5381cf1c07d26fd6eaebf43c14e27edc787e03e2e2959d7fcc106196fce9516f

Analysis

max time kernel
132s
max time network
131s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
09/08/2024, 07:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BandagedBD_Windows.exe
Size

112KB
MD5

5771dc777121b6db68b13177c6d2f479
SHA1

5da5787b7fc16b23a580ca2fb59e596d7ca35a98
SHA256

5381cf1c07d26fd6eaebf43c14e27edc787e03e2e2959d7fcc106196fce9516f
SHA512

fcdcfc0631295d3317063fc2b4e2054cff87f8bc597e0c4481c023d2afabbdd97180d15420b94882d2b85d7dd4d147975312bab6d22b9393f1e9009f03753d72
SSDEEP

1536:uqv7jfumxFM6EajCJyPOcF0bAtYFpFWtFn3VR6Bl:u6/mSOC09/WLn3Or

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	BandagedBD_Windows.exe

Executes dropped EXE 1 IoCs

pid	Process
3676	BandagedBD.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
147	discord.com
148	discord.com
61	discord.com
62	discord.com
63	discord.com

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BandagedBD_Windows.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BandagedBD.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "124"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = b0f2fe3d2ceada01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\discord.com\NumberOfSubdomai = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\discord.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "429952743"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "17242"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6b6d013e2ceada01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "233"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 6b9df1072ceada01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\BandagedBD.exe.rtabyhc.partial:Zone.Identifier	browser_broker.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4192	BandagedBD_Windows.exe
4192	BandagedBD_Windows.exe
4192	BandagedBD_Windows.exe
3676	BandagedBD.exe
3676	BandagedBD.exe
3676	BandagedBD.exe
3676	BandagedBD.exe

Suspicious behavior: MapViewOfSection 11 IoCs

pid	Process
4120	MicrosoftEdgeCP.exe
4120	MicrosoftEdgeCP.exe
4120	MicrosoftEdgeCP.exe
4120	MicrosoftEdgeCP.exe
4120	MicrosoftEdgeCP.exe
4120	MicrosoftEdgeCP.exe
4120	MicrosoftEdgeCP.exe
4120	MicrosoftEdgeCP.exe
4120	MicrosoftEdgeCP.exe
4120	MicrosoftEdgeCP.exe
4120	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4192	BandagedBD_Windows.exe
Token: SeDebugPrivilege	3016	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3016	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3016	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3016	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	560	MicrosoftEdge.exe
Token: SeDebugPrivilege	560	MicrosoftEdge.exe
Token: SeDebugPrivilege	3676	BandagedBD.exe
Token: SeDebugPrivilege	868	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	868	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: 33	6088	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6088	AUDIODG.EXE
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: 33	5296	MicrosoftEdgeCP.exe
Token: SeIncBasePriorityPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5296	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	5296	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
560	MicrosoftEdge.exe
4120	MicrosoftEdgeCP.exe
3016	MicrosoftEdgeCP.exe
4120	MicrosoftEdgeCP.exe
4716	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4120 wrote to memory of 4576	4120	MicrosoftEdgeCP.exe	76
PID 4120 wrote to memory of 4576	4120	MicrosoftEdgeCP.exe	76
PID 4120 wrote to memory of 4576	4120	MicrosoftEdgeCP.exe	76
PID 4120 wrote to memory of 4412	4120	MicrosoftEdgeCP.exe	77
PID 4120 wrote to memory of 4412	4120	MicrosoftEdgeCP.exe	77
PID 4120 wrote to memory of 4412	4120	MicrosoftEdgeCP.exe	77
PID 3020 wrote to memory of 3676	3020	browser_broker.exe	78
PID 3020 wrote to memory of 3676	3020	browser_broker.exe	78
PID 3020 wrote to memory of 3676	3020	browser_broker.exe	78
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 4636	4120	MicrosoftEdgeCP.exe	83
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86
PID 4120 wrote to memory of 5296	4120	MicrosoftEdgeCP.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\BandagedBD_Windows.exe
"C:\Users\Admin\AppData\Local\Temp\BandagedBD_Windows.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4192

