hxxps://github[.]com/ng2yung/ng2-raider/

Resubmissions

03/10/2024, 15:36

241003-s18jwawekg 6

03/10/2024, 15:35

241003-s1bvxawdqc 6

Analysis

max time kernel
33s
max time network
45s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
03/10/2024, 15:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/ng2yung/ng2-raider/

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
34	raw.githubusercontent.com
32	raw.githubusercontent.com
33	raw.githubusercontent.com

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c55547dda915db01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b6a617dda915db01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 841382dda915db01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 010000004d74ac4dddb5ec4237ed42393653ebe225fd20d3616b6341a2dca1e6de54c5e03588eec6261a28a059e00b15e474efbcc4fd6c9745ca57797828	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{09825654-4C1A-4236-8D36-EBDFC6395C01} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 24f307e3a915db01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2c31b1eba915db01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 4 IoCs

pid	Process
4280	MicrosoftEdgeCP.exe
4280	MicrosoftEdgeCP.exe
4280	MicrosoftEdgeCP.exe
4280	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1060	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1060	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1060	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1060	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	428	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	428	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
596	MicrosoftEdge.exe
4280	MicrosoftEdgeCP.exe
1060	MicrosoftEdgeCP.exe
4280	MicrosoftEdgeCP.exe

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://github.com/ng2yung/ng2-raider/"
1⤵
PID:872

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:596

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4868

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:4280

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1060

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2880

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:428

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\21IVA4D4\environment-2f240f7ed1b3[1].js

Filesize
4KB

MD5
7d6d4c80201b925d4aeb993e4f40af4f

SHA1
95e341beb912114aba5991310796fc50be5f189e

SHA256
7b35d9455560b39afa30c2db9993a6495c2d82d41212d4eac59ad6d7d320abf3

SHA512
2f240f7ed1b3963794a3e58a15205239f1f754ca88c00c0988d71b7fc472f7a6e2be1da811c063666463394703bd1200614427afbb06ad9e24f1e66b43079e4b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\21IVA4D4\github-d1e3b63864f7[1].css

Filesize
114KB

MD5
b68742eb9da1edae8072fdc374e26322

SHA1
3ef08595286e41b825c61194b95d7a279279b99c

SHA256
1771f04e7733639b57a3ca852d986df4a2239167c605af541a0582aa88d45335

SHA512
d1e3b63864f7a914e9695ebe4486afbd9928ad19d7f8ee2f04d6529b2c2ecf06cedea4b37e37f6aa879a8471f5a6df19367c0ae31d119bb92b7cc936e631a995

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\21IVA4D4\global-49ca3d2b8a83[1].css

Filesize
276KB

MD5
2d758b2b0703af6a7e75c4dd85235525

SHA1
c03483870e4f3f77d4857776eae487fb22ae9ee1

SHA256
336a5df209f0616e81ca9918b5b86635afc1de2cacc218f5ba70be137ba11df8

SHA512
49ca3d2b8a83d94e095e084302151684cfafe444d6b5b6c4eea0971b3f0253ce1002150ab1b376d5dc9b20e2f33b5774267678382b1c33e130a76f7fc94bc0a4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\21IVA4D4\light-3e154969b9f9[1].css

Filesize
48KB

MD5
dda4611c92e86740cc9ea1301c6ea9f7

SHA1
1d20bb0250a31e8f62cd738a41881d0155ff9726

SHA256
16299e8062cd02bb5746969f27f13765ff6ab6108a88fe69925007b65134e0c0

SHA512
3e154969b9f981782a137ade0196adbdc3919c451a134f632b4f748faabd3136e76013775f56bf3acce47e40b389a209ba3b9ae7c3b554f4619e861c128d1de9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\21IVA4D4\primer-fefb1a332c28[1].css

