hxxps://steamcommunity[.]com/profiles/76561199724331900

Analysis

max time kernel
25s
max time network
25s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
12/09/2024, 23:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommunity.com/profiles/76561199724331900

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 20f113096c05db01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{DD347A18-FF49-41B0-853E-D73D8756F64A} = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 452ef0086c05db01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8e08ca086c05db01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
3972	MicrosoftEdgeCP.exe
3972	MicrosoftEdgeCP.exe
3972	MicrosoftEdgeCP.exe
3972	MicrosoftEdgeCP.exe
3972	MicrosoftEdgeCP.exe
3972	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4176	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4176	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4176	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4176	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3220	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3220	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3540	MicrosoftEdge.exe
3972	MicrosoftEdgeCP.exe
4176	MicrosoftEdgeCP.exe
3972	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 4224	3972	MicrosoftEdgeCP.exe	78
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81
PID 3972 wrote to memory of 3356	3972	MicrosoftEdgeCP.exe	81

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://steamcommunity.com/profiles/76561199724331900"
1⤵
PID:4616

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3540

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2944

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3972

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4176

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4224

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3220

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y610EDPN\MotivaSans-Light[1].ttf

Filesize
119KB

MD5
d45f521dba72b19a4096691a165b1990

SHA1
2a08728fbb9229acccbf907efdf4091f9b9a232f

SHA256
6b7a3177485c193a2e80be6269b6b12880e695a8b4349f49fccf87f9205badcc

SHA512
9262847972a50f0cf8fc4225c6e9a72dbf2c55ccbcc2a098b7f1a5bd9ea87502f3c495a0431373a3c20961439d2dae4af1b1da5b9fade670d7fcaed486831d8c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y610EDPN\MotivaSans-Medium[1].ttf

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y610EDPN\MotivaSans-RegularItalic[1].ttf

Filesize
132KB

MD5
7bc1837717cdc49c511ebdd0e75122a2

SHA1
d31e0df252328b946984c6bde94f7b2f7c72d964

SHA256
97c39175b9c8c46a5f2be987c00be2ef556421fcdada1ed3b327c50cc36cc78b

SHA512
53b31bdecde75e8f50f82db69728f6f831d6a3452062ac6e419f9369ffe88f0ea6ace3a501d89501ff86fe47e05900ed5b482221d215898e28a0a4bb1f1b6a85

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JIWC3VA1\favicon[1].ico

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3DY5YD6P\arrowDn9x5[1].gif

Filesize
1KB

MD5
ef8ee66b9461c0317eaab1827eac53bc

SHA1
24cf37bea83d4357c8481218f4c2c2acd74bc73c

SHA256
f2cc9ee07ca40866b840f1a4d780c4ab75d91bfdbe215c0f7251c0d76cfbad7c

SHA512
6386f06d466b9722ac3ba0e5224225032682c43de7d6fb096630d6ba54adba8fe7450d236ffd14b4fa2b481481ea98623c919b49e507c22912877e9476bfcded

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3DY5YD6P\buttons[1].css

Filesize
32KB

MD5
3d42487e1b5c427ed66f2be54948561b

SHA1
450b970e36aeb1375844c48a412be7caf5d5c447

SHA256
60a5b96dd853a80363de37ae72b72ceada056cf781cd9dd2ac74869030d6f76d

SHA512
ccfa196d70dff10e488ac4d0817836e54ea573ef6c59cc76a57e47988668c38ef43e1012c71a975d234d678d6ef667e895936e45abda8a74d0ebe45fda8ac101

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3DY5YD6P\clientcom[1].js

Filesize
7KB

MD5
476176b0d1a2a40f9b2328813757e06f

SHA1
e6b63568d2a186ae12f676757fd9bf667cbe9c18

SHA256
2da1f0641459324baf55ebd3a85bb6ccdd16596003a88d8a1092c340db26ac66

SHA512
3fc60f46b5af5a9c51b94eeb548fc97ec8ace82ebb3a937c8dc558a26ff99d2af557e80717a90242c290745b22af2244a39f08256bffa2edf1e5d5f1cb7186e2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3DY5YD6P\jquery-1.11.1.min[1].js