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:560

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- NTFS ADS
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\BandagedBD.exe
  "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\BandagedBD.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3676

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4120

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4576

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4412

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:868

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4716

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4636

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4068

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:5296

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x32c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6088

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:2932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OHP8MVFQ\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\652737c319ba7da75394c4dc_ggsans-Semibold[1].woff2

Filesize
32KB

MD5
890a9ab504c3657183ff118b1aff212b

SHA1
127609df5d04fc779da4a9e90d8d09bdbb390149

SHA256
d472a71a0f92855881ce2c2334df77a333461f6936f1f0388f952fedb056fb3e

SHA512
a662c708882ac3d5a7bfa64f16becf750ffadc333784a72350c71513cf2261a8cf63b67da989bb5c1fa78589d570eadf45a9d9590286e764520fdc3144e6349e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\652737c341a1afd425063916_ggsans-ExtraBoldItalic[1].woff2

Filesize
33KB

MD5
7081fbe9934d1b8f6aa233f9761d5c74

SHA1
885355acaed985d19e17204a19c5644a5ae84e3f

SHA256
dbe667dc7cb57a407c4d0a82406dd992dcced6bdabfeb32355dffef4f82f0f77

SHA512
f5f8ddb20f3a43762f2ae2f1236fb0f6fd7cb2abc23ae930cd72190280a777abe9eb3d3e1a220d86d8993b0db3f645a66e466c382b5d167a80222b89cd821bb0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\652737c387dadfeed3df77dd_ggsans-MediumItalic[1].woff2

Filesize
33KB

MD5
bd48d41d907530c8bf2851000a130122

SHA1
8a6428a18b202f9278cf9bcdbf12f862c9897f52

SHA256
6c506c2b1464c4aa5f92ff621786a57fcc1b093d21c36b9e0c3a39ec9391aec3

SHA512
a614dadf69d1215354193373f8006492cae9de3207a79df6383077016ff0f402f1e9d2f46f54af5f08b44968eb64d02d9d629487293724af86d573975857239f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\652737c387dadfeed3df77e1_ggsans-NormalItalic[1].woff2

Filesize
30KB

MD5
d7613267130135c7d2174c87978f95a6

SHA1
ce81c6149520cf273da8e5bff7fecfc200638ce0

SHA256
5988e0c6f27106e580b62b5bf72478524c5d498f99e9cc5eb775e90921d3ee91

SHA512
8ccf1b9d64f4b7bae60eda7f20451f7b262eaa9bdbeb54e172a1009e9f064923b1166fb4b82b41ee265f5007d7dee3151db2dad90a83333dc59ee1071661d333

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\652737c3ca731b7fff229a99_ggsans-SemiboldItalic[1].woff2

Filesize
33KB

MD5
932b058960ed3cdc9977cc161a52f5dc

SHA1
dcfbcde1c572eb7522c4ce7cce226e4c4bd99110

SHA256
5f6ad9a38b33eafb2cbeeb9c779a4a4108b3e9e9ad7793d7a47051ac7354deb0

SHA512
3e40ce3ed8e8b884ccb1e17bb8b303f8ad5e3bff13306ff8e2523c2c510f5942953f6b289b92d9a6729e7ce519c838c855ef39474d3ffae3df8e1de79667905e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\65273da62cbf8363b445b021_abcgintonord-800-extrabold[1].woff2

Filesize
40KB

MD5
3d07f5abf272fbb5670d02ed687453d0

SHA1
5ba49c861917331a4d29d2a81ed4f93e94f62212

SHA256
3afc8b61c01534f04c628962b34e53104e0487b010f197a54d2e9ce357bf9733

SHA512
b60507b188022163686e29e2a670d51d62deac4a2450c71de5ef943a784b680ed1626f87d5803a7d1175d55aee3122c6c9060113bbd9bb41a95c91196cd1fced

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\65273da649497845182f7341_abcgintonord-800-extrabolditalic[1].woff2

