hxxps://drive[.]google[.]com/file/d/1m50r5Dn9dAYj8yTucQI_yUbjksrLws9C/view?usp=drive_web

Analysis

max time kernel
77s
max time network
81s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
13-08-2024 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1m50r5Dn9dAYj8yTucQI_yUbjksrLws9C/view?usp=drive_web

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
2	drive.google.com
3	drive.google.com
56	drive.google.com
57	drive.google.com

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\NumberOfSubdomai = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "4631"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "4530"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7c173525afedda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d4252745afedda01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5da84f3dafedda01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b8032425afedda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "752"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "603"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "1044"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe

Suspicious behavior: MapViewOfSection 10 IoCs

pid	Process
5096	MicrosoftEdgeCP.exe
5096	MicrosoftEdgeCP.exe
5096	MicrosoftEdgeCP.exe
5096	MicrosoftEdgeCP.exe
5096	MicrosoftEdgeCP.exe
5096	MicrosoftEdgeCP.exe
5096	MicrosoftEdgeCP.exe
5096	MicrosoftEdgeCP.exe
5096	MicrosoftEdgeCP.exe
5096	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	1032	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1032	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1032	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1032	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4400	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4400	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2840	MicrosoftEdge.exe
Token: SeDebugPrivilege	2840	MicrosoftEdge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2840	MicrosoftEdge.exe
5096	MicrosoftEdgeCP.exe
1032	MicrosoftEdgeCP.exe
5096	MicrosoftEdgeCP.exe
2776	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 5096 wrote to memory of 3068	5096	MicrosoftEdgeCP.exe	76
PID 5096 wrote to memory of 3068	5096	MicrosoftEdgeCP.exe	76
PID 5096 wrote to memory of 3068	5096	MicrosoftEdgeCP.exe	76
PID 5096 wrote to memory of 3068	5096	MicrosoftEdgeCP.exe	76
PID 5096 wrote to memory of 3068	5096	MicrosoftEdgeCP.exe	76
PID 5096 wrote to memory of 3068	5096	MicrosoftEdgeCP.exe	76
PID 5096 wrote to memory of 3068	5096	MicrosoftEdgeCP.exe	76
PID 5096 wrote to memory of 3068	5096	MicrosoftEdgeCP.exe	76
PID 5096 wrote to memory of 3068	5096	MicrosoftEdgeCP.exe	76
PID 5096 wrote to memory of 5804	5096	MicrosoftEdgeCP.exe	79
PID 5096 wrote to memory of 5804	5096	MicrosoftEdgeCP.exe	79
PID 5096 wrote to memory of 5804	5096	MicrosoftEdgeCP.exe	79
PID 5096 wrote to memory of 5804	5096	MicrosoftEdgeCP.exe	79
PID 5096 wrote to memory of 5804	5096	MicrosoftEdgeCP.exe	79
PID 5096 wrote to memory of 5276	5096	MicrosoftEdgeCP.exe	81
PID 5096 wrote to memory of 5276	5096	MicrosoftEdgeCP.exe	81
PID 5096 wrote to memory of 5276	5096	MicrosoftEdgeCP.exe	81
PID 5096 wrote to memory of 5276	5096	MicrosoftEdgeCP.exe	81
PID 5096 wrote to memory of 5276	5096	MicrosoftEdgeCP.exe	81
PID 5096 wrote to memory of 5276	5096	MicrosoftEdgeCP.exe	81
PID 5096 wrote to memory of 5804	5096	MicrosoftEdgeCP.exe	79
PID 5096 wrote to memory of 5804	5096	MicrosoftEdgeCP.exe	79
PID 5096 wrote to memory of 5804	5096	MicrosoftEdgeCP.exe	79
PID 5096 wrote to memory of 5276	5096	MicrosoftEdgeCP.exe	81
PID 5096 wrote to memory of 5276	5096	MicrosoftEdgeCP.exe	81
PID 5096 wrote to memory of 5804	5096	MicrosoftEdgeCP.exe	79
PID 5096 wrote to memory of 5804	5096	MicrosoftEdgeCP.exe	79
PID 5096 wrote to memory of 5804	5096	MicrosoftEdgeCP.exe	79

