hxxps://drive[.]google[.]com/file/d/11_v7d8l4V2LtjqMQKtFqf7zhtGGMmxmn/view?usp=drive_link

Resubmissions

14-09-2024 04:38

240914-e9w1jsxfkb 6

Analysis

max time kernel
33s
max time network
41s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
14-09-2024 04:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/11_v7d8l4V2LtjqMQKtFqf7zhtGGMmxmn/view?usp=drive_link

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
2	drive.google.com
3	drive.google.com
68	drive.google.com
69	drive.google.com

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "654"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com\ = "122"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "233"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2f6b6b226006db01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0aa6731c6006db01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "3497"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "132"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6f3b20146006db01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "545"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\msn.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "321"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000c829f43f6a41bb989a4696b73d53a49708d90cd99e43cb69e70f988b158749f1908d5d49113658a68408b41d6066a3ea07d3f3a1f35e22a55d90	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.msn.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{9790C9E4-2B2C-40B1-85E1-FF1CD2340A8A} = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "132"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "707"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe

Suspicious behavior: MapViewOfSection 11 IoCs

pid	Process
5040	MicrosoftEdgeCP.exe
5040	MicrosoftEdgeCP.exe
5040	MicrosoftEdgeCP.exe
5040	MicrosoftEdgeCP.exe
5040	MicrosoftEdgeCP.exe
5040	MicrosoftEdgeCP.exe
5040	MicrosoftEdgeCP.exe
5040	MicrosoftEdgeCP.exe
5040	MicrosoftEdgeCP.exe
5040	MicrosoftEdgeCP.exe
5040	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	3360	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3360	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3360	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3360	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1844	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1844	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1592	MicrosoftEdge.exe
5040	MicrosoftEdgeCP.exe
3360	MicrosoftEdgeCP.exe
5040	MicrosoftEdgeCP.exe
4804	MicrosoftEdgeCP.exe
4804	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 2908	5040	MicrosoftEdgeCP.exe	75
PID 5040 wrote to memory of 2908	5040	MicrosoftEdgeCP.exe	75
PID 5040 wrote to memory of 2908	5040	MicrosoftEdgeCP.exe	75
PID 5040 wrote to memory of 2908	5040	MicrosoftEdgeCP.exe	75
PID 5040 wrote to memory of 2908	5040	MicrosoftEdgeCP.exe	75
PID 5040 wrote to memory of 2908	5040	MicrosoftEdgeCP.exe	75
PID 5040 wrote to memory of 6000	5040	MicrosoftEdgeCP.exe	82
PID 5040 wrote to memory of 6000	5040	MicrosoftEdgeCP.exe	82
PID 5040 wrote to memory of 6000	5040	MicrosoftEdgeCP.exe	82
PID 5040 wrote to memory of 6000	5040	MicrosoftEdgeCP.exe	82
PID 5040 wrote to memory of 6000	5040	MicrosoftEdgeCP.exe	82
PID 5040 wrote to memory of 6000	5040	MicrosoftEdgeCP.exe	82

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://drive.google.com/file/d/11_v7d8l4V2LtjqMQKtFqf7zhtGGMmxmn/view?usp=drive_link"
1⤵
PID:2236

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1592

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4948

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5040

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3360

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2908

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4804

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4492

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3724

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1844

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6000

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZVQ9VIUB\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3CZM6J9Q\cb=gapi[1].js

Filesize
123KB

MD5
c299a572df117831926bc3a0a25ba255

SHA1
673f2ac4c7a41ab95fb14e2687666e81bc731e95

SHA256
f847294692483e4b7666c0f98cbe2bd03b86ae27b721cae332feb26223dde9fc

SHA512
b418a87a350dbc0def9faf3be4b910cb21ae6fffc6749eecea486e3eb603f5af92f70b936c3d440009482ede572ee9736422cf89dcdd2b758dfa829216049179