Filesize
93KB

MD5
4dc834d16a0d219d5c2b8a5b814569e4

SHA1
4fbe0563917d6f6289e4e1b4a0a8758e4e43bda9

SHA256
91222f96f34735ebc88df208017e54d4329b9202e3e52367fb8b149698a1a5ef

SHA512
6fbec4785a21520fa623d1a151c6c8b64baa1321ac6918a127bcfc22e49ec2e3bcd161af9c237bd5c70bc4046eb12cf434563f86cbdc9876eb67fb2dea87034b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3DY5YD6P\modalContent[1].css

Filesize
2KB

MD5
8db2ffc24354dbc4b5a7bebbc2b3cdaf

SHA1
311653110625167fdb4ce22e8f147b717bce6649

SHA256
e888e754e20a1b354bb45b59a05d7b281fee588a445854116b2bc84620fbf7f0

SHA512
d8f68a847897a012e2658e851012d1e01f97bff7e0647c26d890367cc065709d50bb872e8050b3b1d185cb5aada7d589b625cfb2e78b6365510eabb580dee998

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3DY5YD6P\modalContent[1].js

Filesize
13KB

MD5
7f684c035bfd66473ce2799ecbcbbb3b

SHA1
4384b30942d9eaef2e958348561920a3df37d853

SHA256
27f00c31e64c0cca2b105376922042bf25ca35854db1b87316d6877774a50300

SHA512
0844d722442ff17a8f45dd6068a370c116ba3f6a242f1c1300f91abc6ae281753e44ecb9b437e7f793e38b0f56b4ed97586cc273a3d5f3e903e7d73904f24e32

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3DY5YD6P\motiva_sans[1].css

Filesize
2KB

MD5
f831f4c536299d57b63c0d0ead9c09f0

SHA1
43f71d89a47bdd1869ff4d411f04357926d21be8

SHA256
e2c41580fda72865b4c75053f974ee6c0f4ff7034f1c97fbd6d55a88e7fc55fe

SHA512
74d94cd14047d57063827036bb13e14310ca86278df5052fbe67b07217cc6490b3563727d686b4add2cea46d6bc0d57d745d81ba1030d68269141fa02c6f2e3d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3DY5YD6P\stickers[1].js

Filesize
30KB

MD5
ba997d349e43db190ffbf70de84bcc0f

SHA1
baea446eda64eede80920565aa22dac6dac99df4

SHA256
250c897de5cd0b85c6e3942e3d77c03121982d1fefc25917b052f28c6ba4fe78

SHA512
4561701a117531614934ea4b2b24b79cbcec88f1d81688f6adc070bfacc4b297999a2bc3ee8eea372c785edb95b7162f474e6a188e38c4a9e73738c716329472

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4X3CSR2S\MotivaSans-Bold[1].ttf

Filesize
120KB

MD5
6168553bef8c73ba623d6fe16b25e3e9

SHA1
4a31273b6f37f1f39b855edd0b764ec1b7b051e0

SHA256
d5692b785e18340807d75f1a969595bc8b1c408fb6fd63947775705e6d6baa66

SHA512
0246cee85a88068ca348694d38e63d46c753b03afadf8be76eca18d21e3de77b495215ed2384d62658a391104f9e00df8605edb77339366df332c75691928efb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4X3CSR2S\MotivaSans-Regular[1].ttf

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4X3CSR2S\fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full[1].jpg

Filesize
3KB

MD5
fafa340202b7f16015984c90062f7b2a

SHA1
1408fed0c29ecac789028f2e12ca81d15a4bfe92

SHA256
58f08592a940bcd85a9620b52c262b6ce1cd7a4b6cb6a3b6494028614794d2b2

SHA512
e1fdde11fa7f03690655acde81d9d621e1ee3e08c4af7527057caef04b38dbcc60f9acec47161d6c6127faceca49b59bb9bd51fb3801a1545c80de59e318df53