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://drive.google.com/file/d/1m50r5Dn9dAYj8yTucQI_yUbjksrLws9C/view?usp=drive_web"
1⤵
PID:588

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2844

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5096

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3068

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4400

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5804

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5168

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5276

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\KFOlCnqEu92Fr1MmSU5fBBc4[1].woff2

Filesize
15KB

MD5
55536c8e9e9a532651e3cf374f290ea3

SHA1
ff3a9b8ae317896cbbcbadfbe615d671bd1d32a2

SHA256
eca8ffa764a66cd084800e2e71c4176ef089ebd805515664a6cb8d4fb3b598bf

SHA512
1346654c8293a2f38dd425ad44a2aa0ed2feab224388ab4e38fb99082769bbd14d67d74cac3ce6e39a562a0812f9bce0a623be233f9632dcb8d5d358e42f2186

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\cb=gapi[1].js

Filesize
122KB

MD5
7d41ce8af12a1020f76d0d4620a30b79

SHA1
913cdcd6daf53cecb2639d9a451c4f1f88071d9e

SHA256
2b4ae5731b6361fef2a0b2ea0d005ca674d5cfa837628dc8acf4140b2c8b3843

SHA512
f42cd6041d26407cb75ab57788a71aab626d3a94c50a2a4a04dcb6c89fb728695c44054c0dd79e3c2824bfa9188d6ca8e7a3cb71e6eef7f645f93839147ae0f0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\m=MpJwZc,UUJqVe,sy6,s39S4,syn,pw70Gc[1].js

Filesize
6KB

MD5
fd11c6ecbfff1def3629662fb3b973d5

SHA1
ce7af3298b19a7495e8bbc463e8e404f68920117

SHA256
ae792fc369868c53895c2051ac1a2256ca99b29a1c0d2ec301c697fc695b661e

SHA512
bbec488d4cfeddd7d9ffd64bafdfdbb1b917f8aef6ec35d0af5647eba92e7ea0a448236532281701c2f2543682d5f22f3fb32cbdcde604ff05072fcb8125cfe8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\m=Wt6vjf,hhhU8,FCpbqb,ws9Tlc,WhJNk[1].js

Filesize
15KB

MD5
3ca333226769f6188d7021e62ab41610

SHA1
de53ac8a3630b8ee309505e61bfccb28960eb717

SHA256
3ba451b7f3de4c3ad7872977b92ac8878b9a4f0d0c5712ebe5c812fc1b7ecf5e

SHA512
8431c766c326f8576f181a6463e72bbb87a195693f8993ff2fb0e380acb3ad47736ff1c2f5c6c59eb9574215d4f513a0e73c1228fb248e19f0530464293cfb59

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\GBC7SW8E.js

Filesize
253KB

MD5
fbf7d3901aeebbbe96a9a2b4b20de276

SHA1
e2823f1968681b31b653a4a36473d0beb7311956

SHA256
d717e3d562c1a860b683f8455ce0e98378ea57af9a20531dcb940db302bd9503

SHA512
e466a15a8cb06dcd144073b10bcadfc9a643094713fa1c4f8daaf4ce1057e8f09ae966cb866707561d720cedfec3a81d1069a289513954604b2b0a3c710cc245

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\lazy.min[1].js

Filesize
119KB

MD5
5c1a4b68757b6ccd39b595a2441d7c3c

SHA1
1be90dfa833ec7bdae7220da8feb734aac38e215

SHA256
ba07bebd73cb37c8c14ff99d766a75062b33479eff7365e9c9cd37e2f709eae7

SHA512
6ee9dbec35c999c9b7c22140ae08ca1e325ca568d27e09f68d471923cc0fdd2b8f6009d167e2898d730116cff220f22415368b3d3261d3b25fe5a343185199f9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\m=RqjULd[1].js