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3CZM6J9Q\cb=gapi[2].js

Filesize
203KB

MD5
a2ef31b8e39640d0d3d29b306dea5ef9

SHA1
8844ea1f371f29f3af0fe76ab743e048d828666e

SHA256
869d133dad03dd71305565bf3d217cb4721e2b8030eaebf84970a134a8fbef6f

SHA512
aea8983b67d88d34f469ff547aa37717230c49b07354c186762bafca7805002c92d2eccd544240008797e4be22b4cd016008273d5558d15cb74d1066138f5db4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3CZM6J9Q\css[1].css

Filesize
800B

MD5
179833a46cf004323d697ec583d1c0b5

SHA1
d67abe32e5acdd166bfa9043124b95c0ec05bd7e

SHA256
fb248ea03e7b4f21745d262e1974ab61e7acdbf2621a22332cde5fb29b5e5f72

SHA512
59879fd2b6d1c760ce06a58c3b1d0915a923fd3e938a876323bfedf40fec4b41a85b2be6db09aa4396d353632c35a2c52a10ffe04aa73044936379a4f2fe54df

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3CZM6J9Q\m=v,wb[1].js

Filesize
1.9MB

MD5
9dbe5919d8a8501ea57d17a5043a3d26

SHA1
729b743f4e2356a69b1b04c613b8c35822a79305

SHA256
062d70368d020a02d2b59d6eb44f0a65c3c008f0075cb4bd0c85e030876ad6f7

SHA512
f6ead910fdf0c3fb227b7a86d320fc892ce0f104ab3119158afd725557b872439ea929574ed4281001335bc2771b588a806af80a45a5c54ef2e864f4f273cf4d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3CZM6J9Q\rs=AO0039tbZ6muE2phZAiwMqxRGtdZnpK9xQ[1].css

Filesize
2.4MB

MD5
6cfadd7d4aef1f6e7247e353033bfdf3

SHA1
dc42b7ff4372f1581aaa88a07fb7e34cddc76c0e

SHA256
818f42e2ebeb1d5993a26541a0158e9dbdd06ad89c46d5585c8a558fc615eb8e

SHA512
32155df850461645af43e6c340fc3e112e5c635548fc92610a90dccc31b5a0703b1746d7a9f0da5c0b787f7a73f8387c1335cc55785c47e3fbc2c162e96fec64

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KO530ORP\lazy.min[1].js

Filesize
120KB

MD5
c0a782c49efd864d8b47da5b64d0a96b

SHA1
e026a07a97f1ffa7639b47278d1f93f77647700b

SHA256
c8206715c6bd8398d301677c1bb48fa27f67da3ac53df999c1fabc267e42655c

SHA512
8f105fa0e602b5e40e33618d58054ef3a43709f089bfe53fb162f38e961fb02dc6ef1b768b6a4c3a00eaa2df42683f8186d8ddb29bb520803e1049e2c726305b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KO530ORP\m=RqjULd[1].js

Filesize
20KB

MD5
4a078ef958e88b1d7ea440001b6ab3af

SHA1
99bdf6ff6c94be81094d5a2628ff4380857409d6

SHA256
c30bf398abfab770bde92c9b24eb775ba52a2494145a5c0221cfad01f0d11f82

SHA512
263b3623cc962e39ea7212378a2b547b784a46d26a4fd1b32a081dae318d5d0a7be0576f5610fdbd160558fd839184c4fc335486d151563e7eb36ce44f22b903

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KO530ORP\m=_b,_tp[1].js

Filesize
193KB

MD5
56eb782a60f4d99730c74f9137e52159

SHA1
ff34114641fa720b0bde4396511bcacd45752c29

SHA256
144c036894f6b840a4ebbac9f49c3e3e69802e8c9ac8d688b8495966423c8cdb

SHA512
43ae1e8705ecf2f9c7a7441c2f53e4069ab49ec179da161c6f44dbfd25eb7f65a37aafb8eb81e06422a3181676f8362ce384ca00f40cefefabde060c0725d6e4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KO530ORP\rs=AA2YrTsknLVY0lQnnvQfFCa1yHz8S3yY8Q[1].js

