45ca25a430084beca91207992ca058af879cd2317c80a99e26b8feb30512dd0a

max time kernel
41s
max time network
56s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
24/08/2024, 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a968ae8b341fea64aeb3983d7dda9f1d_JaffaCakes118.html
Size

57KB
MD5

a968ae8b341fea64aeb3983d7dda9f1d
SHA1

4ac62bfa417f114e5c3618f843265ff18d51b239
SHA256

45ca25a430084beca91207992ca058af879cd2317c80a99e26b8feb30512dd0a
SHA512

e6023dd9748d2a1a477851c2116fb944c6b5a9478617ce12a4ca2ccbcd30f6d12ab0bd5a939f48bccb5e608bef81d5148e04d82d15d2fd6c9c184c48c2cf28aa
SSDEEP

1536:ijEQvK8OPHdsATo2vgyHJv0owbd6zKD6CDK2RVroTvwpDK2RVy:ijnOPHdsd2vgyHJutDK2RVroTvwpDK2m

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 1 0008 2 0009 a 000a e 000b i 000c o 000d u 000e t 000f d 0010 p 0011 b 0012 k 0013 g 0014 ch 0015 jj 0016 f 0017 s 0018 x 0019 m 001a n 001b nj 001c l 001d ll 001e r 001f rr 0020 j 0021 w 0022 th 0023"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\DOMStorage\www.dailymotion.com\ = "361"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "404"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "11.0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "HKEY_LOCAL_MACHINE/SOFTWARE\\Microsoft\\Speech_OneCore\\AudioOutput\\TokenEnums\\MMAudioOut\\"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "You have selected %1 as the default voice."	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "602"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "2766"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\tn1033.bin"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "132"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Male"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "German Phone Converter"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7f9e938144f6da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "L1033"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsTime\url6 = 0000000000000000	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d8c9a88444f6da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "16000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\DOMStorage\Total\ = "174131"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\DOMStorage\www.dailymotion.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{06405088-BC01-4E08-B392-5303E75090C8}"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Microsoft Speech HW Voice Activation - English (United States)"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com\ = "122"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url6 = "https://twitter.com/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "40A;C0A"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{6BFCACDC-A6A6-4343-9CF6-83A83727367B}"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "SR en-US Lts Lexicon"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 12 IoCs

pid	Process
692	MicrosoftEdgeCP.exe
692	MicrosoftEdgeCP.exe
692	MicrosoftEdgeCP.exe
692	MicrosoftEdgeCP.exe
692	MicrosoftEdgeCP.exe
692	MicrosoftEdgeCP.exe
692	MicrosoftEdgeCP.exe
692	MicrosoftEdgeCP.exe
692	MicrosoftEdgeCP.exe
692	MicrosoftEdgeCP.exe
692	MicrosoftEdgeCP.exe
692	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	2264	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2264	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2264	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2264	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4228	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4228	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4228	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4228	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
200	MicrosoftEdge.exe
692	MicrosoftEdgeCP.exe
2264	MicrosoftEdgeCP.exe
692	MicrosoftEdgeCP.exe
2936	MicrosoftEdgeCP.exe
2936	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 692 wrote to memory of 4228	692	MicrosoftEdgeCP.exe	75
PID 692 wrote to memory of 4228	692	MicrosoftEdgeCP.exe	75
PID 692 wrote to memory of 4228	692	MicrosoftEdgeCP.exe	75
PID 692 wrote to memory of 4228	692	MicrosoftEdgeCP.exe	75
PID 692 wrote to memory of 4228	692	MicrosoftEdgeCP.exe	75
PID 692 wrote to memory of 4228	692	MicrosoftEdgeCP.exe	75
PID 692 wrote to memory of 4228	692	MicrosoftEdgeCP.exe	75
PID 692 wrote to memory of 4228	692	MicrosoftEdgeCP.exe	75
PID 692 wrote to memory of 4160	692	MicrosoftEdgeCP.exe	81
PID 692 wrote to memory of 4160	692	MicrosoftEdgeCP.exe	81
PID 692 wrote to memory of 4160	692	MicrosoftEdgeCP.exe	81
PID 692 wrote to memory of 1344	692	MicrosoftEdgeCP.exe	86
PID 692 wrote to memory of 1344	692	MicrosoftEdgeCP.exe	86
PID 692 wrote to memory of 1344	692	MicrosoftEdgeCP.exe	86