Filesize
21KB

MD5
40412c46fa8867bd0666b04012d23c6c

SHA1
b5a48595652eae9adbc1ab8799d53cb332fe4240

SHA256
e4def9d3a3f4f9d79f35eb11241ae2b8b6d6bb70c7f707bec0a4c938d5a993aa

SHA512
c38849867c52206d89c91e7f35a7f0795d79da62006ea279d0233ba45f6fb5f69278e2396f5f2b525c374b0970b95ff0458b69dfd85bfcacb9b2ee9526fcdf15

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\m=_b,_tp[1].js

Filesize
188KB

MD5
c162250c4bb3b3ce35bd2f2449193711

SHA1
5e52b88884d49e98ca996213f1ba2a89b022ae30

SHA256
c12993d5a62acf6909a3143aee0f8980eb70f83e762909d910777a529305bcd7

SHA512
71e600ea283386442a59daa79bfafc33f22406d2af5a99c947c4df907645e560fd1200929f7812dcf9ad846809cc9588f93221cd376fff0abbea1f276d638ab0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\rs=AA2YrTsXU5hjdOZrxXehYcpWx5cYm18ejw[1].css

Filesize
3KB

MD5
742477c1b19afd7b231a7ad135dde15d

SHA1
a79f8f261ac55a18e244e1cfd02c2797ee9162cc

SHA256
c8b5963c22674e7ae4e79654c6b7f6e4120f6b637dd81594a1ff5ce85b07345f

SHA512
aa8f36c81af8b33fc66c0dc46b1dbb5a46fc25e6aa07ae3bad7da9b4d291c38039284c59e5c27657ca94a763499904cc142c511e2f1af174e5e4033196aa106e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\rs=AA2YrTsx42cCC4whFxk9cLqDwhTgb_zhSA[1].js

Filesize
228KB

MD5
b7b99e7cb43c7d52bce32952ae8c9bec

SHA1
6ecd8c1cc9241f45bce8e2d6a10443afe527bf11

SHA256
7fdd54a9186b989c1efb06ceea9c5370db958ce49ad5bb95908ec1b6112cd642

SHA512
ac376339f0e7d0fa80e41a362c0e67a56bbba0db11cc70d812aa1dd54d4f3489a147d516b0384668e0a0ddd9330352e36cbfdd484cf9bc853a36f115fe501c2c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\KFOlCnqEu92Fr1MmEU9fBBc4[1].woff2

Filesize
15KB

MD5
285467176f7fe6bb6a9c6873b3dad2cc

SHA1
ea04e4ff5142ddd69307c183def721a160e0a64e

SHA256
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

SHA512
5f9bb763406ea8ce978ec675bd51a0263e9547021ea71188dbd62f0212eb00c1421b750d3b94550b50425bebff5f881c41299f6a33bbfa12fb1ff18c12bc7ff1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\KFOmCnqEu92Fr1Mu4mxK[1].woff2

Filesize
14KB

MD5
5d4aeb4e5f5ef754e307d7ffaef688bd

SHA1
06db651cdf354c64a7383ea9c77024ef4fb4cef8

SHA256
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

SHA512
7eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\m=bm51tf[1].js

Filesize
1KB

MD5
62059dc4c4dac030951c34a7e67fd6f0

SHA1
eacd58bed073e3a765479517425cfe59e0280a6e

SHA256
590508e246ad0d8ab94e0415a3ecf61330483ee55e30281d4a569a5d65ae6fa4

SHA512
84efa1a3891cba4b92aba52938a4aa9f4becf81399f728e5cc95af3add98a7804f3aa07fb5540deefc78c0fb7fe924044bc4d45c413f08e7814cb21499c94a28

