hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

max time kernel
29s
max time network
30s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
13-08-2024 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 7 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 652ec05128edda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9cfc864a28edda01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1328314a28edda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com\ = "122"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{B484DF41-E23E-4107-A1E0-4E2A3176F0E2} = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\LastClosedWidth = "1280"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe

Suspicious behavior: MapViewOfSection 10 IoCs

Processes:

MicrosoftEdgeCP.exe

pid	process
1072	MicrosoftEdgeCP.exe
1072	MicrosoftEdgeCP.exe
1072	MicrosoftEdgeCP.exe
1072	MicrosoftEdgeCP.exe
1072	MicrosoftEdgeCP.exe
1072	MicrosoftEdgeCP.exe
1072	MicrosoftEdgeCP.exe
1072	MicrosoftEdgeCP.exe
1072	MicrosoftEdgeCP.exe
1072	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exe

description	pid	process
Token: SeDebugPrivilege	3772	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3772	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3772	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3772	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4628	MicrosoftEdge.exe
Token: SeDebugPrivilege	4628	MicrosoftEdge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid process

4628 MicrosoftEdge.exe
1072 MicrosoftEdgeCP.exe
3772 MicrosoftEdgeCP.exe
1072 MicrosoftEdgeCP.exe
3016 MicrosoftEdgeCP.exe

pid	process
4628	MicrosoftEdge.exe
1072	MicrosoftEdgeCP.exe
3772	MicrosoftEdgeCP.exe
1072	MicrosoftEdgeCP.exe
3016	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

MicrosoftEdgeCP.exe

description	pid	process	target process
PID 1072 wrote to memory of 4084	1072	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1072 wrote to memory of 4084	1072	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1072 wrote to memory of 4084	1072	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1072 wrote to memory of 1444	1072	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1072 wrote to memory of 1444	1072	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1072 wrote to memory of 1444	1072	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1072 wrote to memory of 1444	1072	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1072 wrote to memory of 1444	1072	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1072 wrote to memory of 1444	1072	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://github.com/Da2dalus/The-MALWARE-Repo"
1⤵
PID:1608

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4628

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:968

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1072

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3772

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3796

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:2164

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4084

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1444

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\HZ6Q90KN\favicon[1].ico

Filesize
758B

MD5
84cc977d0eb148166481b01d8418e375

SHA1
00e2461bcd67d7ba511db230415000aefbd30d2d

SHA256
bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

SHA512
f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFB0C46DDAA023562E.TMP

Filesize
16KB

MD5
4622420589c12967510587be4fa55105

SHA1
c6681c0483307d591ad6ca4917ac70eb6d39816c

SHA256
81cf4b7dfc577fa9a103622388a20f7169aa5e47e73ba945fd24dbff81bec919

SHA512
2357fef0d9cbe85010a3d8c98fbad02fbfe33cca58ef31b3a9c34e5beab6f927155851f28882709d5e222478944db782283f10340fd2fee41dd4158052c81f70

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CILB2OEP\dark-6b1e37da2254[1].css

Filesize
48KB

MD5
96ba1deb375c1c66bb092fa0a1765be1

SHA1
03f188ec52d09882b8403ed57d7aa73a224ddd62

SHA256
d6bc29d6a4e33c7f4da1d4b8060cce6dedf384d7334b71661c277e985ef8c156

SHA512
6b1e37da22544d5626c6f78691a8d8f723c49c95a782f5195f4b00b0e1b9d4408402c25d5915e097ef31273c3c8d06d81d1ba1bb08e12677941b8b1f24d92848

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CILB2OEP\light-efd2f2257c96[1].css

Filesize
48KB

MD5
b8473fdb0f4749de99341662aec850f2

SHA1
f593c957a26528558217837aead34cf718d27443

SHA256
8aabc55d211fc93acb563c9cf30732577212a998196f73b067f9795c8d1ef72b

SHA512
efd2f2257c96c12eba6da741c677030ac63c34a925846080ec606e5a974706726479bd5babea6dd0ac7e8e421704263787986fb07a9c384994cf403bf8bc3dee