Filesize
228KB

MD5
a0760a1e6bc916ad4e10facf7a6be822

SHA1
3d0f13ba4db3bdb9f83435f05156959446acb72c

SHA256
33659cf1498874b6b0121262cee8b3ced4b570a2e73d4cf36b365badac9b8f95

SHA512
e6badfb6d0f33fa32e9bf5b9384f9776a0b911d786831b91605ab73520b41388ab8f5d4a99e5a28c774e2b0d60f47a17d9be9d5759edea86347638e0b3be527d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KO530ORP\rs=AA2YrTsrDGQveiSaIRD3WTeyZtRVmuBWPg[1].css

Filesize
3KB

MD5
b2b2ee789dbfb6c86f4b38f62962a8b8

SHA1
853cf2de3f62384b67157e3011284dc6b7e304da

SHA256
96ace1ba84e9cd8f75963c517ce30151907e51c56f3890f4152e722fe88b3c9e

SHA512
dedebdd29f5059bc61c7e82e5a1f5fee316b21787e7628f9abeaddbd7d595b8b67181b4ddc3520236355a3c908e8d579daf89502a426e3e26178efe2b58b82ae

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PFMCZV3W\1RL42J7D.js

Filesize
264KB

MD5
2754c0b6341471f573be073cda593743

SHA1
503fa0793e293e66cc11d5cce571ca131207765b

SHA256
30247bc82e577e6aef184bc676cc7d1ca2db6ab115c7c1c1d5b97d5581343a91

SHA512
d38f09f2739c3c009aad2da77e6ec0ac5be8b15b0858c7859597bb5eef55a5b475d48614050ffd91364faefe7cedf29d59308d70975652e27dcfefd670c22008

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PFMCZV3W\KFOkCnqEu92Fr1Mu51xIIzI[1].woff2

Filesize
16KB

MD5
d8bcbe724fd6f4ba44d0ee6a2675890f

SHA1
d276fd769bcb675f8efe42ebe3003c1d3255f985

SHA256
aa4650a411dfe1c9beb794ffaf08c7909cdfbb05672d79b3a9976672cbba75ec

SHA512
23f757ea3afe6febe1e8ea935f0ee8690e1b1b1da511788b529cc2fc38f7e454153cdba6f84a6a0e19b294e5311625a03617cf98aac150f17b88a53f3ed8b72a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PFMCZV3W\KFOlCnqEu92Fr1MmSU5fBBc4[1].woff2

Filesize
15KB

MD5
55536c8e9e9a532651e3cf374f290ea3

SHA1
ff3a9b8ae317896cbbcbadfbe615d671bd1d32a2

SHA256
eca8ffa764a66cd084800e2e71c4176ef089ebd805515664a6cb8d4fb3b598bf

SHA512
1346654c8293a2f38dd425ad44a2aa0ed2feab224388ab4e38fb99082769bbd14d67d74cac3ce6e39a562a0812f9bce0a623be233f9632dcb8d5d358e42f2186

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PFMCZV3W\m=MpJwZc,UUJqVe,sy5,s39S4,sym,pw70Gc[1].js

Filesize
6KB

MD5
0e58e40f85aa7a1475f403cb3cd8c982

SHA1
49ac87198a07b947d41a754580e849a1890025de

SHA256
cce955ccfca912ea37972e1a682ebc3efb97cd3c13d3a6d011b118fcf56a8a3c

SHA512
7e23d83f66fd393cf4922cda1e26fc35a18e6d049cdd5181066b3d131b2cbb8718af6931c008e72f958255b2087ab082ebfec5022cd19e274d17b00f0d5a3867