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\a968ae8b341fea64aeb3983d7dda9f1d_JaffaCakes118.html"
1⤵
PID:1856

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:200

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:868

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:692

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4228

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:2800

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2936

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:2680

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4160

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3416

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:1344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZVQ9VIUB\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!121\MicrosoftEdge\Cache\6VSCAAV6\f[1].txt

Filesize
39KB

MD5
35e751e9ad4488fdb799ff2ee5c05093

SHA1
bb6660f96662615a468de0e613e2ce703730877e

SHA256
120541cf1ce005e98991acf361a6f8d344952c46ac18aeb2edba61f3dc3cfe74

SHA512
e1cf23aa3fa90aa6555b3176f262aa79fdd2a8b9119f579d45da012f61a9f32b5993c1fbefb715bdcbe3ec8563d93c239fd623b58a46070dc4e90937fcb31914

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!121\MicrosoftEdge\User\Default\DOMStore\V60JSGK6\www.dailymotion[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!121\MicrosoftEdge\User\Default\DOMStore\V60JSGK6\www.dailymotion[1].xml

Filesize
244B

MD5
dda8aa3d59cb7d5cf954e7ede5c14cef

SHA1
2b46a76152e1bf85e402d282cb7aa85b3239ce0f

SHA256
a8046d486ecb45898240793bba54e587333322d653cc336f5b3d523f87a8d8ab

SHA512
8270f89bbb9b0c5a1474b407e080dd8a2b87307456d158c2121515776dac6709e7faadd48552d391557ed31767beef050f8e6aafff15aee63abc69ba24b5d4b0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!121\MicrosoftEdge\User\Default\DOMStore\V60JSGK6\www.dailymotion[1].xml

Filesize
228KB

MD5
e2f0c26bb17c54eccb941247dd4e51f5

SHA1
7796b65afd4328afc71cf3b228d470155075e9d2

SHA256
022fd537036b8d38cc0f4d81ae874fae8a6dd32c52128afeb2fecb9d1be92e2c

SHA512
fb429ed72a027555a779983ac1252e7e0b80a4af13d4da545ead07fd9cb2f49d9278ed890bbce53a9e1855c656c35c6b84ae3bd2fbb5b53627488418c28c0929

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GAI0CRMO\favicon[1].ico

Filesize
758B

MD5
84cc977d0eb148166481b01d8418e375

SHA1
00e2461bcd67d7ba511db230415000aefbd30d2d

SHA256
bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

SHA512
f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF67CCD97E2FBA2B79.TMP

Filesize
36KB

MD5
2177a41f2f9aea85d98418f326ffdca6

SHA1
f0e773db0a06849b869230f5b77382f2fa1957cb

SHA256
3561445b714f0ee57d1141a8df6d051b8957dad86843c81fee35bd3ee70d76c1

SHA512
f6f5ed4127582efd3e04c25f09952ec93704ae30dd92f3652f2485c0275195869f84681055b846b3bb3e7a38f72f26c2187ee09dea4ac79b31c2133ac037b1aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NKF9WKUD\get-the-key-for-Hydrogen-Executor[1].webp

Filesize
30KB

MD5
e7f93fbf7f02849f47d590cf8cc834aa

SHA1
543d51ddeda8e2c4439a635ffabb8e4ccfd3af7b

SHA256
e45788adce0904b1a982c53eb739f35e15ec00d626245e36943cff8af8095053

SHA512
fc4b29a54c88a2d5675e6a821547f649a351a9907f7fb37374f41683858845ab620a8aed68907fcf2515b1189b9f99c54bd029de3ee813548f4c7aad3fcb3b4a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NKF9WKUD\header.min[1].css

Filesize
25KB

MD5
3e4abaa77d9cec962a9367cd0482d170

SHA1
b266fea6d9fb00795100233ffeb3066abd936640

SHA256
e776a7f761e5975d81c3d8a5ece5139fc9ac0dd13e3c494a941cf34c7a426ef8

SHA512
7fd47f473d8369509a7cd2dd4eb9b92d6573138c99540fea502c97e901694e4e610aabffd01fe3221d6ab1fe8894f6b8ff46e14885d70aa4c5637c475497fe23

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NKF9WKUD\manually-start-prism[1].js