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JKE7A3GY\primer-bbda46ca867f[1].css

Filesize
333KB

MD5
77d264a65da1bdf6226a7b14304b56dc

SHA1
8925706abc2ab2aa391b2b6a9cc58b4dc8ba841f

SHA256
a2b62581aa107332cdab817fa60dcf7387d60e10fef392a98827abdc8e57ea75

SHA512
bbda46ca867f036551a1712a90c927f0b16dd413900a1c25dd022c8e80c54864989365097d4309b027f0067f0e57647357d19e48237da8b180079b74c9b702ce

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JKE7A3GY\primer-primitives-8500c2c7ce5f[1].css

Filesize
8KB

MD5
e9c08b9ba681ad6606bd18f264e73ef6

SHA1
04d1e96739d82e07587f10bd2d953c8e70b93d9d

SHA256
b08c9718118f5b814e632ac3dc0d8e009e5dc2913df183f0ed322e6817e997df

SHA512
8500c2c7ce5fdad5fa01aa92156964108335c704a127ce290d201395009914c814ac6e08a467e45d1ca0fc75b2269b7f09a6d437939d91c9513c659a80cf472e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LYOG6IM2\code-34406d39e629[1].css

Filesize
31KB

MD5
ee14556fc6c8c5e35d7acf63edb7c840

SHA1
6e106d8fb2bcdbf90a553b2db5ad3faf8b5b1d35

SHA256
e98b22b626274eb24481f138c7aed6681b3ade70d4427bc0cb05ceccd9ef4a61

SHA512
34406d39e629a65f5162757c5142f9b02149d2d18caedf15a528315a5dddccc86f3445c852f7e42a2979004b3c07ffe62c1b0c13cf5b60f6b8a06e5836027b67

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LYOG6IM2\environment-cd098098ff2e[1].js

Filesize
13KB

MD5
c946fb5a94c699f0b69bbcf7e85dd938

SHA1
81f6899e9f2d5e0357cb42792801c38f31e455a6

SHA256
29dba15e8182dbf52cd9dbde2287d57fdde0f6fb2e4dcfa0ee8381ee099f752d

SHA512
cd098098ff2e8f8b50d62e959c8a4190fc01fd7f96b651005059d18e0ac9e0c24ebeec4011308e7dead2614f83f2d3626ec5bf14e3eb1be8eb159042dd7432e6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LYOG6IM2\github-cf4e90581e80[1].css

Filesize
125KB

MD5
17dd5ff830e3a3b0d60eba96196eef76

SHA1
d191b957af007ae7ae2fdfd8b20d0ab3fc1ea274

SHA256
42681431f54d4e9bbdc102af4d2f3de9c5409507dc6f89abed7813f6461cf3bf

SHA512
cf4e90581e80a8f0d3aa169f580d171911d61d894301808bf51e7c2facfc6b0e5338f22f1af3253d20c94e4e56ca905fc5d0e1d8ce46fbcd03ed976d18ff86d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LYOG6IM2\global-6f01bc73955b[1].css

Filesize
285KB

MD5
d6812d1d48e66ed6a712831148f3368f

SHA1
2f5467552f20463a132e84586927777ddc40f4f3

SHA256
d7a08128a2e72d4a5afc37419dbc3d0cb64b1d874bc28a5129cf47b115a994b5

SHA512
6f01bc73955b50e5482a3d1f6f49d4e5696c416d5e5a93f1ca65072200ba40c1034813cbadb83830baa46589a562e0f2255107adc4d3a055218e5aa6dbd78ce6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LYOG6IM2\repository-992e95451f25[1].css

Filesize
29KB

MD5
ba1468dd22fb87a14c2e6e2204531deb

SHA1
ade22d3c001f90fb4998709fa1062c2964742ab1

SHA256
d47b5116f66ce8d8840e44fbcee18453ec46cd6a12f863308a1f456380c35707

SHA512
992e95451f25275a9263e398d325f64591772d9ac887be883b8ad97e09008bd31a0e2f59f62c0cc97a983cbaba7b20bd4ae49748a834c1862323bac59e318bf9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LYOG6IM2\vendors-node_modules_dompurify_dist_purify_js-89a69c248502[1].js