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\m=v,wb[1].js

Filesize
1.8MB

MD5
815e48dcbbc27d8ad4ef542c94d0e478

SHA1
e354505bafe3718c2c7da2b6eb3ab42d55a3195e

SHA256
6659b873e6612a7d124925ef3ab488eb16aae6168df07eab1ee120d8a3fe59fa

SHA512
050a6612f9b1583f3e33c7c97a518439b2d9bae562457439ddbb17c21cc200ea3ae27c5a96f45e11693f74909c14b5e86a0f45a8666b493438f4b9e095bb9172

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\rs=AO0039snslbYrNryBRt7i8qj5hZ5UpWU3Q[1].css

Filesize
2.3MB

MD5
8de9fffcea9fbd60deb7c260639ddd53

SHA1
f5096b47dab6569e3fb9459de3370736e48f1678

SHA256
432e70ebc941bb683048d65e0282ed9652c9058b9d11e49ae5baf35b54a8e993

SHA512
3de97f2eebaf9e5d18f665a9b2a0601cebcf089e077c835d08599d96a6f10c6b2fae7d7fc025cf5e0913e1fabc56af2e73be538dafa87534b1c1867d9a9c7be0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\KFOkCnqEu92Fr1Mu51xIIzI[1].woff2

Filesize
16KB

MD5
d8bcbe724fd6f4ba44d0ee6a2675890f

SHA1
d276fd769bcb675f8efe42ebe3003c1d3255f985

SHA256
aa4650a411dfe1c9beb794ffaf08c7909cdfbb05672d79b3a9976672cbba75ec

SHA512
23f757ea3afe6febe1e8ea935f0ee8690e1b1b1da511788b529cc2fc38f7e454153cdba6f84a6a0e19b294e5311625a03617cf98aac150f17b88a53f3ed8b72a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\KFOlCnqEu92Fr1MmWUlfBBc4[1].woff2

Filesize
15KB

MD5
037d830416495def72b7881024c14b7b

SHA1
619389190b3cafafb5db94113990350acc8a0278

SHA256
1d5b7c64458f4af91dcfee0354be47adde1f739b5aded03a7ab6068a1bb6ca97

SHA512
c8d2808945a9bf2e6ad36c7749313467ff390f195448c326c4d4d7a4a635a11e2ddf4d0779be2db274f1d1d9d022b1f837294f1e12c9f87e3eac8a95cfd8872f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\cb=gapi[1].js

Filesize
206KB

MD5
01aca6d674132913ecbc9db2b2d9ad03

SHA1
c9fb646739e2ed2e18869867e3fcdd9364ff046f

SHA256
f41d574aeffffe2094c610397398b37da40813e31cded45f92037c49295f4d15

SHA512
c96ab1a80f2db279ea53f8bedbd1b2feb17c3ac7ff29181235883d78b065fca21c59c832b04bb6c50fc6cd56287f5fb7977a1d9a2dfb5c7ac45443d86f56bbd0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\css2[1].css

Filesize
609B

MD5
c9416551b401e8ddc4cd642b1348d60c

SHA1
75d238de4bcef07ec6afd81fa38a91a3a55adc2a

SHA256
cb7b5b067f94b97f8e98d0c0d0e2ef2add7725527ad7ea726ff7d6702f1eff9a

SHA512
b7b3054284b982026adc743f27da8d89050546049471cba9e380086a56dc01749041e237b932e187b566445bdc380ef3938c4f7932e33a6005344f7ccb14d5c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\css[2].css

Filesize
800B

MD5
179833a46cf004323d697ec583d1c0b5

SHA1
d67abe32e5acdd166bfa9043124b95c0ec05bd7e

SHA256
fb248ea03e7b4f21745d262e1974ab61e7acdbf2621a22332cde5fb29b5e5f72

SHA512
59879fd2b6d1c760ce06a58c3b1d0915a923fd3e938a876323bfedf40fec4b41a85b2be6db09aa4396d353632c35a2c52a10ffe04aa73044936379a4f2fe54df