Filesize
209B

MD5
274ba9a0254943f759566d26d5cf8d9b

SHA1
3a61527b69f18253c6c5c7d0c0925ec212c5c728

SHA256
bdc508e117f934b49eabaaa6ec0785da4bdac01276f084b75c0b6d93e22c25fc

SHA512
d9a8d4c245ae7a38e93c6f473b7b00960aa82e24591e656867a729f7c993d0b8434e39083a241227fb7b88cbcd05c7ea0964fdc909e509e70fb8d6c39cde1563

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NKF9WKUD\navigation.min[1].js

Filesize
17KB

MD5
950ef373ec191c5b3fb6af530efd0269

SHA1
ffadd24e68e83f5fdaa3621956a923f55e713b53

SHA256
86a58db20431c5440161f6e8b7e530af816f3d91945912a6cb262ff64942090f

SHA512
7f38aa1995de938765fd24880144a5775efd5b7878d5d922d853059ff5f1f1cc344a144787dfcd1d07e79b5f455015130e1aa689cf98f9b4b81877568186e306

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NKF9WKUD\style-blocks-column[1].css

Filesize
1KB

MD5
0ad0986a5739daf2d5abd0d66318242c

SHA1
7d4e647cdf52d61de82fdb7e661fc86228b18597

SHA256
3cbc55072e51af67ca4fe1aaaa5a157fa593381f9af338107c082d4e033da87b

SHA512
b5ed5e591f987007c22386ef2e0e55c699b3cd02ffcd62c8736276b15ec1c0a5aacc50b2a907599cd9f85221917e54464daec1a00a902aecc9644339a899aa8e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NKF9WKUD\style-blocks-image[1].css

Filesize
3KB

MD5
42e39f2a0085fa1c0b17a71232d82d07

SHA1
4acd121f66c307c50631f4b43bf3dfc6ce389806

SHA256
363536224f8ff47ecc6bf178c71fefa021e83f05894c77aadb6f7fe4f324c5df

SHA512
db2c09b9885ce17b1d771a0685b81666753af9d2c1b8941ce68733eaf5ea0696c549704162d4c8545043d45229cfee8c7a106cf6fb233676b2b6c67738d726e5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NKF9WKUD\style.min[1].css

Filesize
110KB

MD5
51a8390b47aa0582cf2d9c96c5addee2

SHA1
b16a640874025d085c38119a1a02a3460f83f2de

SHA256
98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20

SHA512
711162ab43e59e0ff5f050cca4278682194248a13ef2ee1f00ab276b6221e7a4dddeb9645e8798e7f67a34f0001c8f63469f2b2c3e6d4e2519ada30b6775e191

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NKF9WKUD\support-icon[1].svg

Filesize
4KB

MD5
eeb4ec2f4cd56889ce9ea714283ccdca

SHA1
a448233fcca6ff43e4b0edf55fc7ffde607f19f1

SHA256
099995c42d9274775b9ed854093ba13e516bf5317b99ff439759e7ccbeca2221

SHA512
3ecdea4b7bfbe412a8301ddc00549c8d6250438615a73fd3e26ede97fcc7eec1524a5eff655587cac2d91c1090f0a1f0bb966f3c01dad0422d02a79433e8de90

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O2LCV9L9\Hydrogen-Executor-screen[1].webp

Filesize
27KB

MD5
9615b714241e7c7cf66da02e255c3c79

SHA1
8f5f4556485d2da8f28eca9e9444d0186c92c941

SHA256
0f17642956d871ad60f3aece8184f5f77415347e82b3265f32fd058c874201bf

SHA512
f8ebef2b5b304649af42d9c7380f55394e3889e7f7c129101703290ab25236dd44c2e1d1ae7f6ba0181bcd9ca23c76537f15b7128b69eab9316c89134347ddbe

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O2LCV9L9\content.min[1].css

Filesize
33KB

MD5
eddd02ee63cf6e466f415f39746b67de

SHA1
f2856518b711aff3c61eb74b7af7601efc6d1342

SHA256
7c26d2d132f4ee399d5656681da0fb4960a0fd7cbfc6a5a5de43757971718735

SHA512
5df9159130f8958a112e87777b74e24c693894a772afc3985b5b5733dbc1a021874e56f20012f4d6aebc1ffbb82f9398f2cf6319e7a85fe58a2ad2a858e5338b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O2LCV9L9\footer.min[1].css