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PFMCZV3W\m=P6sQOc[1].js

Filesize
1KB

MD5
c1cb4bdf50dd4956737e7123df77d8d3

SHA1
e9dd7722e371866fe8f91f51eda2e479e612b5b4

SHA256
c56a9e105ed2c6135b4fe149c6f16c7071ed1f672967fd1e32ab20870cafc56c

SHA512
7cb4ea65fc20894fb27c05a13d2f91d2329a1098bd1c5b13c5d303d82685027d391155aed2181304e6b30a77bfebacadcbc8d498945aa1a603f6c6c92f6d22b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WRSRF8W8\KFOlCnqEu92Fr1MmEU9fBBc4[1].woff2

Filesize
15KB

MD5
285467176f7fe6bb6a9c6873b3dad2cc

SHA1
ea04e4ff5142ddd69307c183def721a160e0a64e

SHA256
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

SHA512
5f9bb763406ea8ce978ec675bd51a0263e9547021ea71188dbd62f0212eb00c1421b750d3b94550b50425bebff5f881c41299f6a33bbfa12fb1ff18c12bc7ff1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WRSRF8W8\KFOlCnqEu92Fr1MmWUlfBBc4[1].woff2

Filesize
15KB

MD5
037d830416495def72b7881024c14b7b

SHA1
619389190b3cafafb5db94113990350acc8a0278

SHA256
1d5b7c64458f4af91dcfee0354be47adde1f739b5aded03a7ab6068a1bb6ca97

SHA512
c8d2808945a9bf2e6ad36c7749313467ff390f195448c326c4d4d7a4a635a11e2ddf4d0779be2db274f1d1d9d022b1f837294f1e12c9f87e3eac8a95cfd8872f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WRSRF8W8\KFOmCnqEu92Fr1Mu4mxK[1].woff2

Filesize
14KB

MD5
5d4aeb4e5f5ef754e307d7ffaef688bd

SHA1
06db651cdf354c64a7383ea9c77024ef4fb4cef8

SHA256
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

SHA512
7eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WRSRF8W8\css2[1].css

Filesize
609B

MD5
c9416551b401e8ddc4cd642b1348d60c

SHA1
75d238de4bcef07ec6afd81fa38a91a3a55adc2a

SHA256
cb7b5b067f94b97f8e98d0c0d0e2ef2add7725527ad7ea726ff7d6702f1eff9a

SHA512
b7b3054284b982026adc743f27da8d89050546049471cba9e380086a56dc01749041e237b932e187b566445bdc380ef3938c4f7932e33a6005344f7ccb14d5c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\BG5NQJOY\www.msn[1].xml

Filesize
482B

MD5
432eb3218788c70a18b773852ca0bca6

SHA1
cb73985282c046060e77374bb0c4b19bbe8fd1dc

SHA256
c87e00e268c2cace9b77138612bbf346dc8ebf74c902373aca5e0730191642da

SHA512
fe8259f272a65d32355c9836cce4b59ea5fe74882bcee8a629a3e160c91a2f558086b89d7e55fd70b23777f3bc290f5066771b4afe0ffe30b06fa5314b11847f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\SR9F1LY1\www.bing[1].xml

Filesize
1KB

MD5
582cd4da7ec29dfa93d44e1fb1d953d8

SHA1
19e791177278262089bc4212fcdb3715b01857b8

SHA256
424d47850e957bebc06352f059ab676be70f956740bf9abfca9df443b4ed172a

SHA512
27d12768c3e7d424380b91f098633530bf8339ecd380df04c4fbec16ef50aeaf53b7fe0b08343fde30030320687f87da6871e270b8ba432f2c7adb41fd209735

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DV63NOGG\drive_2020q4_32dp[1].png

Filesize
831B

MD5
916c9bcccf19525ad9d3cd1514008746

SHA1
9ccce6978d2417927b5150ffaac22f907ff27b6e

SHA256
358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50

SHA512
b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\I3ITYWGW\favicon[1].ico