Filesize
332KB

MD5
ad0b6e40828a9f272af97c84e6e4d5b8

SHA1
8d7da19114bbe12914c66c78fc31ce29111a623c

SHA256
5e154c648de1db76c62a206e82c06a87da452d1e40ffb8fd65b2f206e2202060

SHA512
fefb1a332c2812530daac3edf706229e43a55903422494b5566ba35de8c2d8322367dc60046ace9fe404dfc67e896d82e75a5a3ea7a6e4e08206f845c37769c1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\21IVA4D4\ui_packages_failbot_failbot_ts-aabfa4ec15fe[1].js

Filesize
8KB

MD5
84740cce33e5a31d80be06f32935cb50

SHA1
9e178476116ba28f58c4374546af052bd0bc0b4d

SHA256
4cfa417546406b106fe34920cf0befafed5d5fa40d1a723e121830132db81d3d

SHA512
aabfa4ec15fee097e1bbb782cc2cf111e627652ab5bb5dd9015cdaa1247db9ce605553ee0f297985cce3ff2a17cc0361e856d029fa8e83bc6c1972acc86aacf3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\21IVA4D4\vendors-node_modules_dompurify_dist_purify_js-b73fdff77a4e[1].js

Filesize
21KB

MD5
383e44dccc233540968acb7fef070359

SHA1
18a5430a0b2ca2bf000d86e08c54506a353d7c05

SHA256
e099ba09d44edcddf0de12aa96dbc7aae4b03749e57b865b7310d1b1cb6a8484

SHA512
b73fdff77a4e401513d1f7f003641c229d65e0dac7f94754956cd8006e8cccb576907ebd697dc75e857ced074381175db487ea75bba2ccc8238e913e20fc23a1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\21IVA4D4\vendors-node_modules_github_arianotify-polyfill_ariaNotify-polyfill_js-node_modules_github_mi-247092-b9c7cf3107b7[1].js

Filesize
16KB

MD5
296c61843cf768161b75f8ba7db0803a

SHA1
a2fe171b4773a7ee5fe50b463cef3cf99585a712

SHA256
dc3a837b7d3d883b43e92ca92dd8172255ee4a8254ae3d59075c955156d0eebf

SHA512
b9c7cf3107b742310fca225fd701b7035cf3f8ac9438c3b1e0bc1eead2c0747fc1e8ff9849df20f13e8ee54054ec0e383e6a35919f89d8bcee7fb9e123ea7bb1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\21IVA4D4\vendors-node_modules_github_selector-observer_dist_index_esm_js-f690fd9ae3d5[1].js

Filesize
9KB

MD5
e131f8c9b77918aeb94fd82199a423d6

SHA1
71eaae086cd44a8904f39d27fb5387bb957976f0

SHA256
01f9a0ec0bb24312ae0395b6aa238f8d910dc35c08ef5a25a1e9cd8feac83c32

SHA512
f690fd9ae3d5a240e479fea97ac82940f136f3f2e0262cac840345f2b956123117ca94424dc354d90d13f1c0169c24b19526505bb2fad70c8c364899474a9495

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\21IVA4D4\vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-56729c905fe2[1].js

Filesize
9KB

MD5
2eb9961e08f81bdca617ddb67c2fb708

SHA1
15cb6d7ffe93324b38bb62bcc4ff14d1a57f94bb

SHA256
0f2cd40ad364711db1fee03cf9f6ca04fc56f5c3ba497dc476c5879e129d968b

SHA512
56729c905fe263a6b7978bc67c09b8dab69592e21aa9addba78866790bdb2dbd85e41e6a6663d511e73a8edeb75933b549b3c393a465748790a6fd50b337cee9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\21IVA4D4\vendors-node_modules_primer_behaviors_dist_esm_index_mjs-4aa4b0e95669[1].js

Filesize
16KB

MD5
6c7c591d15bb45ff5685123849338fa3

SHA1
7f1c36b3fede6c0020efbe6daf49edea2ff28082

SHA256
a020d57ae1d21c34a4ce98538c1c63f112fd3b7a5e4809d377356df0d74b9dd9

SHA512
4aa4b0e9566911a02a88dd7c9489c05aee4819549b15d3139cc22c2e91dd44611bdd25754c8677bad0c239f59395eb9b62031cd8f1845f5d68dd57d71f790148