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4X3CSR2S\global[1].js

Filesize
101KB

MD5
f4ecdcc4c5db695f38d00c075d61a981

SHA1
30203511c3a977d5288a337dc24c4914f1f590fa

SHA256
3d505eb1829e36d0ab6cfb878c9595074388eaf6d5d0bbc3fe446c8a2e54b118

SHA512
6fe5a16b6f3a8d8a2c25444ecde1f72c0a98f3bce9516b81c18c11b26c315718fc0c86a73937bccbf47945ca59345c05a0400100d8bb82e991eea6062501756d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4X3CSR2S\header_logo[1].png

Filesize
10KB

MD5
a4e79c73ee13cb25b60fc4b0ba1f690c

SHA1
b690c31b2eb1b0eb085e91aaae7e79f03debe7c1

SHA256
6cb869df089146c12efb5e9c968e911c314842624ba6f052a11346ac734cadc8

SHA512
aad423119f410a655f0aa475d2fe692087d7262c3986ce71347981c5b60f6a10031d7050bf9b9aee4e7d84d814f0b8883c964028fcbe14ed3464602f3ba6cec3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4X3CSR2S\logo_steam[1].svg

Filesize
3KB

MD5
b7a7e43284e2ffe806ac1bc27c1f6a87

SHA1
e8196489e2ae99ec6eb33995b5a3e108d6e44de0

SHA256
c3a7c646a1305017f22423030cb5a12acc9f96b64013dcef7aeb80567b542cbb

SHA512
757e4f382a864cac9f975220c28586f5ea415b2e2215375c1a47e011a9190fcd15313d399007539f150a6df0378b8f2022ac88e995693ab03a9f5656bfe40832

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4X3CSR2S\prototype-1.7[1].js

Filesize
165KB

MD5
6a39e0b509fecb928d47b8a2643fed2a

SHA1
f67fa6cb1d09963d10ba117d6553c8e7d5bc7863

SHA256
d8bdea7fff893dbdbeaf6c2affec091a77483b9ec10e7958486bc3b6cc170c96

SHA512
b9b8c6d9ac4928686c5ea254ac8f765c4f3690f79e5b1ccaaffc48d4bd47872b9cc5475c038f70d804740c81915fdfce315ebe553b628d12f7ca1cc4467075d0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4X3CSR2S\shared_global[1].js

Filesize
150KB

MD5
444106254d61c24625741613608f5da0

SHA1
2d5b79109ab130c586f006eff9b3132030e8ea83

SHA256
34e7c6c8a8962b8921e20c19bc00a204cacc2bc248d4a0663880ea7ffd03fd67

SHA512
96a6a6c6948de8c819b552fcfa06f9ba13d8102c219e6e4c93d5913b6910ac13c78b1e3641a280377b7915a9bef9a120c3efe7b527885adff24bffcfb0272cf7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4X3CSR2S\shared_responsive[1].css

Filesize
18KB

MD5
b0720870ccc27df5fa6d1669cc098251

SHA1
8800fa19f2eca67bbdd0cde15ac5e300f0240382

SHA256
ed913aa6f584d262be7eae0f789e88bcfd93bbaddd59a37a3fe39d6ee96880d5

SHA512
3fd6faa7ac0206821bdd7a9b0171fab593b16442cc8cb660e4cb3731acf1547462d9213fdb40144676a33424aa4f2fa71563b66f6b66b9f985b176af379f4dd9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4X3CSR2S\tooltip[1].js

Filesize
15KB

MD5
72938851e7c2ef7b63299eba0c6752cb

SHA1
b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e

SHA256
e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661

SHA512
2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CAP43NLL\76561199724331900[1].htm

Filesize
33KB

MD5
f86b7704daed71c71c0d2d9e944b2a9e

SHA1
0da41513d46d5868c798c0de0b46bd07822497c6

SHA256
925232e7930d9190f91be1a0525c92c3fd55a3600ca3297a04d2f8e9b1a8b656

SHA512
fe951e9b4467894d8051f14d3167f2dcc4685f50f3656cfe4ee90732b400a4e4671fff58ebf0d435c56c2f0c07a83bbf524a0b64d5cc23820d8310debb541f60