Filesize
758B

MD5
84cc977d0eb148166481b01d8418e375

SHA1
00e2461bcd67d7ba511db230415000aefbd30d2d

SHA256
bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

SHA512
f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PFMCZV3W\callout[1].htm

Filesize
31KB

MD5
838b1cdc5d0ec41173888cc94d8d8ac4

SHA1
54c0d0647d8ac9226b95a6d2a3544995f5faee9b

SHA256
e0fbb6622ed462fcfeff964cca2109cfbff86cfa9c529db55d15a34dc59720be

SHA512
2b19237706d118423bc6a734c23338147b1745673f51d71186b61285a1cc6789f7bd8ba3b24ce63c5ba75a4ec3de97ce679c64f19ebfa30c0621050be7b07c66

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WRSRF8W8\Chrome_Owned_96x96[1].png

Filesize
6KB

MD5
c101133ecb2d66f0ea98131267d2a10a

SHA1
8c038b9b39fa23e0ad2226f0016bf51fa0b86e37

SHA256
e3654539251df82d59096e81c875d1244ffb7ab92dbf3ce26f63f675121d8918

SHA512
751e9bfd75d1685a490972fe0d40fdbcda97607f6a500d051b400b002ed8c1d7cf9dab019388b74796c9afeaed4e317ac6b40a7e936d234536aeb0cb6c0d8434

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9M9EK800.cookie

Filesize
177B

MD5
0033d5270c1613b89142aa455b19e83c

SHA1
1d82e71405a30db69f5cc351f77748832c11318f

SHA256
a014062d7e765040c837b9c9a04e54f45546e826d492ccbc351b50b3755b6804

SHA512
2336d8a6a4236c85528ac9c25355b1014e127d0add05a1d9ceb51b55326ddd863eb5033104bc27ac09fadb36757fc2db7e7b40ef2bc00b98aa87d5726b8487c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\DT9NR48Y.cookie

Filesize
245B

MD5
761bfd37eb3fcb2495293631cb215ec8

SHA1
d58dad3e0b14f597b7fa2b16fd34467fc83865a1

SHA256
e7a447ba6f318fd0c7d1439418d18fcf11245b6f2c4c086f0e0fa7ac953af0b2

SHA512
059bd77039f1e85564e29b8c330872a8547a4c6847c94c974eddda42d7a938f9e111c91bfbf9b73630e50af848bcc1023651c30a8221dff3f6d591d78004db66

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\NZ2OD8QT.cookie

Filesize
101B

MD5
39a2331efe71bed07bb250eb9988f182

SHA1
0619a63ac4d8bb85a23cc37fb2324785a2f6df93

SHA256
885d9aa2e4eb599fbded6a6618f4fda5ae75b48f29818758e9447802b2689d47

SHA512
87a732b27de935fc8660e7cd2d03f22600db24f48a665412891222a84b933fbc54c9cc2a2c526a1470649d5b93e60d454366da28124f7a9fb2352adf62f1d3db

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
d5e7550f47e036389490aeeb91a2132b

SHA1
5559c30fe9bd507c52ee8a00cbba5e8db1506cb5

SHA256
84c968fc04baf4262fdb9bdd2ae818d73beafe0d38e69fc907b36e9202e0e336

SHA512
0775787e2d2512954617945a5a6a242539802014b3abde175cc38bf6e42cbf716dd58ecdb9200a4e247cacd625d9b4fe9cc1cc5128988f4ada4bd869152e8653

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_2E1554F9937BF8D3743D83D919742174

Filesize
471B

MD5
889dd76ae1cf8142dd6fa0951da93b92

SHA1
2cd978d0dac080b2dafcb1a4844f89df2d62d4af

SHA256
5f93b38339fd55325d70308316707c849f7200784871dfc03628327bdaee1812

SHA512
4b8dc9e4b7d141708f4203deec7f2f3cc2caeb4508433a79d90a77f80f021a4087eb041ee1672333ea8f36209d48914962848deed7d6091b3402bc6abb281d8e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_2F09F384AB04F931E2EF39FD04145E2F