Filesize
19KB

MD5
1a577cf8e4f855f5f02812a1e86f3ab7

SHA1
1849350a33f4566195d7b32cf1e93c765f11d410

SHA256
43c239f270b71525869b3a8fcfbaa2bef403b6a7e8656b471b2f5a685e3431b2

SHA512
819de1a40c40b221330854b1d405411b4aa736b5897ce5f6cb49b0b01a8c14026e25a8dbbf7fdbebcd43c28e717d3fb9559beb156451da8ba4227ccb70598b7f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O2LCV9L9\global.min[1].css

Filesize
23KB

MD5
c7f0af01418295cbba2255e97e00be31

SHA1
b3d710094193855c8319e715bfe1ef3ebf70ae5e

SHA256
52477a8b539ec56f02c48de794616784bf3155d75f2cc0a65a0fc1fe249b515b

SHA512
11f8361cdc880ef3ddc6ec5d1de176a683aaf8f94cc34aee6d8b3f690f4ff42b960cafe9a535fbb04d021ba83abced274b489af330e96d894fb5b807a307bc32

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O2LCV9L9\jquery.min[1].js

Filesize
85KB

MD5
826eb77e86b02ab7724fe3d0141ff87c

SHA1
79cd3587d565afe290076a8d36c31c305a573d18

SHA256
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

SHA512
fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O2LCV9L9\main.min[1].css

Filesize
10KB

MD5
0899e2d3903d7c72d3ea5b25106c02f3

SHA1
4ec0230b97b4d81b8e969ff5779b71dc2acfa61f

SHA256
6dc038e2fc9dd8b994415d2b1eada4137b78dfe6f77aae1f9b4971738e619c5c

SHA512
f947be41efc392e143d474f24471f7617daf3b745a4c81725f8e1965b6ce63ad8c51bc471fe3bf08d8e2fb5e3b5cf8dd9c0bad7847020678843032b930ba6755

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O2LCV9L9\process-icon[1].svg

Filesize
2KB

MD5
be0f0d16f2135fb8bc290defde6b996a

SHA1
582cf7b440930f22c5c4244fe6af10733fa95f92

SHA256
d93444463f06dbf06fa4df26ca1496593c4bfb5b13b98a61e0c582efc27fd9ad

SHA512
393ea3e5530160548714071a7d727cb2c70fcf284a4d0a252921152a181ef6db571cb44abb12acbf27352a095b2597126abe730aeb850edd2f217ae200b566ff

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O2LCV9L9\screen-slider[1].css

Filesize
2KB

MD5
ef6fc906ece98360fe1da5fa5e6425bf

SHA1
50d8022e87557a81947d81bddd990fdbb9166660

SHA256
f412e3cb9078e3fddb010f9366e4b9a3e91ebf859c1be665a0db989062dc95d9

SHA512
e1b5e8e4a646a45139711e896ad66476dc6157f3fb3c59a3d1aff54ffe8f04859245e50062bd77a1ba5bb5ba0b7d390b0021cd6492bc1bb51d2061fbf721edeb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TG66RUH8\Hydrogen-Executor-Logo-img[1].webp

Filesize
23KB

MD5
0919d600ac52c7c88c3b0476b54858cd

SHA1
d95417731b5b9d222072b34914142d7a549db188

SHA256
df4f64cdce32729aa06d90c83bebbbb9d077ccd7e8c1cddc05fcca1fbe8f50c2

SHA512
c70aa5d3249471b3b6e7fb9a69232c15ad9f4e1b267d5e431a7f7c21449a5483cd674cec8677c6a2e65e64988e2b3409d2e559e1f63255b671dffbe035bedc85

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TG66RUH8\collection-icon[1].svg

Filesize
8KB

MD5
a55f41d536318a58ada1c730c6891ec5

SHA1
effd0e1f3dead2b69b9f19e802560ed898e3ac3d

SHA256
1f0c677cfdc68c9ccc87ed470f13722c44ba1e604bd04591f0bf47033ee00a6d

SHA512
b30d9eb33084f1d8d3555d383c7c96cc2416043eb1ee573031fc6f4d4f208ce03b53e5a9f9cb3195fa3ec00f3b460810b5284838121733301a2ac62ba6b0cb8b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TG66RUH8\interface-icon[1].svg