Filesize
43KB

MD5
3c0aa7f9d47d6a96b14ecada461ccf0e

SHA1
971fc55ebd7051891596dcfed0600b0231503f2a

SHA256
e49327d4031ae5a64fc4b042b110ed57407b256aabf78b1a4b06639789a88dc8

SHA512
13bc9687cb1da9c2ad4804922f7abed918b2e3e75df1a267a078a011d6f35e98ab159d9a061778243d23090812858dd8b24d8989fb09a0dbf1733f351193c4db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js

Filesize
289B

MD5
9085e17b6172d9fc7b7373762c3d6e74

SHA1
dab3ca26ec7a8426f034113afa2123edfaa32a76

SHA256
586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d

SHA512
b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\head[1].js

Filesize
8KB

MD5
aa6a56d2e4bf32ae117e4896cd4bdc71

SHA1
9349133e6e3777875e4acf43fc7d6d72daea6545

SHA256
d0f3d41c97ac317ef29e187d8281a4a577b505bc79ee83d11e807de89d5b29a7

SHA512
0e344431c4146c3af7c1daac5b87a50564ae62c5819a30a77c13e2fbac1fe47a02798498b6d7d68dab90d631e821c69975e7090b51d08e767f9235ba8ad041a2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\index-react[1].js

Filesize
6.3MB

MD5
10c8abad5563ed5bd66d8df4b2936164

SHA1
8940616fe3a7d74a5b0de9f0bd480cf3c688f257

SHA256
9b55ceed1e817392aa8bcfb2115067b1bf255226393a1cd727e62a80e5b73ec4

SHA512
b83f1a7bd938347997d80158fdbd2e4ad6c227b357abbaa98527dc3097ac0c3950dcecfbd5d8f2066bfa9e1ef7ecad0399bd6881f1845006ce6a02fbde3171a0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\jquery.min[1].js

Filesize
87KB

MD5
8fb8fee4fcc3cc86ff6c724154c49c42

SHA1
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4

SHA256
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

SHA512
f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\landing[1].js

Filesize
1KB

MD5
1b84a22db62286719ab3288c981953b9

SHA1
21294c013d666a7706555ddc15f96a4685f74ff5

SHA256
fbaf8a2324eb903d6ea5f9f3bc1a31727c28e793c40959b8bf6e172094247bb0

SHA512
e3de84cf603f5ddb748f67ca58b4388efd55579091afe846daeca647d4072a6228b6c40ac0cacc9d08fb7e01b6a799421e82c0736286b8a3bffab15b0c63e521

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\localize[1].js

Filesize
63KB

MD5
b54910bcb1c43ac5433839946d6a1bb3

SHA1
733946eaf966d8fa616f50837622a4bc0eceef6e

SHA256
52ac47838a9f97487b3109ac52d6c0f00480d5a2df47ad46bb84c474dd7c3242

SHA512
d104cbd8c1453c2994f21a795d5c9fbfd54e2fe7363dabd9aff2e31f547f61876fef805eb22e48620514e97b28b17b4949df9db012f31434912c094b0d077bc4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\styles[1].css

Filesize
282KB

MD5
865dd8447bf15ef0c631d3e2cf30aabc

SHA1
b7441a672ee473b26649c25487b97ad6581c2893

SHA256
11afbb54d60b0824fa3c26756b6f065bd7410d0354607ad1811e1cc2737b3d95

SHA512
92967cfc02077f3f3d2dbb30b3695f92d861d311e15f5993346a91fe42277f29a7f2c64260ae552536cbcf51d51e68c8526d9e63202c838545a697130d0484ca

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\styles[1].js

Filesize
2KB

MD5
268eda5da2c6ebfb05fe7abb45f569a0

SHA1
88f77e81e9d2149c11c8503e6dd49bf540106e44

SHA256
485a39c8037f171e757a53562b4b7de35384f316e26b4ce6ebf925e4f235c271

SHA512
0bbb005fe1395e4eec86fd5dadeb855fce96a4352b29af7705819cee5ce1ede777756c1b1cd3625210c9af12d15f2b949d743d7db789ff0c5874eed5bed5b87c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2T053X7Q\webfont[1].js