Filesize
20KB

MD5
36f04458790e19bb99bd77a1cdc16295

SHA1
8f25cd75135fec8c088728f53d39dcc21d375fdf

SHA256
cfac43b55a6b86258b9d3495eff18f26f598313a14cf76a3dbb1e3e7fd341f00

SHA512
89a69c2485029e3393d81637b2eeac776d0765835e6ffcdddb1394f4421c5236b5cfee873568736d8a233b6c9bafe6ea828d2b718133aae8f0d22f220165fb9e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LYOG6IM2\vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_smoothscroll-polyfill_di-75db2e-686488490524[1].js

Filesize
15KB

MD5
e3f26045b6c949207e83b64a3049fb97

SHA1
93d1e9454d48afdfd846149723dcf845804552e2

SHA256
0aec79ad0107317829bd0d38cd83a44a1e3a14c9c62b7d1590298c4caa56ac0a

SHA512
68648849052442cf704c50e9abae2eccc3c289c388c4e4a7f32071d2878cb6c1bdca49a401fa820469a90658543fa1ff92649d232fcf0f94955a2872ff0899a1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LYOG6IM2\vendors-node_modules_github_relative-time-element_dist_index_js-f9b958f5f2df[1].js

Filesize
15KB

MD5
46afaaf3a6253f2ce9568db9e301ec8a

SHA1
b365c36e165567048bad614c98baa22bef4b9b91

SHA256
7ef807f7b9fe45ec17faa06e235c7adac46227f7589b91653fe4e0ae3a7a0ff4

SHA512
f9b958f5f2df5e85cfb021de43dac548c271eab2ddfa4463c213d7bf311b7ea3b7b93b7231de9834db884bbe53b012b3a1dde85eef9c6daaf46609aeb446fdb4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LYOG6IM2\vendors-node_modules_github_selector-observer_dist_index_esm_js-f690fd9ae3d5[1].js

Filesize
9KB

MD5
e131f8c9b77918aeb94fd82199a423d6

SHA1
71eaae086cd44a8904f39d27fb5387bb957976f0

SHA256
01f9a0ec0bb24312ae0395b6aa238f8d910dc35c08ef5a25a1e9cd8feac83c32

SHA512
f690fd9ae3d5a240e479fea97ac82940f136f3f2e0262cac840345f2b956123117ca94424dc354d90d13f1c0169c24b19526505bb2fad70c8c364899474a9495

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LYOG6IM2\vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-56729c905fe2[1].js

Filesize
9KB

MD5
2eb9961e08f81bdca617ddb67c2fb708

SHA1
15cb6d7ffe93324b38bb62bcc4ff14d1a57f94bb

SHA256
0f2cd40ad364711db1fee03cf9f6ca04fc56f5c3ba497dc476c5879e129d968b

SHA512
56729c905fe263a6b7978bc67c09b8dab69592e21aa9addba78866790bdb2dbd85e41e6a6663d511e73a8edeb75933b549b3c393a465748790a6fd50b337cee9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LYOG6IM2\vendors-node_modules_primer_behaviors_dist_esm_focus-zone_js-c9086a4fb62b[1].js

Filesize
8KB

MD5
19e28fe2dcffe5582e6352b53d0b22ce

SHA1
1e656d3443915c4e4bc9782f4366b4eebcf45720

SHA256
345e3daa928a64bc11b3778cfb36228d0025c260defa0b78e4c0ebe66c419737

SHA512
c9086a4fb62b90cd43e0a47621528a23582de79c4bdb1b2eac386f8e331c5ac891aa69975fdfb487a4cf508852c1c3ebc2df24e00ffca5443fb6e22f3b3ee99c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LYOG6IM2\wp-runtime-55f0990a7891[1].js