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GFIKWQ4B\favicon[1].png

Filesize
7KB

MD5
9e3fe8db4c9f34d785a3064c7123a480

SHA1
0f77f9aa982c19665c642fa9b56b9b20c44983b6

SHA256
4d755ac02a070a1b4bb1b6f1c88ab493440109a8ac1e314aaced92f94cdc98e9

SHA512
20d8b416bd34f3d80a77305c6fcd597e9c2d92ab1db3f46ec5ac84f5cc6fb55dfcdccd03ffdc5d5de146d0add6d19064662ac3c83a852f3be8b8f650998828d1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\K8171U3A\drive_2020q4_32dp[1].png

Filesize
831B

MD5
916c9bcccf19525ad9d3cd1514008746

SHA1
9ccce6978d2417927b5150ffaac22f907ff27b6e

SHA256
358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50

SHA512
b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF20FD167C8DCBDB92.TMP

Filesize
20KB

MD5
e309103ea16a0b82e6b63ce5087b21d1

SHA1
bae725610254ca54c327afd7f3839eb218d95970

SHA256
bb41620e19d224e140a6afa7f579aae4ed2c64c7adc35471074ae584d5a219f2

SHA512
dd5e2221ddc0fc3204059c17e4ae6f14a1c89f361a6fd3ac0c7cbde1899120716ff1d0818e585e273061f9c421a9f7970db2fa35345ae6b9e48266a120c933df

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\callout[1].htm

Filesize
31KB

MD5
a695ca799270f72ba0ec7a2b9aba63cc

SHA1
ad4c4580837d3050bcad502469b9c4594150bb66

SHA256
7fc5ccdea19ab9b4f7485113edf73aea2a767efa879b0decd0f918b1e9664c9a

SHA512
c39b2cd680c0156aad91513cfeb180be363f09b12d1f42dcd103539cf0f5f5abed217f1ff1bb489fb5917a245c0d8c6eeb5cc9e47c824ae0cf7d51c4839a976a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\Chrome_Owned_96x96[1].png

Filesize
6KB

MD5
c101133ecb2d66f0ea98131267d2a10a

SHA1
8c038b9b39fa23e0ad2226f0016bf51fa0b86e37

SHA256
e3654539251df82d59096e81c875d1244ffb7ab92dbf3ce26f63f675121d8918

SHA512
751e9bfd75d1685a490972fe0d40fdbcda97607f6a500d051b400b002ed8c1d7cf9dab019388b74796c9afeaed4e317ac6b40a7e936d234536aeb0cb6c0d8434

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
203eebcd8b36613f0b6ac93d0d39352a

SHA1
8ff94309fc8f76f7fcd29a51b6b835e63fd7d8df

SHA256
56dee0c1fb3cd8e0ab40d11d3b8d43998d7cae7b37da9bf1d93d134b2eaeaf58

SHA512
34b99646afa0fbe8e21ed3e758ec68fdee8967b596dfcb87cc6d0ee9de607cd86fb6aab15e34d41ca71cc49372c454f570edcbda7f12f7adf87bfae3b8596e3a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_BE32D9F1882B93E37445F58E05C44495

Filesize
472B

MD5
50a4a7906805a60318bdc9facec3b573

SHA1
29d050938a52790e6cdad72830da0e51f0eaf125

SHA256
d84de05fea477287d6a301c06e74d4cb60b990b10bbddccb8e38c1cb9006455f

SHA512
e74bab55f9ea07c0f26f139815cde1e2e45fe114ec7586820faa0b8f087eb862a93d73361b947146be566aa5f02e34f23b17ae410b94cce4e8cb323e05d19b9d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_7172B2D154CEE636221DEE2B89A92AB1