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-d0d0a6-6faacedf87fe[1].js

Filesize
17KB

MD5
e26b7d5406a2ffd2cebb7069e6d8205a

SHA1
0ae2c5125267b01c95f090ada0661646bbe9fc54

SHA256
52a2e372d0d91574009c664f146ed4d3506f4d8f2ae6cb749049a17daf769702

SHA512
6faacedf87fe21f4f90aac47a9a1369fe87e2638d9e227441078d0e9815250d2253ccb5926a42aa22d387cd630c98107f998be8feabe76b32f6054f38dbbc4ed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-aeae6fcdf371[1].js

Filesize
11KB

MD5
b2958aff0cff1327739cb5f8cb1e6f5e

SHA1
db1cf967cfa841741e99dff1a862bc7f71a921d0

SHA256
964c451b19206c8d5c38eef573fbaee22d5cf16153d7fa5d3e1ff6cc6bdea180

SHA512
aeae6fcdf3717d89b8aa808dde59986fd48dd3d8d03cc9ca6072e3537f34ca564bc5202b4034541441feaadc9e30fc519d6ebf45bfba1f30ea740e0d9f07da42

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\app_assets_modules_github_behaviors_task-list_ts-app_assets_modules_github_sso_ts-ui_packages-900dde-ab87c1d6c5c8[1].js

Filesize
13KB

MD5
b21890d8481d25b90a00e3ed03b50ed2

SHA1
076a919247341bc75956932151e5503dced4506f

SHA256
c9b49f15328cbeb36c21dbd6d8a92d7a4b49e0deab7f160db26d9873610e7779

SHA512
ab87c1d6c5c8ff03e5e5bd8862d2409142547b55b646f13d4359a3bcafd07da55b216511dbd526c93956b3f9e7370f9da9beb6d013c1a6f70aa2f44bb363ac17

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\app_assets_modules_github_sticky-scroll-into-view_ts-112600808cf9[1].js

Filesize
10KB

MD5
df07a1b760a955a9549078fd16f19934

SHA1
ff64f8bae2c22502111201422afb4f64aac7ebaa

SHA256
3cb902578dbcc1d6a3b67aecd7ee7f6dd086a3093655a292f78a8e3c6974212e

SHA512
112600808cf97132db023097b068afb0b49f7019b4333ec71f7fdb4070d69f6027541eb9437e3091c2910d47dea3a4be4a9aba67dcbce3d738897e6871592f21

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\dark-9c5b7a476542[1].css

Filesize
48KB

MD5
c21f8fd1aa4306567381fc98c4658451

SHA1
8b1a242ba7d5c59596d31580b5b8f4a7bed32726

SHA256
396d793cf41edbb2964b3993c58be3224430678db6de696a3940d01eb3ab43b1

SHA512
9c5b7a4765424368e00d62b4ae89aff8c5b86fc4e93b09d49ac4d1b18f65ce9dfd3fae52e9ac25bb0d0a024ea9a08e638a36cdc278111cd7e62c5be38a1fd23c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\element-registry-27e08d9796d1[1].js

Filesize
53KB

MD5
c799f100161fc3594ed415f3652dcb33

SHA1
c4fd0e173e4e8bce1cf97c63e492443a662114b5

SHA256
ef972a44e4918eadf133addcc5a211334a62b35d9c8ba8cf0a79349039ea979b

SHA512
27e08d9796d190062c7a96b0918ee0a228402997668c015dcf029bf549e3bd34fac308c3974e66c622cbba0c6664573571e1bae4193ac3b68b5886ae7a73e15a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\github-elements-dff955edb4df[1].js