Filesize
21KB

MD5
aafcfb03d7e260ee9da3b4756c7ff1ec

SHA1
39069c3918d215b3dd5fd1e5f0783bcff9542377

SHA256
879d73f2369502fc44affff1c7eae76aa82a11313c60e1c50363fb982377342c

SHA512
9a347c32e055f7eb56fd52b52318d74b4718f246f56d887455d6327bd2d8a370673192c6b4c7e5f8293532d0fa4368fe3e49e5ed94100c3391ce2fdf3740c360

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TG66RUH8\prism[1].js

Filesize
44KB

MD5
be858d0bdd3d7670b366529c8638262b

SHA1
9560baf73f95616f5de72d260119599a6ae701c6

SHA256
db2290c0e7c3b8ca61564dffb881c0ce12807e7e071ebfb400c55762e849aba5

SHA512
418831859dfa1711f63cf5d0ec14bc428dc0aa12b6f41444101b02c082a3b2571e844d6e80abf617cdb4f896de6171624dcde84118a6bd9ece3319260dd9cd1d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TG66RUH8\style-blocks-advancedbtn[1].css

Filesize
2KB

MD5
34b93c4ef3bf37c37e30a5eb3fc9d067

SHA1
b579204b13a910f4d84f8d67e0a38120914e0b7f

SHA256
68c51ed2a5e298858764628af875aff8ec886a16c3e69ac4921b8513e6bfd7e1

SHA512
98313ce75ec593b0eeb53998de6c765a88bfbd7f19658c751040b37d51ef7f47dee85447c0157e5a0cef2f9a2f0682559975c1de361fe10148cad27441a51c4a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TG66RUH8\style-blocks-rowlayout[1].css

Filesize
7KB

MD5
b48c7c7066a31a3836aaba5dd06e8809

SHA1
9fe036fb0dea95fe729a22baf558e2fd67bb3eab

SHA256
c4e16e528dc7b514ba3d5224ffb82aefc754c3752f6cc004ad141162edc24f57

SHA512
f19efe7f219bf108fdd7f5ed8769f040beb88b1bcd3b9ed7e806d651ea36d429aaeb53558e7796b7f107e3a5d1e4cf932e1fc549a3fcaa38c14bed6cd14325eb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TG66RUH8\update-icon[1].svg

Filesize
21KB

MD5
6f5decb4bde70484e5a2b78032846975

SHA1
f7a13b271cc27e9871825b193ac89369428ec7b8

SHA256
41c7f94477d116433542490833eced6d3e04b9b19015e1250a572fd228840497

SHA512
bcd6c076a148d4c1ac6fe37f213374ac08431c3aca91f2aed8539965bd6a65f70995caebe5db10c01e8f29e52bab94018ca4872ac24db6c024294fbd9f22a244

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WX246DET\09EBLHIF.htm

Filesize
120KB

MD5
bbea0350553d392dc0031c7530342ba1

SHA1
fe92137355b789bc3f477b1dcf02394e9be9e13f

SHA256
1ae2642691a13d03148b6ce4b174de809f63ff2c611fa65bcccd8168d59ea1a2

SHA512
b4c0bf9628efc825d8c1e4637ec99af36b23331ce188f351d63ae70f090b4a16c2ea85085a46beb3e9ed48512adc1fbefa88a4dde2fb982c34430453b856da47

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WX246DET\Android-icon[1].svg

Filesize
51KB

MD5
160e127b68bf0bf0b64f13f4f7c34be1

SHA1
ecb47ff5e43998d8109dd0005c46e65837ba9aad

SHA256
87f9655f34354c0ea8cf9b451c8ed9abfe7fc3aa014e4391df6822555223c2d1

SHA512
54d4a7c846e9adcf29acd830317ad5fb4fab94aadf01adcb12438fa9bdc6a30406424106b44a3eaaf71a56ec179cce5d3f1fd07d186ece709a71806d43a726ca

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WX246DET\Hydrogen-Executor-Logo[1].webp

Filesize
2KB

MD5
62edadda745ff3b5ef2b47313446332f

SHA1
ce64d5add048235fed3218295424b6a7bed03c1a

SHA256
2930bfe35aa71915e015ac7799a220279e43d29c20f90dd743e89e249cfee06e

SHA512
fff123ad6ea03aa459bfee038f88de2eb8154a17b523e6607eeb422d7dffe1e397cd43a2c064dc3070002080c47921c54cecc62641a9046faa20f8833139851f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WX246DET\Open-Blox-fruit-inside-the-Hydrogen-Executor[1].webp