Filesize
471B

MD5
b0c4f0538def511e8d9f78e7b5de4fe0

SHA1
d0fcdc1f218c8fcd1385632c42d5a2eaedf4348d

SHA256
3e0e9f63089f9b61b4cd4a792cb1b474373cc94aafefeac63bf8ac64b40c25ba

SHA512
24ab6f5cfb77c0ef0e3a2c4e95359c9b64b05e8ec1bd9335eef9a4fa965b7e2947ddb4b3d6c7b3fa5add1b928435e5091af4fc276e6451993d9b1b7dccb9991c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_5CF45833F44BFC2995315451A3896ACA

Filesize
472B

MD5
ee93ced4b766052b2828fa26dc4523e7

SHA1
061c512f4d92dd8f12ec7c24b166e8a73af4a15a

SHA256
77e3042714980693b0460e0b9ed96b1c375a37da40b44bcf36bf6365becee8a6

SHA512
79d5e8925bdfdc412abdf6cc6e9d71493f3ab32d27907169d5328077a9d4ce648d8c796c611e60378ccd33ef1a05a2d1e43baa24b5a1155934c1ac614c39717e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_0FE7F9E544828605E8602D3A6629EA0D

Filesize
471B

MD5
a76c168cb62683f5006d24aa07c4756b

SHA1
823de448ac59ef1bef0d8b9bb3c47a67ed7fc291

SHA256
d4cfeab02a4e10ed5c94197e50c9419990bdf556cc00c73de793f4c99c718f02

SHA512
bf35070dcadfd5959ffd2510256d30df4ffb09c85acd1389297c8c07d011da2a3a13035cb7936cae6d756d69eaa17566fdb7f36e755d9b1d2e01f058ff82fc3b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_68D058512F3515153DEB95A1F4E72552

Filesize
471B

MD5
b89424bb626b300ff7adfa1161c6de25

SHA1
7796796fcaf3a7d189778e7d6f2ced532002d8a7

SHA256
c3a38c2962568975563281bb01bfad14d2a3b2ed79cd6ad89cc37fa742f4b7c2

SHA512
1c67cfc69ce5e244c3e12863e2c3ffbe5aca1fa55c119d9262378454442da4509e53abdb4c40febde8ad34d3b72dcfe3a579a3bfd79e49cfd1d2ee3cbd27aee9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
946a220cbc49747e81eaf825d59a4fcc

SHA1
9bae83bfb8c33ce90cd30bd8451f822ee4811b98

SHA256
0929c09eeb7aa476cbb541dee3112a29ceb84b44067029fa2d63023286d7230c

SHA512
07b3abc03c5053fa0fbf7db781bdbdba3619517c5b5f76749319f3af2efcee68b70d01f4a1d85da28100873f51a573b6f0f30ef8c0da8e08185fdbb69b3482a1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
bb617f6b69e5beadc252ebf9a75db61f

SHA1
667665db761e786eae41a7b1852dc8c47b02d1d7

SHA256
982e1e1a0245486c7391c2b348fc376a0773ea47f543188eaa2250e7f858b8bb

SHA512
8caa2d039e5c909910f4d8a3a8c5c28d103f166fb089a6cd175c2dad648237f3a65a32362ee2a5ebdb4ffac752d4dfa5f3db8e9a1dda70b0bb1f0ec733de9661

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_BE32D9F1882B93E37445F58E05C44495

Filesize
398B

MD5
b53137efaead4017c338eac65bdffa9f

SHA1
d87aeeb5a9007cfbd1636b9ac101b1185946eaca

SHA256
0852c7ba2d0ca7c6cd1f562555d405d7a89064c430a7259454a6401259b9f8fd

SHA512
fa771d53baefd6e14748d0db1a4f4e3da285dd593303f18c2989890e3ff607f71870fa90ca05e3be141954ffa249e672b7371b2fa1261e51ae351e9ff933616e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6DA548C7E5915679F87E910D6581DEF1_7172B2D154CEE636221DEE2B89A92AB1

