ce34f7a51287c0c4e46ea3efc9093d73321d369494e5e9937d5a9c8db95935d0

Analysis

max time kernel
119s
max time network
124s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
07/08/2024, 20:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4HfaRG.html
Size

510B
MD5

d1b40cc02ffa626173db782bfcbd7f8f
SHA1

a14f12033ab23040bb87e147951e6b89ba62732b
SHA256

ce34f7a51287c0c4e46ea3efc9093d73321d369494e5e9937d5a9c8db95935d0
SHA512

39e8bcf7c19a6699c51a32f24c1bd06208f409437d8f5637685103cb8421efe1dbece138c5228409def4aa4c5a598a5a3092e9c181079810c262c7a4f4f72e3e

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4762efc008e9da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "132"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\MrtCache	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "4560"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsTime\url1 = 2f40c6d408e9da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url1 = "http://gofile.io/d/4HfaRG"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = d07f38c6290adb01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "233"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount\url6 = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4b6295d808e9da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "429224780"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 60b19ad008e9da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "124"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "23"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "3596"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = c2c83ac208e9da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3536	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 7 IoCs

pid	Process
1360	MicrosoftEdgeCP.exe
1360	MicrosoftEdgeCP.exe
1360	MicrosoftEdgeCP.exe
1360	MicrosoftEdgeCP.exe
1360	MicrosoftEdgeCP.exe
1360	MicrosoftEdgeCP.exe
1360	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	3792	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3792	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3792	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3792	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2564	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2564	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2564	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2564	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
352	MicrosoftEdge.exe
1360	MicrosoftEdgeCP.exe
3792	MicrosoftEdgeCP.exe
1360	MicrosoftEdgeCP.exe
3536	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 2564	1360	MicrosoftEdgeCP.exe	75
PID 1360 wrote to memory of 2564	1360	MicrosoftEdgeCP.exe	75
PID 1360 wrote to memory of 2564	1360	MicrosoftEdgeCP.exe	75
PID 1360 wrote to memory of 2148	1360	MicrosoftEdgeCP.exe	81
PID 1360 wrote to memory of 2148	1360	MicrosoftEdgeCP.exe	81
PID 1360 wrote to memory of 2148	1360	MicrosoftEdgeCP.exe	81
PID 1360 wrote to memory of 2148	1360	MicrosoftEdgeCP.exe	81
PID 1360 wrote to memory of 2148	1360	MicrosoftEdgeCP.exe	81
PID 1360 wrote to memory of 2148	1360	MicrosoftEdgeCP.exe	81

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\4HfaRG.html"
1⤵
PID:1856

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:352

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2908

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1360

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3792

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2564

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3536

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4360

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5016

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2148

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:1568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZVQ9VIUB\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NKF9WKUD\customParseFormat[1].js

Filesize
3KB

MD5
17f04d7e2386c3ceeca2758bd27321fe

SHA1
8ecc81c22b1fb7af251ae237f84b76ce5892662a

SHA256
cb72289f70690b272267a0741402cdc3f4099ae40c834a13cb60a59f99fdc091

SHA512
9e4a524f47fafe0bc4a5e61e96dcbdaae13deef24dbbe96dbe04ad714b13fcaced790ae6f6b5e6c5033ccece4042f712be153143be5d333d780cb765eee633f8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O2LCV9L9\bootstrap-icons[1].woff2

Filesize
118KB

MD5
7f477633ddd12f84284654f2a2e89b8a

SHA1
17dad0776899ad1beadabd061c34e2a22b2cde74

SHA256
966620f9e3bec428663687f9e8d67a6b8e35d79adebf6fb204e9b139eada7599

SHA512
b46baa2a3ea38512f8b539774c751004cc866d085a9739f4c25f2ade9d97c10d6f4b20cf87dcbb6a003e0df0ca2df200f9036a4c76a013f24c57d365981f6e00

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O2LCV9L9\bootstrap.min[1].css