Filesize
52KB

MD5
a1898de750be1224e0c41d11a5311bd5

SHA1
b07d3646869b0081c7d67c85cd7d48e9981dad91

SHA256
8d64ee72d45722a999b32f5ef3d9c67999c086d45cc05b95d4887bc2cb0d276e

SHA512
55f0990a7891df41a238d10c64a8ba298a349066fb8f49e65d59a07a522162adfb29b997ff389f4493e9b861b2a596a406b57a58df489932253fbb453c4c4784

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VPH5IKN1\The-MALWARE-Repo[1].htm

Filesize
298KB

MD5
8949938e72ed0103996b9a2525c82ab4

SHA1
60de97a68a106048d94a180287b88cdc95134129

SHA256
bacbf19898e4f54a5723fcf3a61df717403c5549ab76505f3d3428235374fad2

SHA512
4a1c907f5eec6b78c2de15a5c241a1ae9a7d1e083d7c2dc6458f03454fae5b6fd534ec5cd88791e668966a5cc4bed083ffab9377e60e7f0c12b428fccf950150

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OZOP8RJC.cookie

Filesize
169B

MD5
b52f4f581dc9eb8cfe7fbac31efc901e

SHA1
e0acef04a5718caaf09c68d8de88446cf786245d

SHA256
5a0d9f6c9312ad5ec8eff0f3d8f867a60e196ca684d862db2d83ac5188400367

SHA512
7f632d42df45db2e2afc06e0b6ad5921d661168e2369a81a1d353d6c28a505bba73b7d2d9b7139ea21767dbfe15490435d063378e851e58d50bf8815e09de28e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A66A8DB907BADC9D16AD67B2FBFFDD5C

Filesize
280B

MD5
3fe1f7d25165ed35f2d2e6a21f7f424a

SHA1
ed43b14e2ca280aa6d26d7ec3c432f347d49ab22

SHA256
84008d9eeb2c23c3450a067e00fba1a75f6a349099b680e193948f2888407e97

SHA512
41d0646bfb92b8e95cc23d4774453f0b3a3a189df7011c187b9d8f77436f0c04c235fabe8c52dcc125d97e87e62bf1050e2e626faea2b78bac9757522aed15eb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
1KB

MD5
27b4ac4d33ea87ea34c6bf4463e9f5fe

SHA1
e4dac1f826d4b0acd8e1f247fe95fe5847eb4809

SHA256
95999c081ad63d5303fce13b5f586f6a82d9c795ea7fcc76d3b3e9f45c34c023

SHA512
f359086dac50291abfb54790d7d3d0486ab90b8dfd31848a44861a79a81ac17474f233aad97c7218301a41957da367a2913dbcf54cb5a298d1a6c35feda22851

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
980B

MD5
5d6dae1d7d3c9fc51cfd907674ae2459

SHA1
c027d7158cbe1da2953a70d6790018092a4dd999

SHA256
5d95365c08dd688efe20765e3f6a3b6b0c4870db4c92edd27d5f89d18ac6c4c3

SHA512
5406b1f7817544d06d5fd47f630e629c0df7e54d16c23b45ab0916bad823bb3390f20c82643aac59064271fbd349ce219e1348389c4825286731fa5beb53747b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5C

Filesize
480B

MD5
0baf8e0828332f180ca99d376a598269

SHA1
4e1dcefe2ac228ad76c9cdd8ebc13a5ac1f0c93a

SHA256
eb6e1df6137dcdf7e804845d4672e70fa9c59cc548d764792801eeced2dfb27d

SHA512
a27dbbc66d739c9e1ea1584ea50f9ae802338aefafba1d482f1edf78656480ab59c3a186f0b9d563c107c6e00db811b9695d421b1d37b3a98f68767c3b8fdd80

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
adee694195b077c919d4cb824ab00c80