Filesize
12KB

MD5
7c96a5f11d9741541d5e3c42ff6380d7

SHA1
d3fa2564c021cf730e58ffddb138cf6b57ed126e

SHA256
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

SHA512
23c162a2e268951729b580e5035ad6ca9969cfcc5ce58a220817b912e76b38be6c29c3ca7680cb4e8198863d95a72ea65bd06ff7189b5c8475e4c1ce501aeab1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\W4UZ9IQA.htm

Filesize
133KB

MD5
8548ebe80e6d01f6feffd34702d3513a

SHA1
d9c58172f93c4b4ade37fd5e4dda835e35a2244b

SHA256
36b488ecfea8f3f380a4e83a89da85ba89006d3083969ddb04da612ccd413531

SHA512
7b9b5e43844529c7894e6c0e5c1a2d8fe67d5eb9703b3472a6ecedc8e23b4816c7956150ea02ddfa57ca9e58ba3f9a993be2dff967a62c06265e472cf14ee1f8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\discord-2022.ac5cf6667.min[1].css

Filesize
1.2MB

MD5
ac5cf6667b5567a35f0f673656be8c28

SHA1
2ff40bb447db031ac918502eea4f6b81624439bf

SHA256
c6b45333930737eb599a7279a1716250c1e9e9352610d93fa727c7a09b4c112f

SHA512
8f32dbe7763769376b36dc6fed81534b1936d9de114229f6f28e6f7cb01c3367bc0b5315538f0c0a9b414ec66f48760240889fc0fdbc2d5d6fd41de3b5b04877

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\gtm[1].js

Filesize
262KB

MD5
e933f094453b20ad18a811770ee49807

SHA1
21e3a9f03cdb4db37a47cd83376e4ed60e945a61

SHA256
0bd817582269a248975f5ba49f4cfa7affda153bfc90077a22479f862c5991f4

SHA512
28d6c10e72c5d617206da979a09e45aee62cc8293c0d5445178485b011c2425f9fd4f729f7e9a684f4af05f1bc919f06ddc4724ca9e3a7a68b9eeac40798664f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\jquery-3.5.1.min.dc5e7f18c8[1].js

Filesize
87KB

MD5
dc5e7f18c8d36ac1d3d4753a87c98d0a

SHA1
c8e1c8b386dc5b7a9184c763c88d19a346eb3342

SHA256
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

SHA512
6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\loader[1].js

Filesize
1KB

MD5
4bfdbf5f6a8f3ca6238e61ac53e9acba

SHA1
0634e0f0539b00e421f3aa076cc9630b12e47747

SHA256
76e16897be6d91bd127b5c6a7e3c60482a5606860cb87e3aeb0b2589265e1752

SHA512
3589e01353b08c31ffb81ed4571e77a0f6d24ac7b8ad51f88f4e7238bd7e15f18d9911eb2b15775671562990a97cac11fa31b2d2784d0b9b5cd447c93bdeebe7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\otSDKStub[1].js

Filesize
20KB

MD5
5b2ab40ec5c55209f5747c46875e2061

SHA1
c86a5fa5cbc45390f38afb67552bde9e167d45e5

SHA256
03aa6fcac2902227e1b66a01b87824692f708bbf9bfe441784f8ed22d677f6de

SHA512
33ea20a469b0e954e4cb5f565c52c80674248fa52e48cf0a307e81371a99136f94c668ea30ff74faa0c0ef3bdd25e0f74e2586b41ca39717ce137cd2321c1026

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\warmup[2].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\652736292cbf8363b43d077a_ggsans-Normal[1].woff2

Filesize
30KB

MD5
ef78ef4e179e7e1766882d2f044cb39d

SHA1
ff3734cda8426368beb9deee703344815817e987

SHA256
88fba47546b0201525b02b5f65c8af1b09367d470fff48aca932e7b43e3fd67d

SHA512
0e8f4e5989b731d4623666e164338119bcb0243aeaa8d18297a31274d0bf2c5c6edc7ff1d1482c69fb89976fad03f93a88e9e5f59141846af02169fe8926fcdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\652737c30510e4ad4333a424_ggsans-Bold[1].woff2