Filesize
15KB

MD5
a75776e1b7fa1d10f9bae7aba2cb2e55

SHA1
62c159aa3be9085b00722e3f9ed763c6dc4ce715

SHA256
4877687e32c2bc75bf71de8d602020d4743a920964dd5b5524c6b9161de5b035

SHA512
1cd9600301746cc81dc0bd057e0c9633f10070889779e5e7fd21803cffee866b3bd3c6d71ac1e3493f7a330670aee9f4c4d1b64504c7d576efd34cbe970c91d2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WX246DET\clipboardv201.min[1].js

Filesize
8KB

MD5
776662dc1ffe9e448e749a7a5863bdca

SHA1
324645cc99411a4a150894ffab45a6ba26685824

SHA256
1757235e02a869302c404e4fc1257c96ed8abf468d9635ffb2e17d053d72424a

SHA512
70028734d41df6c89790736894f9d77ca3d6c5994e9cb47a4c3440b4c10f9b74bd8df81ca24a772b29b51a7bdf453f1b81437c049b420e3cde418d39cdb3dcc5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WX246DET\code-snippet-dm-public[1].js

Filesize
1KB

MD5
aa33a9dc3c200b098609e3b254e00657

SHA1
3ef0b48baf825fd5130161abaf024d976de37a74

SHA256
1902de36b8d5c4c6818fc3cdbfe56c6401f5368b6db93f7c38e074486b2fe8a2

SHA512
cb2bd33ec32a68ac2b826265fcd18cdeea8a940b0081b3d28b107c3856a9610204e50820279f020cf6f7b2598318650b44e85baa14540e8923294172485dbfa1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WX246DET\kt-accordion.min[1].js

Filesize
12KB

MD5
c2096212db93ab5f2783ea0567fbb2de

SHA1
8b5df323989c6e697b9a42aafcc74f9acf7047cf

SHA256
a0cdbd267f2c9ce31b16ae0b83799a7b89b839c673ee0980c587812838956ef6

SHA512
cfd639dbcf34f3ec6921822d3597ad590f2fabcd9943fc7c3acf188b231736b86f1bfa5bb0a47aa771972f712f6dedd995d9ac2f49174aaacedc6024059708b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WX246DET\style-blocks-accordion[1].css

Filesize
10KB

MD5
148211d407ac31c639dbab5812723f2a

SHA1
c13d2610cbfb72c3d353d60e0d09f6df21ee048b

SHA256
82c765c11d4e4374f98355c0c3efafc7a92bcd63e2b0ab5a6652f28943675cb8

SHA512
eef3dbd61ab682c343b138d75c331267a4cc9fd781f2c2e89a07af3870604fe64d59f35abe0bb624b3aab02d7af25ce4e15fc8f9bb1718edbc6687a5b1327c7b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WX246DET\style-blocks-icon[1].css

Filesize
1KB

MD5
bb540675dacbcd752c02009d3cdd0d45

SHA1
0593d8b80129a001730610e903f2aabb359ad556

SHA256
463a3daafdd234cb04762f774cc4ff01c7b52b60784640f6a2565b008349475f

SHA512
f4a6f364db2fc58272a56556e52381f46383e99dfba755c17761cd8f34a0b5a56f4ff7fd77abdf8b2ef950f53a1c9ecb69cf0406593526204649428b2601fa77

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
7fb5fa1534dcf77f2125b2403b30a0ee

SHA1
365d96812a69ac0a4611ea4b70a3f306576cc3ea

SHA256
33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f

SHA512
a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
4641ff3a04b4955447d2f2a3398f9c22

SHA1
c0a5c5aaf717c7b458f1bb1efa48bd5c8ee57212

SHA256
fb3e73229522e2e91b6db5937909174de623a87982935201f706147b51a13bec

SHA512
93e58351535c272df6d2b5150f37cfcd77be8546fedf59218b87298935eac7a8cd06634b71df1adcd2efe11f530c396a7a277490fbf551f1a880acbd323beda3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
a5d271f148fc9bd27577e9ad47e40d5f