SHA1
ff00e2453fb9fd5365465a4f53ba02b8267ed58a

SHA256
df4970c1654295f7ef0a10deb997cbe224392c8c158c8bab3ea36c78e5a05d33

SHA512
e00e530477cb9511ce36738cb51dd3ae9d750ee4b621261055f9a3aa7e82cfacf25dc132b8925e86ad32a65cc0a919d6dc283f39291bcbe80afd8d15d83d2fe6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
e974e4cea356d39d83c93953b8a782af

SHA1
9ec828d25c25147077a9691e5a87374afb79e5cd

SHA256
b809a9ab88e1f1ba8b6056826705fd8993951383e0b376594d653ef75db597fc

SHA512
df4877a102bca3d10adc249036cb03d299c73584e097ccf3931cff98453f4f6a46038223927b8b1728411ef70590927bafdfd99ad9bf1e6cda456758a6455fa4

Download Submit
memory/1444-237-0x0000015753100000-0x0000015753200000-memory.dmp

Filesize
1024KB

Download
memory/1444-241-0x0000015763AB0000-0x0000015763AB2000-memory.dmp

Filesize
8KB

Download
memory/1444-243-0x0000015763AD0000-0x0000015763AD2000-memory.dmp

Filesize
8KB

Download
memory/1444-245-0x0000015763AF0000-0x0000015763AF2000-memory.dmp

Filesize
8KB

Download
memory/1444-239-0x0000015753100000-0x0000015753200000-memory.dmp

Filesize
1024KB

Download
memory/1444-238-0x0000015753100000-0x0000015753200000-memory.dmp

Filesize
1024KB

Download
memory/3016-292-0x0000019040720000-0x0000019040820000-memory.dmp

Filesize
1024KB

Download
memory/3016-263-0x000001902FFC0000-0x00000190300C0000-memory.dmp

Filesize
1024KB

Download
memory/3016-288-0x0000019040640000-0x0000019040660000-memory.dmp

Filesize
128KB

Download
memory/3016-303-0x0000019041160000-0x0000019041180000-memory.dmp

Filesize
128KB

Download
memory/3016-280-0x0000019050EE0000-0x0000019050FE0000-memory.dmp

Filesize
1024KB

Download
memory/3016-264-0x000001902FFC0000-0x00000190300C0000-memory.dmp

Filesize
1024KB

Download
memory/3772-44-0x000001D5967C0000-0x000001D5968C0000-memory.dmp

Filesize
1024KB

Download
memory/3772-45-0x000001D5967C0000-0x000001D5968C0000-memory.dmp

Filesize
1024KB

Download
memory/3796-64-0x000001C84D100000-0x000001C84D200000-memory.dmp

Filesize
1024KB

Download
memory/3796-63-0x000001C84D100000-0x000001C84D200000-memory.dmp

Filesize
1024KB

Download
memory/4084-206-0x0000019683DD0000-0x0000019683DD2000-memory.dmp

Filesize
8KB

Download
memory/4084-203-0x0000019683DA0000-0x0000019683DA2000-memory.dmp

Filesize
8KB

Download
memory/4084-222-0x0000019684810000-0x0000019684910000-memory.dmp

Filesize
1024KB

Download
memory/4084-208-0x0000019683DF0000-0x0000019683DF2000-memory.dmp

Filesize
8KB

Download
memory/4628-0-0x000001D0F4620000-0x000001D0F4630000-memory.dmp

Filesize
64KB

Download
memory/4628-35-0x000001D0F1CC0000-0x000001D0F1CC2000-memory.dmp

Filesize
8KB

Download
memory/4628-340-0x000001D0FB5F0000-0x000001D0FB5F1000-memory.dmp

Filesize
4KB

Download
memory/4628-341-0x000001D0FB800000-0x000001D0FB801000-memory.dmp

Filesize
4KB

Download
memory/4628-16-0x000001D0F4720000-0x000001D0F4730000-memory.dmp

Filesize
64KB

Download
memory/4628-377-0x000001D0F1CF0000-0x000001D0F1CF1000-memory.dmp

Filesize
4KB

Download
memory/4628-374-0x000001D0F89D0000-0x000001D0F89D2000-memory.dmp

Filesize
8KB

Download