Filesize
31KB

MD5
db6b320298071092b190ca887d06e95c

SHA1
8016461ca1131ea676cff368c4405d79f52c7867

SHA256
9f97ff47d66b2f3cdd1aa40988382749ef90ac9051d1a548b12a1260d10c1e6e

SHA512
7cec34499c90daf790d0fd4879f1282d90a1694881a87318ecb418fc65cf084f66bd127dd3c6b99bbed8ff2822ad70b947ed269afd27aa8b60e723c16fdc6a7d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\652737c319ba7da75394c4cb_ggsans-Medium[1].woff2

Filesize
31KB

MD5
6db712e9212169e71d90c9999b5d98f6

SHA1
dac145a44f8530b801f8fa525742ebc93efce6ba

SHA256
d68a183592ac8ad34c6a0649690b01946cfd17762dc317e0ca31791e707a2d84

SHA512
3ec5022affc61a10f67e4a7df21be4dd2bcd9798d38d2599aa4270577e1769acd4f7c59430cbb787ad81f23ccfe8309350ae090b860d9acf2f52026a5b9d5579

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\bodyEnd[1].js

Filesize
11KB

MD5
56636ed7a7728d21b7dfc8c4900b1879

SHA1
4313c9e73d41ffdc028106fe6a7c8da3226e94e9

SHA256
f6c3092d9f27fdeb33f97bd2a1570fa41605f7ad30238eeeee9245f2517c2ada

SHA512
e09cbd4aecdd5ad00474c75276c12f915ad5ba849eb635f1f9c28d4f6c7f4af747d107c7dcce398a17a9a0dc56e5cb9347496e968dfd6005548163f65f5d6a10

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\discord-2022.825168995[1].js

Filesize
3.3MB

MD5
825168995def19e93cdbcadf0cd1f4b1

SHA1
a73a5177023121c6bbd924e175f34ab80f2484ee

SHA256
b6c2e10befaed9251c6bcda35f8275b355d072312bc41c8e22b79d116851119e

SHA512
838af224a612f842261d7e32934a8a219dc2c6dc34f283cd1c723f13b9a100f323215fb43bff64b63ba5ef1e4e1e1fe8a046330a9d38ee62ab491222c77b2dac

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84UH4MC0\newHomepage[1].js

Filesize
9KB

MD5
720723bd29e295c344c321fb6fc382cb

SHA1
a0561a1809b23ca9116df937a67ccebeabc99a9f

SHA256
51b1dbf1fb3192afd759b5ffe197dca098bdf1540a54e28035c6cdad5353444c

SHA512
6035c6631eca161fbfaea1d27fb332e4781014cc3e1a9ce8f952ccb00ebf8c621afbd74aadb26dbea484c28e36d8c79a98527feda577d79d310ebe5db6ce0a35

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\otBannerSdk[1].js

Filesize
335KB

MD5
656a4fd9013f905080debdd038f06b94

SHA1
6843484ea4be1a3415ea554bb8b7aaa6e311554a

SHA256
0152531ece5b19aa743208c31fd9f9284282bc97a2ec666de5cf770a9aeee0fa

SHA512
b88fc90663ab1457eccb18717aa6b1a9a4f5fb64c0c58a93d4b3dd62d0ac007176571719db8bd999e679affc8f4105e581f983e0ecdf6a94a48b20d7600218f0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XX7AM3Q6\xvEz2IbMlyghPZ3oNAHr9N-xMOA.br[1].js

Filesize
6KB

MD5
dc221228e109f89b8b10c48f2678fb46

SHA1
1bfc85cba5c424136941ac1dfd779a563b5beed4

SHA256
f4fb7234959f48c2b2ca73fd6c35d36eaf65d8c431d982a1ba208f5cdc766419

SHA512
46f49e5ac18436251778d1f50c027729a2442ed6541c3162d878720703e37797b6028d96eb1568c23ec5006fb022c8e05855e250d6a1a590f41e890866529cd2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\PVBTVGB2\www.bing[1].xml