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CAP43NLL\_combined[1].js

Filesize
119KB

MD5
39e34882ba4417cb4b1b84916dabb770

SHA1
0d0ca081fb60c8aad337091bafcbe84f966c38b0

SHA256
da708635da162ea493874627775c3520a42145b79c73bf787b5113bf87c0b27c

SHA512
50bb7803dbafef5f571b9b36a975b43c26e233da165c3d9e37856421fd93915b26acde47c5948e8e91d19975d8dd0e1f064999288b50297e3fa28824b88f3405

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CAP43NLL\header[1].css

Filesize
12KB

MD5
345a026b83a403145ba4bc5e12256354

SHA1
cd76023c54c8e6dec853441088c388ca6a0bdecd

SHA256
7585f3131ab2ebf7fd36a5a239f4b1089f9a70869099cb0f073c605941ace3fc

SHA512
8ff5b82f6c3465dc4a311edec535e3f4d384cd65bebbd70e72ccdbd6632d3121386b25a2411fa6ad5e496ab2ded5a18155108e46532169e6face4f70be829d51

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CAP43NLL\header_menu_hamburger[1].png

Filesize
3KB

MD5
eabc76eb57feae44add7faead028521e

SHA1
4e3e53938fad15661d2d046a868338841a95db19

SHA256
fc9e6260a2706ae146282d77e67bc1b74688435f8912ab4c1932641eec28bffa

SHA512
5c6da6eeefddf321c2bc7e39a134e0a3140a9f93ad1560b2e102ef60ec218c29aae14ed344c79e25cc5493cd15551040d8c909de28dcab02034d787563104e07

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CAP43NLL\libraries~b28b7af69[1].js

Filesize
588KB

MD5
2ef11cc65d847d669717754ef8541004

SHA1
f8a1770ae061505df0a7008e901c9f2b6339d9a5

SHA256
8a678ef848b858a17a06af04188b6623299223c8d6dc79d0b7bbf823eb87964c

SHA512
1c1844d7734b180c0b205fc74da10028c07c46f2b52cba06de92b136f9a247f7e4140cd7c30cab635eb718f9addef2315debbb166e049fdd0520695459fe99a5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CAP43NLL\logo_valve_footer[1].png

Filesize
1KB

MD5
574c350c7b23ae794d5276f8580e0838

SHA1
235c7b35c3468f8915eca01f7abdb43d34079609

SHA256
8b97ba0dac22fe6704c1f6d95fe79613f33017804f256abb9006df0442491787

SHA512
f1f2d7b6fa49e9241f2b88560127eb2871f66123c2f9de45b257750cf13e6ebb32a9d85d87aada6a99838a2f3c5412540065cbab398760a50f15aae3a759f9f7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CAP43NLL\main[1].css

Filesize
136KB

MD5
e624cc5b55771e6551d41b6ef5de5fab

SHA1
a55e45bca69626f010a4a22bb173a5b747ca922f

SHA256
29e1ce96efa2d50649db4757c1ed84a939a5a02e4e80ab1b5f294db1eecec415

SHA512
1e905934292092b296c7c45c5ba6613f89553c001930d251dfa83efccd3f3b62ac0b96f24adbcfb049cd43bffe5e631c8c4b0477608a9155280782e7c9735391

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CAP43NLL\main[1].js

Filesize
903KB

MD5
f20963b0153e113737359aa46c201bd2

SHA1
5b04ccfcfea20ef2aa71a78df1a108a15590f2fb

SHA256
447e926c7d7c2bdef5f875203a5c7e127f4c1adeff671b34a7d49897aac2e723

SHA512
2019cb5622e377c9681509a3aba6ab17ef638b9c3ee1e876166c347251615089bc8596e0e1e44a1f7521799e387ea598e6a00406e63417e349e5f27858e0116c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CAP43NLL\reportedcontent[1].js