Filesize
471B

MD5
848b5613282a5db0192b8598bc70578b

SHA1
dcc3a332827e1f0c902770051e36bcd1afc67ae3

SHA256
211d5b4509af876058debf19795fdc7588cf349a9fc81f28ab9ec4bb833b0e60

SHA512
049fd7f830345212ac8fda2b1b30721bcf0496a397fb6ab6b1a185694fa04e0cf0957b814b956334ab1491bd1c5884656bba1c4e78fb97297fbd18905fbb65d8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_193C88518F770D3F8D3CDA4F180E8635

Filesize
472B

MD5
7f711cb0ff9d05fd8e1aa8f8081fd717

SHA1
ea19a419db486cb779861f7a6dbc889c907b3bf8

SHA256
83ca3fbcaf1de9ab56ccbb4792992c617ae07656703c0569252acd99cce4103b

SHA512
11291257ab3eb4fe93b62c53a53a1d0f439f726d56b5ec1f48ddc61a4d0fb2ec24beee5d776824ef01914ff71b852aaa1d394682b753337992f3c57677321ea0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
fd12537d749947abce7b7b5327878022

SHA1
688ca6cd2aa83cebbd59b1ef7ecaacc01ccf6277

SHA256
6f0dfdccf29c2272d800272b46233abaa4625c11f5ef8a7f27d9088a30f8c2ed

SHA512
66219fa9f92e460f81f6b93473aabec671c50201cd3b1e50715287a10eee0f548be6e6a4f65f569c98ef13da4a73ee31a8d8242edfa51012c40f06e5475890ca

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
206d79b55583c74dea2f139c00a14b92

SHA1
53407da90f7bea8a3a48414cc4a2213f4e375ba8

SHA256
a75762b4f7a28bfdc8f169f1cbe1b22e8cb928bd4d82c6bce8a4e2b20e496c50

SHA512
ae540fbf5fe610cacb5e2186dc23b4e17b96bae88e5191b49a48f85dde559b56b6e93db062b00064877d8b1d3f1c55cdcf68745e236e73953a8d82a05158b4f2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_2E1554F9937BF8D3743D83D919742174

Filesize
406B

MD5
90c643a0b12121372da27f755b7bf186

SHA1
b5d513eca00394eeabe928851fa6ba25ba8f2c07

SHA256
07fd960923fdad98c52af04dc807aea220fac2b93828e315d343bcc2b751e8ae

SHA512
2de9814de1502048bc8cf8c9408d7e5f5a82f3590abe7cfdbadd207cabc546808394efea356c85ad511ad20e85015982bd22518a98e3226e7d9b00cf72f75461

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_2F09F384AB04F931E2EF39FD04145E2F

Filesize
410B

MD5
911fef11d82ca664973da9818a63bf66

SHA1
d3e549ae1e0bec8f5470c575be519743775c4a7c

SHA256
6773bfbd4ad437b1ef2f333975fa1fed6f549a53c0cc21b5f98d75b20209530a

SHA512
7d7514f7695f4336ae2ef6760eb7a91b7b32308bdfb3b7a6d3aeb84e3aaa8bfb0e670bbd5adda32069e5a17c213489ea14577c5b29eebf683ebb8ea1fd039697

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_193C88518F770D3F8D3CDA4F180E8635

Filesize
398B

MD5
3237ea7aa591f67324181a3d0617ab49

SHA1
380a7fd23cc242765156f7b8a764f1892c62b96d

SHA256
9882445a79d288ca5056997478f6f1f8b53fb6a2d6b75289b3ac646df3bbcc48

SHA512
44e4e50995ae0c868278797f70c19a621bd5a2dcb57c4293051a2b1a4e00dad18705acc85403343ac64fb53d8f8882988cca2f96cf0c524fa83b86a95847f001