Filesize
1KB

MD5
47fdd17f9ebabb538e555e5622bf6910

SHA1
6f95fd075c6ad0ad433444eb73b08804140d0088

SHA256
dbb9832ef249b730b9feb2ff1af3fa3d1e46bad3e552db47376d63c4b02bf36e

SHA512
0cd55170278b4055d719c2db4f8538f68456c75921370a6f64a4e61b0a688673106fc480202f7dd55a864008fcae59b4918a16bc97480b50c8026a982a2bdee9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\EDUAX9CL\62fddf0fde45a8baedcc7ee5_847541504914fd33810e70a0ea73177e%20(2)-1[1].png

Filesize
557B

MD5
c309ae41848547064c2ddb7dc66b6215

SHA1
6d9801822541e4be3ed25137c4e53a249c85ba2a

SHA256
11848b5f1c8a7f294c6211c2f0d0dc83a8a28bfe1ef0829a8dacfdf475c5e5a2

SHA512
3ef32b52e7070ca0fa9a8cf06e49fe43d67da63fd3a0cd0985363f6223c758440a44e65c3eebc7d6cee0b1ca3aedc4c6ee78b7167fc4136d90539d6ba18d030f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GEU7PI22\favicon-trans-bg-blue-mg[1].ico

Filesize
4KB

MD5
30967b1b52cb6df18a8af8fcc04f83c9

SHA1
aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

SHA256
439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

SHA512
7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\M2M1LSR8\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\T7EL5T46\favicon[1].ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF85E2A71EDD530EBA.TMP

Filesize
16KB

MD5
d89cf620f41030d8b58b7021786ae09c

SHA1
6e1ee03c6a08b921b860fb567a3d2deec850ffa4

SHA256
abc22e4fe508eaf7986e4b328aadd4036a828d5f0a007ecca81b989f559c9243

SHA512
2067210aca0326ebc3e51c5fcd28ed6704e2fa8bef7543fc70242e0d34a001fa60faa77f7d3a22332961b7be7f765ce7d62cf4b768811c1ed750af206b36996e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\BandagedBD.exe.rtabyhc.partial

Filesize
112KB

MD5
402fbc0999cb0c517678676d31dcc578

SHA1
943db51502db80faad6c7eb76cc7094304a4db3b

SHA256
3b1a505b23715f16b1a8083f14f07b7bb619d1b42f74b2f5791cf5b02888bfdf

SHA512
b3793c9ab550103b697bcd75471bffac6d2285a9ee3910ba39ed21ae5160f8e8db57792d35633a5b36387cb131b65048a1db278f2c93d66c1d79d5829d1f6e63

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\BandagedBD.exe:Zone.Identifier

Filesize
616B

MD5
c519c26f366eedf9ca01d54715d40606

SHA1
804d353e676a59f6c97ba9fa375cf818a424d8be

SHA256
e1981d6f7776ed042f4de8f3a827ac05c86f7f07ca68bcbfaccbe316bc0f726c

SHA512
9b2777126f75056dfe42179a468acbb70c3d8a27f07c3a73eb6974f4a539a3d4f0a94371dc644038009758349328ba455d59347a80ff92d53e305a9df2997a55

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5FHAH0Y0\BandagedBD[1].exe

Filesize
93KB

MD5
175651765d10a98b4f7f139fc27a57c8

SHA1
b8f5cba2e331c3c87723ff1db262269975ee1a31

SHA256
f7d3f5051685c31d4178e977bb3369d280c169fbc875d84e7fe007053ecf9545

SHA512
aef7a6671577570ed5829a7c8a3ad8d271f09bc7f3a8d5987d5326bb4d49526343c12763e3a0c2131bc1effd9b4e58a126f74ecfcf87b1c0b24101b63ce4296c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

Filesize
312B

MD5
fa75db9eda0ef043424bb10fbdfd31c1

SHA1
b63c85b8989d53cb2f6d9ef013e69482fef9298f

SHA256
cf27aa2416f37df89735e9234c7caedf06cd1461003b6739563080495960c991

SHA512
4908e2d97f774e242bf978166feef5882471d706cc8caa9d02e3f55ca5b7dae8341c669532b9ce5d430615b513b0528e7a25ed6d134078d20e87d6301104ce47