Filesize
190KB

MD5
16b20908101acc6624cb9446fcac64a1

SHA1
b7cd57a4fd6a1fae6126150f427ef217397293e4

SHA256
2933c96348a4eae7cbbf8f280ca0981586a9b5c097ef952b996cad7d28f2fad0

SHA512
b22c1efe85cc8528c60b02e7fac72b68f396ac9c4795480c04c65774f7b64e7937234c771120a82f3ed66793531fa499af2c0c63e3c1d5c8f2a89e63025b823a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O2LCV9L9\qrcode.min[1].js

Filesize
19KB

MD5
b33682b5a531b8617d4ee248926fba84

SHA1
be527be38f28d55217b02f818ca67987f433cada

SHA256
85bd0e28180f06b7f944d35dd07ef1ce75d6d9b63c2d70cb8e65f8b566c43db4

SHA512
5eda51cdcceea9ec42c8f3a6e462decc5847e74aac8dce4c0c190c0434c2abead936b7c836c5f1c8c76aaa25050169381a01effba7cf7d7f8f8be304b439adc8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TG66RUH8\allcss[1].css

Filesize
1KB

MD5
3a6bf9ca7770a5ad5d8f3e95617fd15a

SHA1
dbe7076f2bf5f2baf9926d38a7f68c34d32959e2

SHA256
6cdae1b50efe90bd846a6f76213cfbe0f0e212a95dd60c31612b8baa2dbac931

SHA512
633c5eceaa2777cc414be3826eec3f67dfe8a1e2c0b11190d0166d111d3be9424e265216c59dfb6b7d334fa56e40cf2e9cfb5e4b089fc797901f20b04b797308

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TG66RUH8\bootstrap-icons[1].css

Filesize
93KB

MD5
06cb502613f99040e534fec65fa725c7

SHA1
03006f32792e033497e9ca68373b6c3386305933

SHA256
e1172d3a0a208cf01dc066f0abeaf17f00264a966159a69f71947d6edcd4935f

SHA512
734faf4aff6d9c64b87f3c1320114f71d099d10c0ff9a4de3ef65e009918a5b8faecabd0e7e56b2630e1de58a5e3c2c82c9c6120241feba750f2dfc12723a8fe

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TG66RUH8\bootstrap-nightfall[1].css

Filesize
50KB

MD5
84952f98cccb079b3f36f29c0f2f7d8d

SHA1
92a207064b6cb9cb6104bd8b3dd1e1e3e789b26c

SHA256
d9a98b67c7edffef7138d578788a1c25310cd3561b94d8bce6999f40b0073186

SHA512
a052abb5bfeb8ece88ce62b46ecc920db7db71467f1433d96fdc13072ec4dc4a67f13853f4d14e8f5794d9fbc58cbe1bf94e9f3a2afb7dfbdcecc2af2046bc37

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TG66RUH8\dayjs.min[1].js

Filesize
6KB

MD5
fc50c4b32f73acd0ca4a31e0b94418b6

SHA1
4cd4b7159ca9e1de084a7d1ede12ad51a5d4651f

SHA256
11f24ea8272c8454bfd93c6102b511bb75a7f1bfd70c0e1f6cf58a4b067ed41f

SHA512
85c57a0d7df904a8224e2598ac980f6eedc5c52e82b028ca826aec3d1a543e45d66ef3e22b1bd2552761597d325dc3dcb4e236149e163fa375cc7fb5ec1fec00

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TG66RUH8\plyr[1].css

Filesize
33KB

MD5
e039a23ea465d2de0388937695a7e724

SHA1
68e95d5b4060761fc2b0b58a593ebe7d661c52f9

SHA256
bc3b9c09bf69ce51b930e86a23c6f249f9cc6dc98a84fd278d4131c9ddd78f43

SHA512
5fedf2fbff555599108ae7bdaa86cb9d22537e46ecda50cbd7a25199338fba4bef35bfa813eba76b1b367fb8b93e2c1ee9952a55deff9f49daa189f22b5e0336

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WX246DET\4HfaRG[1].htm

Filesize
9KB

MD5
ffb61b4ca45ab3d92871c042cdddff35

SHA1
1af12b370063bcb21f01aed46d4868fbcdc8acbf

SHA256
1fb3591a803c615833528204afae0024ab6446adb6b661c395a60289eff524f7

SHA512
85731e41e94dbe5e8ba71d124f6320ad6ed7930b4b2552669ccec971f1ee8da65b07d3036a8aef6efa3cf857517fe591d8acc051e52d0589dd90a02baf82d462