SHA1
f1f58220c4b7ddc17a618e9304116d7d772842a3

SHA256
3f6c25910254ef3708504be6ffa8cd18b915cb27a2dde4ee46110ece577bbb69

SHA512
aa2af48b41ad31a7f9ad299586190321ee3cb5ba87263c2f61f56a3bd499f5a9d7a4f4cd2b3b9d8d312e21d38177d69116d55956f72aeaee6778970e8b5b584b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
0fffdf2e8d76e9762f7db71b0a8646c2

SHA1
2bddaadd6d88aff6448077802cc5b8e8abd160c4

SHA256
3dce9fe064efe16bd7b992bbccbbf35b4822d14a9cba031813eaed1b5776aa8a

SHA512
4655f991870e5c8b25af22654979064d80e7c0f0d4702b85bfebb118122712fd327766baad35d81c15dc8db92b7ee53fa02914c9b407fec4e310a36a8db03ad6

Download Submit
memory/200-16-0x0000020366920000-0x0000020366930000-memory.dmp

Filesize
64KB

Download
memory/200-0-0x0000020366820000-0x0000020366830000-memory.dmp

Filesize
64KB

Download
memory/200-35-0x0000020363DC0000-0x0000020363DC2000-memory.dmp

Filesize
8KB

Download
memory/4228-377-0x0000026B71490000-0x0000026B714A0000-memory.dmp

Filesize
64KB

Download
memory/4228-383-0x0000026B71490000-0x0000026B714A0000-memory.dmp

Filesize
64KB

Download
memory/4228-180-0x0000026B73C40000-0x0000026B73D40000-memory.dmp

Filesize
1024KB

Download
memory/4228-80-0x0000026B726B0000-0x0000026B726B2000-memory.dmp

Filesize
8KB

Download
memory/4228-78-0x0000026B72410000-0x0000026B72430000-memory.dmp

Filesize
128KB

Download
memory/4228-359-0x0000026B730C0000-0x0000026B730E0000-memory.dmp

Filesize
128KB

Download
memory/4228-378-0x0000026B71490000-0x0000026B714A0000-memory.dmp

Filesize
64KB

Download
memory/4228-390-0x0000026B71490000-0x0000026B714A0000-memory.dmp

Filesize
64KB

Download
memory/4228-198-0x0000026B73C40000-0x0000026B73D40000-memory.dmp

Filesize
1024KB

Download
memory/4228-74-0x0000026B723F0000-0x0000026B72410000-memory.dmp

Filesize
128KB

Download
memory/4228-70-0x0000026B72340000-0x0000026B72342000-memory.dmp

Filesize
8KB

Download
memory/4228-325-0x0000026B75180000-0x0000026B75280000-memory.dmp

Filesize
1024KB

Download
memory/4228-64-0x0000026B721F0000-0x0000026B721F2000-memory.dmp

Filesize
8KB

Download
memory/4228-181-0x0000026B74200000-0x0000026B74300000-memory.dmp

Filesize
1024KB

Download
memory/4228-384-0x0000026B71490000-0x0000026B714A0000-memory.dmp

Filesize
64KB

Download
memory/4228-66-0x0000026B72310000-0x0000026B72312000-memory.dmp

Filesize
8KB

Download
memory/4228-68-0x0000026B72320000-0x0000026B72322000-memory.dmp

Filesize
8KB

Download
memory/4228-389-0x0000026B71490000-0x0000026B714A0000-memory.dmp

Filesize
64KB

Download
memory/4228-380-0x0000026B71490000-0x0000026B714A0000-memory.dmp

Filesize
64KB

Download
memory/4228-59-0x0000026B71710000-0x0000026B71712000-memory.dmp

Filesize
8KB

Download
memory/4228-381-0x0000026B71490000-0x0000026B714A0000-memory.dmp

Filesize
64KB

Download
memory/4228-387-0x0000026B71490000-0x0000026B714A0000-memory.dmp

Filesize
64KB

Download
memory/4228-61-0x0000026B717D0000-0x0000026B717D2000-memory.dmp

Filesize
8KB

Download
memory/4228-57-0x0000026B715F0000-0x0000026B715F2000-memory.dmp

Filesize
8KB

Download
memory/4228-388-0x0000026B71490000-0x0000026B714A0000-memory.dmp

Filesize
64KB

Download
memory/4228-216-0x0000026B72900000-0x0000026B72A00000-memory.dmp

Filesize
1024KB

Download
memory/4228-247-0x0000026B74800000-0x0000026B74900000-memory.dmp

Filesize
1024KB

Download

Resubmissions

Analysis