A83BE0000-0x0000013A83BF0000-memory.dmp

Filesize
64KB

Download
memory/3220-369-0x0000013A83BE0000-0x0000013A83BF0000-memory.dmp

Filesize
64KB

Download
memory/3220-234-0x0000013A976F0000-0x0000013A976F2000-memory.dmp

Filesize
8KB

Download
memory/3220-376-0x0000013A83BE0000-0x0000013A83BF0000-memory.dmp

Filesize
64KB

Download
memory/3220-189-0x0000013A96E50000-0x0000013A96F50000-memory.dmp

Filesize
1024KB

Download
memory/3220-217-0x0000013A96CC0000-0x0000013A96CC2000-memory.dmp

Filesize
8KB

Download
memory/3220-224-0x0000013A96CF0000-0x0000013A96CF2000-memory.dmp

Filesize
8KB

Download
memory/3220-260-0x0000013A99D10000-0x0000013A99E10000-memory.dmp

Filesize
1024KB

Download
memory/3220-250-0x0000013A99BB0000-0x0000013A99CB0000-memory.dmp

Filesize
1024KB

Download
memory/3220-375-0x0000013A83BE0000-0x0000013A83BF0000-memory.dmp

Filesize
64KB

Download
memory/3220-238-0x0000013A996A0000-0x0000013A996A2000-memory.dmp

Filesize
8KB

Download
memory/3220-236-0x0000013A99BB0000-0x0000013A99CB0000-memory.dmp

Filesize
1024KB

Download
memory/3220-241-0x0000013A996D0000-0x0000013A996D2000-memory.dmp

Filesize
8KB

Download
memory/3220-187-0x0000013A96E50000-0x0000013A96F50000-memory.dmp

Filesize
1024KB

Download
memory/3220-155-0x0000013A95CA0000-0x0000013A95CC0000-memory.dmp

Filesize
128KB

Download
memory/3220-128-0x0000013A96260000-0x0000013A96360000-memory.dmp

Filesize
1024KB

Download
memory/3220-69-0x0000013A83C40000-0x0000013A83C42000-memory.dmp

Filesize
8KB

Download
memory/3220-67-0x0000013A83C00000-0x0000013A83C02000-memory.dmp

Filesize
8KB

Download
memory/3220-244-0x0000013A996F0000-0x0000013A996F2000-memory.dmp

Filesize
8KB

Download
memory/3220-374-0x0000013A83BE0000-0x0000013A83BF0000-memory.dmp

Filesize
64KB

Download
memory/3220-64-0x0000013A83BD0000-0x0000013A83BD2000-memory.dmp

Filesize
8KB

Download
memory/3220-230-0x0000013A976B0000-0x0000013A976B2000-memory.dmp

Filesize
8KB

Download
memory/3220-219-0x0000013A96CE0000-0x0000013A96CE2000-memory.dmp

Filesize
8KB

Download

Resubmissions

Analysis