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

Filesize
400B

MD5
a1fe9a37296d8c1506a85a9d727a3a2c

SHA1
c19091acac83dfee7315c909f2bb2e7e955030b0

SHA256
406a4bfd68bc522d56c737e262e3e8c98c39a9f3be7de1dba94661f0cf2dc440

SHA512
81f02b96ef275f4bc83c905b0aeca3ce6ab992f85886408069c2b5be85a5af8bc15fcd9cafe9f670d01e39bce9d38e832b5c8d52684dab5795b2a9eb838b407f

Download Submit
memory/560-8-0x0000026068E20000-0x0000026068E30000-memory.dmp

Filesize
64KB

Download
memory/560-43-0x00000260680E0000-0x00000260680E2000-memory.dmp

Filesize
8KB

Download
memory/560-24-0x0000026068F20000-0x0000026068F30000-memory.dmp

Filesize
64KB

Download
memory/560-124-0x000002606FF00000-0x0000026070038000-memory.dmp

Filesize
1.2MB

Download
memory/3016-52-0x0000020738D00000-0x0000020738E00000-memory.dmp

Filesize
1024KB

Download
memory/3016-53-0x0000020738D00000-0x0000020738E00000-memory.dmp

Filesize
1024KB

Download
memory/3676-121-0x0000000000720000-0x0000000000742000-memory.dmp

Filesize
136KB

Download
memory/4192-7-0x0000000073F20000-0x000000007460E000-memory.dmp

Filesize
6.9MB

Download
memory/4192-6-0x0000000073F20000-0x000000007460E000-memory.dmp

Filesize
6.9MB

Download
memory/4192-5-0x0000000073F20000-0x000000007460E000-memory.dmp

Filesize
6.9MB

Download
memory/4192-0-0x0000000073F2E000-0x0000000073F2F000-memory.dmp

Filesize
4KB

Download
memory/4192-4-0x0000000004F90000-0x0000000004F9A000-memory.dmp

Filesize
40KB

Download
memory/4192-3-0x0000000004E00000-0x0000000004E92000-memory.dmp

Filesize
584KB

Download
memory/4192-45-0x0000000073F20000-0x000000007460E000-memory.dmp

Filesize
6.9MB

Download
memory/4192-2-0x0000000005300000-0x00000000057FE000-memory.dmp

Filesize
5.0MB

Download
memory/4192-1-0x0000000000580000-0x00000000005A2000-memory.dmp

Filesize
136KB

Download
memory/4412-93-0x000002568F100000-0x000002568F200000-memory.dmp

Filesize
1024KB

Download
memory/4576-82-0x000002375C6A0000-0x000002375C6A2000-memory.dmp

Filesize
8KB

Download
memory/4576-79-0x000002375C670000-0x000002375C672000-memory.dmp

Filesize
8KB

Download
memory/4576-84-0x000002375C6C0000-0x000002375C6C2000-memory.dmp

Filesize
8KB

Download
memory/4636-307-0x0000029CC9950000-0x0000029CC9952000-memory.dmp

Filesize
8KB

Download
memory/4636-330-0x0000029CC9790000-0x0000029CC9792000-memory.dmp

Filesize
8KB

Download
memory/4636-320-0x0000029CC99C0000-0x0000029CC99C2000-memory.dmp

Filesize
8KB

Download
memory/4636-303-0x0000029CC9910000-0x0000029CC9912000-memory.dmp

Filesize
8KB

Download
memory/4636-301-0x0000029CC97F0000-0x0000029CC97F2000-memory.dmp

Filesize
8KB

Download
memory/4636-299-0x0000029CC97D0000-0x0000029CC97D2000-memory.dmp

Filesize
8KB

Download
memory/4716-151-0x00000142EC200000-0x00000142EC300000-memory.dmp

Filesize
1024KB

Download
memory/4716-266-0x00000142FCCE0000-0x00000142FCD00000-memory.dmp

Filesize
128KB

Download
memory/4716-199-0x00000142FC8B0000-0x00000142FC8D0000-memory.dmp

Filesize
128KB

Download
memory/4716-194-0x00000142FC620000-0x00000142FC640000-memory.dmp

Filesize
128KB

Download