Download Submit
memory/1592-35-0x0000022DC0390000-0x0000022DC0392000-memory.dmp

Filesize
8KB

Download
memory/1592-16-0x0000022DC3120000-0x0000022DC3130000-memory.dmp

Filesize
64KB

Download
memory/1592-1-0x0000022DC3030000-0x0000022DC3040000-memory.dmp

Filesize
64KB

Download
memory/2908-212-0x0000022B36200000-0x0000022B36300000-memory.dmp

Filesize
1024KB

Download
memory/2908-376-0x0000022B37A00000-0x0000022B37B00000-memory.dmp

Filesize
1024KB

Download
memory/2908-442-0x0000022B228F0000-0x0000022B22900000-memory.dmp

Filesize
64KB

Download
memory/2908-443-0x0000022B228F0000-0x0000022B22900000-memory.dmp

Filesize
64KB

Download
memory/2908-444-0x0000022B228F0000-0x0000022B22900000-memory.dmp

Filesize
64KB

Download
memory/2908-451-0x0000022B228F0000-0x0000022B22900000-memory.dmp

Filesize
64KB

Download
memory/2908-452-0x0000022B228F0000-0x0000022B22900000-memory.dmp

Filesize
64KB

Download
memory/2908-445-0x0000022B228F0000-0x0000022B22900000-memory.dmp

Filesize
64KB

Download
memory/2908-446-0x0000022B228F0000-0x0000022B22900000-memory.dmp

Filesize
64KB

Download
memory/2908-447-0x0000022B228F0000-0x0000022B22900000-memory.dmp

Filesize
64KB

Download
memory/2908-449-0x0000022B228F0000-0x0000022B22900000-memory.dmp

Filesize
64KB

Download
memory/2908-450-0x0000022B228F0000-0x0000022B22900000-memory.dmp

Filesize
64KB

Download
memory/2908-448-0x0000022B228F0000-0x0000022B22900000-memory.dmp

Filesize
64KB

Download
memory/2908-441-0x0000022B228F0000-0x0000022B22900000-memory.dmp

Filesize
64KB

Download
memory/2908-287-0x0000022B37240000-0x0000022B37340000-memory.dmp

Filesize
1024KB

Download
memory/2908-246-0x0000022B3ECA0000-0x0000022B3ECC0000-memory.dmp

Filesize
128KB

Download
memory/2908-217-0x0000022B35680000-0x0000022B35780000-memory.dmp

Filesize
1024KB

Download
memory/2908-208-0x0000022B35FE0000-0x0000022B36000000-memory.dmp

Filesize
128KB

Download
memory/2908-199-0x0000022B35400000-0x0000022B35402000-memory.dmp

Filesize
8KB

Download
memory/2908-201-0x0000022B35420000-0x0000022B35422000-memory.dmp

Filesize
8KB

Download
memory/2908-205-0x0000022B35440000-0x0000022B35442000-memory.dmp

Filesize
8KB

Download
memory/2908-196-0x0000022B33240000-0x0000022B33260000-memory.dmp

Filesize
128KB

Download
memory/2908-129-0x0000022B23000000-0x0000022B23100000-memory.dmp

Filesize
1024KB

Download
memory/3360-44-0x0000029000F00000-0x0000029001000000-memory.dmp

Filesize
1024KB

Download
memory/3360-43-0x0000029000F00000-0x0000029001000000-memory.dmp

Filesize
1024KB

Download
memory/4804-140-0x000002BF78880000-0x000002BF788A0000-memory.dmp

Filesize
128KB

Download
memory/4804-131-0x000002BF782A0000-0x000002BF782C0000-memory.dmp

Filesize
128KB

Download
memory/4804-86-0x000002BF67C10000-0x000002BF67D10000-memory.dmp

Filesize
1024KB

Download