Filesize
13KB

MD5
740b636dc64c5a149e12e2b8b8f024bb

SHA1
9499077af557d52f496fc55dbfb1ded83e6f4d40

SHA256
5ee419254f85490bae33801a3c3f55307e4173228d3047bf7b414327337343b0

SHA512
b10f08ca7684fe3f43482311e90dfe4c83984f5abd7109d4521429da80ccee3e5f6aa8e0b7338da7dde1a9a21a1d9597f789cad7f77348dd4ecfd88cb8d1698c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CAP43NLL\stickers[1].css

Filesize
8KB

MD5
1c0d98af9a32dc514608004be59af149

SHA1
f9ba8151acb2b6ab0acd84d16324319b0f12020d

SHA256
9fa0dd98c8ef3e987175299f72e4f79a831826b7d0fcf351e0a491de6fd06088

SHA512
783742007ed5b92dbb1c5928b0ac8ee3b53e62de616ee5378156fc7f02360cc4278bcf555a13f44af6c96bcc4d374e3e4776759d46c811ee3220983cbbd89e21

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y610EDPN\MotivaSans-Black[1].ttf

Filesize
117KB

MD5
4f7c668ae0988bf759b831769bfd0335

SHA1
280a11e29d10bb78d6a5b4a1f512bf3c05836e34

SHA256
32d4c8dc451e11db315d047306feea0376fbdc3a77c0ab8f5a8ab154164734d1

SHA512
af959fe2a7d5f186bd79a6b1d02c69f058ecd52e60ebd0effa7f23b665a41500732ffa50a6e468a5253bb58644251586ae38ec53e21eab9140f1cf5fd291f6a5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y610EDPN\MotivaSans-BoldItalic[1].ttf

Filesize
131KB

MD5
e77ef961fe37dd8e6de30d4f7fa9a4de

SHA1
567327935ae2bb3de45e7f612f2d05273a999584

SHA256
6f93f21bc1ecc2d1c24fa2268aafad7f9e76836bb95aa76adda9307caad51c64

SHA512
2b432cf2d448026ff12634d605d9eb52ab6d285ea3cb437031b0427bb933b0aba40c416c0f102a39ec4a267ae2396b4da414048adc360780508281fc454462de

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y610EDPN\MotivaSans-LightItalic[1].ttf

Filesize
130KB

MD5
07247cbd12d4e4160efd413823d0def8

SHA1
517a80968aa295d0a700a338c22ba41e3a8b78a7

SHA256
41464efd9a32a5967b30addc21fe16cd0a35870fda56658b531a9a2434b4d829

SHA512
27e0e7505d41891e70bd06733f96e82e45061d621a1d20bbc524fc89c5406a799cf53d98c0fa256cb4ebfc19750c9a05531a8d273cebc260d48948edffdf6244

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y610EDPN\MotivaSans-Thin[1].ttf

Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y610EDPN\bg_dots[1].png

Filesize
1.1MB

MD5
131d06731c3d240f5985b12e67d6f374

SHA1
297eedc5a98687ac1413c397a68ef2acb80d1137

SHA256
7ee0714a0ffa443dfaf8a6f680d8218d02d89a5855f90b04ae20647387810319

SHA512
df9968395e43d1a632ad91ce2ab7299fc35ae84e15e7fc44d38b3fbcefdae910e89a26a67289459430bab9b6d2aa32e03edc599c6bce7a71899cd8907bc5e9eb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y610EDPN\footerLogo_valve[1].png

Filesize
3KB

MD5
1626f52addb7c56fe3679d82108c62e9

SHA1
2b414092d66ecff528950093a655f755c3c7f3b5

SHA256
ae9f6c61e25d15882bf57bde193d10d375bd315c9741cabda11d700fd1bb7dd1

SHA512
05548831477cc421556c404f3411f581e98a84ff2e699882cb4f5dca17d1c5f77b55ed2b8211eec32d0a4317be1c4ebc636277f840262491b753415f6f198276