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WX246DET\alljs[1].js

Filesize
227KB

MD5
2db2aa63f3d62a22c600f1a84aa6253c

SHA1
6fccf8e99ad5c599d440cfb1f2e9c0b91d394740

SHA256
66e49aae5eef53636471b80835fa8bfc17a59f3e5763d909f1732b89351c4e82

SHA512
bb348900f1192e8b359bc3ab26995cd00b62dc4dbffd78c21bd354f75e295d285a1adb43d7033001217fbad9486d989a1185063ad5a276d058816321f0274ce3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WX246DET\bootstrap.bundle.min[1].js

Filesize
78KB

MD5
9afc1e0eba9521f29775ad2f6ace3f1f

SHA1
77bcf0c882fa4be8fbead35052c39a944f9035e3

SHA256
a85b2fe307777c8eb47f06a1eec399fcbddfe83d252fd202d3e1358051fcf27d

SHA512
d532b8863098e7e13d1f7af9fb4e5b1066ca1b22b9d3a59a0cf7cf7b5b3f8a1c118ebe8eb4be37cc92f338543eff372238d11dfaca7b2f0adf3829f2ba43d2b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WX246DET\chart.umd.min[1].js

Filesize
194KB

MD5
0956511163142649b6cf52a819ca8641

SHA1
177174c1e7b5650cf3cf0c184077420f6b67abc7

SHA256
8706c07750059d4f474353cc469150fd09a539df6f8830ccf418c47709f25b36

SHA512
1828b09b30346cd195b29d68b734c9e0b5904f68e318910d2c6c8b95eae5cdc90d237d26a22d84413d007d123b7cb618603291fbb867ba1df9af7cb5b89cee83

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WX246DET\marked.min[1].js

Filesize
43KB

MD5
a50d303b83ec6ced6c105da710623629

SHA1
04f3659d853b57d6e608909960d4f1f4c0f01c04

SHA256
d10fcd57fbc3eb87320fe1469bcb522ded6c480f48ed51c511ef6da20f165760

SHA512
84f825fdf56aa5b9b3dbd5af65d74609c3c34bcad4778193d837d1188437fbbac660540df01629dc1977f4e831f7731160854dfae617e088310cfe39a3d79c4d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WX246DET\plyr[1].js

Filesize
108KB

MD5
49ae56a37a5b8dca563256fb605f6260

SHA1
24a8c5bf85c8d1bc7a9586d998308c462e28cb71

SHA256
6729042fecd6e011c0ba45f807dc93fa750169d7ac57c14daa01069f14430f73

SHA512
508eaa76781046d439eb85c706c9c7307827efc23a5b7ebe085c173b9a38a32ed343d8916d14df105203922dee0fbe123d74ec185e4ca12fe7cec6d679a2a9b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WX246DET\sha256.min[1].js

Filesize
8KB

MD5
e5a5b331cf54c474203628eb9398470e

SHA1
6d2e5b6a22edb7d95e0ac7523d74f5f7013cb344

SHA256
7157511697db744d384a5a2a8646af23f3c90560abf93bb240fdd690b29a898a

SHA512
b33279152a3d8449975deedbe40515b67fd69cbf1ae55a1f9c57980b68b6cf4dee4b62e101c87b7b034b6e5e5f96c1264d38a630dd1e9c1660ff7b10f98392cd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WX246DET\warmup[2].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\VXVL5QP0\www.bing[1].xml

Filesize
7KB

MD5
71cea73d69bd2d5234d2db02d29c1603

SHA1
f5952e781ab44a7067a6d11559691b88a9261f74

SHA256
0141822da81c65839d81968b7bd8a4be907b2902cdd459f640da1b2808ac8cbc

SHA512
2157bb15d1e380b421d29f0f8e8fc409a069cad2ac502119649e3c6c7f84098eef01bbf2c823d46086129aa13cb42da21171efdb1f9f6408232917dac4a42836