Filesize
36KB

MD5
c974bead6022377e1d915cf98a5dbdbb

SHA1
1b2554b9b6f9386a75d3f137b48c04966ef5cf53

SHA256
7c7c87e7dc1103892b7adba56588829ae6d1c2416c929b9e818785e247dedb68

SHA512
dff955edb4df2b80dbca0e30eef2d30aeb0f15296fbc3193a5f46f12a9138ca9a9d8c6163ecf68be66d70c204559437c271b9df0f3ba323f6bf645509e86bb94

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\primer-primitives-4cf0d59ab51a[1].css

Filesize
8KB

MD5
095a01e2f3bac9b2b48bb28ad38a4a8d

SHA1
91855599af787299cece3999adaa4e440dff84dc

SHA256
555bd75cf2fad0dcfcbb3578d074a907d437f0832629f3d6f83c9cc4ae8b4eaa

SHA512
4cf0d59ab51a237735819fe02c3b39528990b6717c4d555dad7053a842ac428aad3166e66699e3277cd4d4d3a3e779b4896ef42b1c26934e0349b706d3c077c1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\ui_packages_updatable-content_updatable-content_ts-3f4401350bd7[1].js

Filesize
12KB

MD5
fb17dee4f53d0bbab48142b0346696e2

SHA1
487bc2510708c4bbc0200938417eba04e0fc23c5

SHA256
0292f0115d49592140765c755e25d4391a280094e8492b36986aee28670e9ce4

SHA512
3f4401350bd7c887eb798d2dad80b84742ffb948051c33d8b86a2349fa88a763dea27e60f735b45f50b53bd1f515b7b28e1f100fdc7d7eb298da7bb573a921ec

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\vendors-node_modules_braintree_browser-detection_dist_browser-detection_js-node_modules_githu-bb80ec-634de60bacfa[1].js

Filesize
16KB

MD5
6d0190b1025c7e9e086d6f5c11885986

SHA1
a28ddb8d44802567c12fb62877f4ba5d1dcf7e20

SHA256
395734038e039e2749fd0b9bed53f15debc1d391aebdaa05a3cbfd96e3a42157

SHA512
634de60bacfab016d7cb9ffe97df6b5b7533845d696adab4afd9ed684466e0b0d604a44b259c4569713ffd06e8f5d6a7d066162193b581e196d66e88c1b92bc5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\vendors-node_modules_color-convert_index_js-0e07cc183eed[1].js

Filesize
12KB

MD5
b36809a997ce5e5ad8b0b4f661ce60d1

SHA1
fff11cfd01b744a770de926e13dde8f546e565e7

SHA256
687890a8b37083fcbd85fe5fcd960a6d80378b01a5f86287f207bb7c807b5ee8

SHA512
0e07cc183eed2b6d1302e51254f6b4f204a920873dadd83581483d52bf9a2e6537ebbb0417eb04567411dac64232653a0d046abf2c31c4809bc72fc6603b0749

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-f4b251-f7c3b6081b19[1].js

Filesize
13KB

MD5
07db8fd7c0d6d1d98d1e07156a23c873

SHA1
26c0a8e9de88a9e88e96985613b9145ecc294d2c

SHA256
18c24a8fd0f795bd9220dbdd2ef08c8b0ee030dc0123af5a570555d94fc61dbc

SHA512
f7c3b6081b195e4be03cb8c99b16624a685f2f7a3c39a9bdcc0f8e439019e8ab6640a0a2673d5597dd1808f149371a05c9be8a9ad7f41759e6ba4a3433ce0cff

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\vendors-node_modules_github_auto-complete-element_dist_index_js-a164c5ea9f62[1].js

Filesize
13KB

MD5
203cb83362a88a295c23c88e26320253

SHA1
ba89a34554422d79c91873fdf7116cf9e4caf1c7

SHA256
a3c06fd5154472e1d8c8cbf2105912205a4fc75b9b6a75b273859edc30bfbe9d

SHA512
a164c5ea9f62fce49ae15eb21bd3f1a3bddc116674e712f7a53053fb64ade3c0aaee903a8d841ad82f8a54e658f3bb877076de25ac69437ff5529a3e4aaaba95