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y610EDPN\globalv2[1].css

Filesize
38KB

MD5
3c0715db3301cf349532fa80d8e7b2cc

SHA1
972aa75768e81dfd5d52c0c5de148e2163dd4c3d

SHA256
ceeb54d7faf219eaddfc96a4f88e85e8905b216f84419645312b45128d3c1792

SHA512
e34040bb3746f0af1c7125abb21c50e633a25ec6a53f7596cc55af9524acca8ab7bbee78988a6d336b246d08ec2917927a9673a11af79da669c55854e86a14eb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y610EDPN\manifest[1].js

Filesize
14KB

MD5
85d91980f2b5c56664ea242396205a4f

SHA1
e1457b17e1c0979fdf3e55cf1e9edf399cf5934d

SHA256
257fc23594e64a740070a65421f2a2832dbd48a9f7a36e32f2a6ff72e6185883

SHA512
8476a8c723678df2b291c6e0b69960c6c75b4eaf25ac70193203de33203fb9876baf2500138516235c7d6fa3664c297aeb6f86a2db61ae548664124bd7ecb5dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y610EDPN\modalv2[1].js

Filesize
3KB

MD5
75f321bb2f8bae9ca8e5c4c6d72521bd

SHA1
8ed540dc9da8c5d7c2bbe390fc663e6de0b1ef0c

SHA256
92a217685eda5e8319d193142aeadf80ae7a9c9e04a9a365d9cf01078d459985

SHA512
dd411a60fa6bfcfc2cffacec1f0fcfa6665710d744d64077c992dfb3d21e8071155ee59b3c5fc1de67440f701d480fc2b28d99a7eeb79c456f6ffe17bf77a7cd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y610EDPN\profile[1].js

Filesize
26KB

MD5
7f7bd63bbb30743aa91267afecc4f792

SHA1
36403d6ac25e2986f263ae869b13829dc3ff0008

SHA256
7d73e1fe0b0408a6316796c329c7454eb64a787e6a65ddf1c54f9b98b3da182b

SHA512
e0f4bddd5435cf74a49e7a5ac6af1348bcbcc11d8b0a1d1a9afc0a0cc838b140a7d2a585a843c8c7cdfeeee76fc10920d25e80c9c3ef47079e9fd9cd4398c5d5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y610EDPN\profilev2[1].css

Filesize
86KB

MD5
33fa8be203b6b0a208b41473886cf984

SHA1
530bf83f1634f9601d9488222ddfed670efa4349

SHA256
5fee6ae1c3520cb28bf57b4b285f48c0819df5162bb6ccd2b8651e479db10af9

SHA512
c3e85f898f5a5cecf5caec37a219a63bb0bb08129e95c4d9f67f3bc89c3f628b0e5d31571e92373abd9fe7172de640bebd808db2490e740931e65b64fee1982e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y610EDPN\shared_global[1].css

Filesize
87KB

MD5
408fbd60b73f99db643a316d8941082a

SHA1
3029a6175c80fbfec2590f8b97ea77bc53b6fdb8

SHA256
8450d3a04104894b16ead3392967cfd10049016719bf8cde63de5ba0f963aaf0

SHA512
6730b2c8bf2eba2f79c66773141fb355bf4298cb4d2f465978194e7d1899497428e5d287c4e58e5479d89f872e68f56ecb33edb50f43cde62134523a36ef72d5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y610EDPN\shared_responsive_adapter[1].js

Filesize
24KB

MD5
a52bc800ab6e9df5a05a5153eea29ffb

SHA1
8661643fcbc7498dd7317d100ec62d1c1c6886ff

SHA256
57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e

SHA512
1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

Filesize
471B

MD5
46e8d1acbc63de599e6bcee30ce42e61

SHA1
8127b579084e8e19bc16e5e3244eccc3db2ddbc2

SHA256
4a185287d39b3ef6ab927e0a3c557458f9ed03e167d84767dbec63fedf588f2b

SHA512
fad93bf1dfc945319e2b5b14ead60c44e92dd25c3070a82e0bbd0c66e3b9426f85b92b6c07a11669d89e2548e030361c7fceed98184fcf39834b5624b8e2b9a0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
c731c6e1ab042937dee1d55dbb5715df