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GAI0CRMO\favicon16[1].png

Filesize
503B

MD5
ad98355e85075a8ebc15a01f875e1aab

SHA1
de8398fdfeb3bbd48a58a8b12453e1fee61e5f2d

SHA256
6a437098dcbb8a0354ae28a5f7825685f471c13cecb83186cc950844df7c76c4

SHA512
1b5d5402256ec3ccc20f1b1b635a9ea16131c2aec49c94105c8b7d3e32c9bfd45e937bde8af35ced6b22f39526de2672ba145ec43f49aba4d7a66da79e13819a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ZVHS07AD\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\HHTYW25Y.cookie

Filesize
102B

MD5
62afc3473a6b3dd4383efa5d3ade4afa

SHA1
f37c79c8114c2ce9359ee9519199c108be9ba586

SHA256
f471fde2c0360029198ebbe206cb65bd0f751ff4110a17fabffc017fe93012e7

SHA512
ad64a317221fb0f0f977b03dc13df0ff934b634f6ba30e6cb9c783890931dcf25f4b43bc781d18c75efc982b42381e9092d708b8274dd50a5acb3109fee8d5c2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JOM7AJAS.cookie

Filesize
282B

MD5
2e81d9b4afb2a82f6e2e0ba5c43502a6

SHA1
9887230f9ddecbc89125217135e154fc88464077

SHA256
0a13961c0201560618866d46edab8411a668ed8408cc6148b8df3570c3307cb8

SHA512
4a188cfc6c8f3ec970d839024fd3169e84c0d71a43970fcdedfeb3fc17f8fa34d978cf8776f8514dc8fdf5ff1b9cd7ea1150d8fc0a22c16873efc919239731c1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

Filesize
312B

MD5
16cc0a4cb7e7fda08c81f9fb84e14c01

SHA1
89d1094e8cd77c1a86dd49ca76f47d21373e8b73

SHA256
960033fe5c19d152db24016aef617f9cc38a2b1c2af1e878b5ab52ccd08dcff4

SHA512
f3b0720104765a933571d71c9efaec8e4260c50abd174d1115f1ead92b2992627c77325a2eb461781c21ad0528ecf7a9f891514fc4f856500511ea6ca6df491d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

Filesize
400B

MD5
c87defdb091dfc58ce5e98263326c2fa

SHA1
f7f8e63c0aa45525ce930f8f1b3537de2109d507

SHA256
f3b8a1ffe56a613101d9f16e6720177f402cbcd92fec9f1119f59e47309061c7

SHA512
e1f18e3a7997ccf5e458afe2a14d71d3072af2be903b5b3349ff1feb92ebd467e80fcc1eadf04dbf4ae456ee211030d8db0958b45f6c4bb5bf687acff0cf0eda

Download Submit
memory/352-35-0x000001C0ABCC0000-0x000001C0ABCC2000-memory.dmp

Filesize
8KB

Download
memory/352-0-0x000001C0ACB20000-0x000001C0ACB30000-memory.dmp

Filesize
64KB

Download
memory/352-16-0x000001C0ACC20000-0x000001C0ACC30000-memory.dmp

Filesize
64KB

Download
memory/2564-53-0x0000024672EA0000-0x0000024672EA2000-memory.dmp

Filesize
8KB

Download
memory/2564-58-0x0000024672EF0000-0x0000024672EF2000-memory.dmp

Filesize
8KB

Download
memory/2564-56-0x0000024672ED0000-0x0000024672ED2000-memory.dmp

Filesize
8KB

Download
memory/3536-382-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-389-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-394-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-395-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-396-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-398-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-397-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-399-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-400-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-401-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-392-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-391-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-390-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-393-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-388-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-386-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-385-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-384-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-383-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-380-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-381-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-379-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-377-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-378-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-375-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-376-0x00000257DD8F0000-0x00000257DD900000-memory.dmp

Filesize
64KB

Download
memory/3536-137-0x00000257EE620000-0x00000257EE640000-memory.dmp

Filesize
128KB

Download
memory/3536-142-0x00000257EE8B0000-0x00000257EE8D0000-memory.dmp

Filesize
128KB

Download