Filesize
402B

MD5
8a9859efbc7220cd5d1af7912281ac85

SHA1
d4cb5af42f8fa40376ec8a23bfff6cae11356b94

SHA256
5012603630b5f3edb6cd7152802b84410969fb1f21ddb1b880e5b9261e5db46e

SHA512
17c0bad2d9ab5cb4b81ca97b90c0e528038eb04e10ddaf0a193feecd09edb0010195d6e6a11baaedac27decc688a9e270b482e7d26dfd38aec23733630f2db54

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_5CF45833F44BFC2995315451A3896ACA

Filesize
398B

MD5
cb4b1750acefb582d60695b636a8f4ee

SHA1
68f6bbe080a20154cf4105656639e61475d3f1d9

SHA256
5a3a0d8c3aedf9084c6db30899ff8b9bb5ea3605515055ccba3b1cfa83c2c94f

SHA512
7e1f62ee3d951748ae6792087b9fb722021574e5bcd014a839aa32a9c1bc018fb34448876045f3e5d222f5b52b6d924701dc691a5453c05e1b5927e4157c0573

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_0FE7F9E544828605E8602D3A6629EA0D

Filesize
402B

MD5
d74fdab1baa094b2c88b0bfa6cfc7884

SHA1
e08bf08100d98299da7d41c536a17288d59c7d72

SHA256
25535d888b9cb49d31c28871acbdd338e372828cee62123f961f9b3ea2bccb14

SHA512
ed1ed65dbecf29c59b01d92fac2c1cf7bf3a1a103241d6daaac71a1cb08a4c5421166c1e66c59b3487102cf2d96c1e711c70029b3d9cb60a108486093141fe2b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_68D058512F3515153DEB95A1F4E72552

Filesize
406B

MD5
31b11bcbcfa0d854426043578f1e7d76

SHA1
9d0913dbcaccaed21811ca4eb38e41e7203b9d1d

SHA256
2bff8bb485adb4704e579a820aa9ff446e8be64d00addede20ef736953145997

SHA512
c68dfadbe9da69e60611309f826acf60109fbfa6f06a699a69aa0e64035f7736b69e51f93ba489eb791685495b81f491f125b9718af1e95cf376c8b2872846c9

Download Submit
memory/1032-45-0x000001A61DA80000-0x000001A61DB80000-memory.dmp

Filesize
1024KB

Download
memory/2840-16-0x000002781CF20000-0x000002781CF30000-memory.dmp

Filesize
64KB

Download
memory/2840-35-0x000002781A0F0000-0x000002781A0F2000-memory.dmp

Filesize
8KB

Download
memory/2840-0-0x000002781CE20000-0x000002781CE30000-memory.dmp

Filesize
64KB

Download
memory/3068-303-0x00000230B3960000-0x00000230B3962000-memory.dmp

Filesize
8KB

Download
memory/3068-86-0x00000230B2C50000-0x00000230B2C52000-memory.dmp

Filesize
8KB

Download
memory/3068-88-0x00000230B2C70000-0x00000230B2C72000-memory.dmp

Filesize
8KB

Download
memory/3068-90-0x00000230B2C90000-0x00000230B2C92000-memory.dmp

Filesize
8KB

Download
memory/3068-236-0x00000230B5000000-0x00000230B5100000-memory.dmp

Filesize
1024KB

Download
memory/3068-301-0x00000230B36C0000-0x00000230B36C2000-memory.dmp

Filesize
8KB

Download
memory/3068-302-0x00000230A02F0000-0x00000230A0300000-memory.dmp

Filesize
64KB

Download
memory/3068-105-0x00000230B31A0000-0x00000230B32A0000-memory.dmp

Filesize
1024KB

Download
memory/3068-129-0x00000230BD080000-0x00000230BD0A0000-memory.dmp

Filesize
128KB

Download
memory/3068-95-0x00000230B3A00000-0x00000230B3A20000-memory.dmp

Filesize
128KB

Download
memory/3068-98-0x00000230B31A0000-0x00000230B32A0000-memory.dmp

Filesize
1024KB

Download