SHA1
1785bb4f43d260f980dcb050dff8940f545c6af5

SHA256
0f6fbdada3ba182788cc54690266bbc2ce6915afa220dba607ace443926f919c

SHA512
3e73596d7590d1c490a7544994d960108e6b0b681af82995463f8f5aa2918b2ade3f7c3fce5d06d104a5043917c031c54cf490688ddee30acecb9122a18a808c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

Filesize
400B

MD5
3f27a83ddda872e5946c3e3988f7fc37

SHA1
9187e610cd0e7637c6778fe5387ead912fe9b957

SHA256
48345a67a28d0abf2082d9f204ab2944465d2839cc968e6f9cb6de5b18667dc8

SHA512
6014a1493b9c7c6417be8fa65a7e3229f9c0746de5117a39f6fd88bf526afb762206b2c00ef2fa8c0466754214c570724362c970b2228d01a096bf3c07d02753

Download Submit
memory/3540-0-0x000002EB70220000-0x000002EB70230000-memory.dmp

Filesize
64KB

Download
memory/3540-246-0x000002EB76980000-0x000002EB76981000-memory.dmp

Filesize
4KB

Download
memory/3540-247-0x000002EB76990000-0x000002EB76991000-memory.dmp

Filesize
4KB

Download
memory/3540-35-0x000002EB6D8C0000-0x000002EB6D8C2000-memory.dmp

Filesize
8KB

Download
memory/3540-16-0x000002EB70320000-0x000002EB70330000-memory.dmp

Filesize
64KB

Download
memory/4176-44-0x0000027367F00000-0x0000027368000000-memory.dmp

Filesize
1024KB

Download
memory/4224-216-0x00000217CDBE0000-0x00000217CDBE2000-memory.dmp

Filesize
8KB

Download
memory/4224-214-0x00000217CDBD0000-0x00000217CDBD2000-memory.dmp

Filesize
8KB

Download
memory/4224-220-0x00000217CDDC0000-0x00000217CDDC2000-memory.dmp

Filesize
8KB

Download
memory/4224-228-0x00000217CE480000-0x00000217CE482000-memory.dmp

Filesize
8KB

Download
memory/4224-218-0x00000217CDDB0000-0x00000217CDDB2000-memory.dmp

Filesize
8KB

Download
memory/4224-208-0x00000217CCB20000-0x00000217CCB22000-memory.dmp

Filesize
8KB

Download
memory/4224-168-0x00000217CD0E0000-0x00000217CD0E2000-memory.dmp

Filesize
8KB

Download
memory/4224-171-0x00000217CD0F0000-0x00000217CD0F2000-memory.dmp

Filesize
8KB

Download
memory/4224-174-0x00000217CD9C0000-0x00000217CD9C2000-memory.dmp

Filesize
8KB

Download
memory/4224-176-0x00000217CD9E0000-0x00000217CD9E2000-memory.dmp

Filesize
8KB

Download
memory/4224-160-0x00000217CC500000-0x00000217CC600000-memory.dmp

Filesize
1024KB

Download
memory/4224-96-0x00000217BBD30000-0x00000217BBD32000-memory.dmp

Filesize
8KB

Download
memory/4224-98-0x00000217BBFA0000-0x00000217BBFA2000-memory.dmp

Filesize
8KB

Download
memory/4224-92-0x00000217BBD10000-0x00000217BBD12000-memory.dmp

Filesize
8KB

Download
memory/4224-212-0x00000217CD970000-0x00000217CD972000-memory.dmp

Filesize
8KB

Download
memory/4224-56-0x00000217BBE90000-0x00000217BBF90000-memory.dmp

Filesize
1024KB

Download
memory/4224-210-0x00000217CD950000-0x00000217CD952000-memory.dmp

Filesize
8KB

Download
memory/4224-231-0x00000217CCA50000-0x00000217CCA52000-memory.dmp

Filesize
8KB

Download
memory/4224-258-0x00000217CC880000-0x00000217CC882000-memory.dmp

Filesize
8KB

Download
memory/4224-260-0x00000217CC890000-0x00000217CC892000-memory.dmp

Filesize
8KB

Download