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\vendors-node_modules_github_catalyst_lib_index_js-node_modules_primer_live-region-element_dis-037ad60-8582b70cd5a9[1].js

Filesize
13KB

MD5
2bb0a5de6665292fa47b134bf4b640f0

SHA1
3fa858e90927a3b3e5076692a12f35dc7a9e8459

SHA256
202852f5320e7a469186d28d5b4516c8ad2008b66e1004c101277e8d0e8091b7

SHA512
8582b70cd5a9e191e05e8269b9051da40a59c48235de610edde46afcd1d3112054ec7d0cf4b392e8e622a06099102d4597f52c8cf3960b3539306f100d6c0fba

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\vendors-node_modules_github_combobox-nav_dist_index_js-node_modules_github_g-emoji-element_di-6ce195-53781cbc550f[1].js

Filesize
25KB

MD5
896d45da47a32f17f2f9b350410d86fe

SHA1
13aa52de74330cdbbf5657a298f93ffc46ef411c

SHA256
f95458f0e335750db2ea56f2e5a353e2ad8ae6e7e36bc0e717c5c768acd7fe2b

SHA512
53781cbc550f5e6b4bcee8ad28578ae69cf5fdec325c8976ed47227e6b30395d21e24513f3500cdad7cc7ca0cbc95ac7107913413a36954e4dd259e233f9d1ce

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-21f158-7d460d5f7704[1].js

Filesize
95KB

MD5
5bf05269966ed3ab00e8a8638b9fb224

SHA1
b3d4e70a799d43b811cb1c0c27c7830f3840f9a6

SHA256
c592b233d3afaa7e60dc16f510bd023fa957922d2c7b84277e0a775b4ce635c3

SHA512
7d460d5f7704d3b5fce190efe085c3dd41affa2ba5cd77dc9507dc5c0bb2dceb9384405da605411bbfb98e732a3c7d6a7e6d24cabc163d625b028731b5541d4e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-d1a841-8f251a0656e7[1].js

Filesize
22KB

MD5
8c557e610c6b359c85f8e2fb2d7d7a89

SHA1
2047d14a8a0a01a3fea77da84585c89b9bd9875f

SHA256
1d3779a9c6dd13af8d7f1e60be1c2e4f08dcfc03a6921c0a83be4f49d631cb6b

SHA512
8f251a0656e7712b5b54eb6e41e9b4fb2a7f0ae4ee6c65a03ecfc0bad475fdcc56191fd588d9fbe7f93bdafd2545d37ede16ba0e8d03d3f4d2aa986fab7c9087

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\vendors-node_modules_github_hydro-analytics-client_dist_analytics-client_js-node_modules_gith-f3aee1-e6893db9c19e[1].js

Filesize
9KB

MD5
047d853fec811d81d3c1c8ec87f9b472

SHA1
a35d29910fbca71733d28e49600a4d07cb72326a

SHA256
ad73313e109c376d8d299713e3d5c16844f4fa717efec02c2c7d35f86840fffa

SHA512
e6893db9c19eece62f53b50247b78b68b30bf4e2af9624f302551ac10d3e9d49cddc2f1097d7887ae525c2f58cf6a89ecec3872495803f4a4f78a496af5f3c40

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_morphdom_dist_morphdom-e-7c534c-f8a5485c982a[1].js

Filesize
5KB

MD5
e87764e4b54806bd9528e9413f05201a

SHA1
5d1c284dc8e2d047de24f8380f71ea9989d732bb

SHA256
a38e79c76a05e2473cefde9829cb125563e2bb06965aa3d0a41b314816bd1097

SHA512
f8a5485c982a797682c4138b024f83ea2669b7b7458c2d9eeb2c18526260e2dde0b3bc68d98415f8513e4ce099e46783a9ef8ad08b58929ca66972630953822e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_stacktrace-parser_dist_s-1f651a-0cff18664748[1].js

Filesize
12KB

MD5
b1c9bc1c360ac097bf8c8d7e1339478a

SHA1
e04284f9d750aab54a4c7565e0fa3161f22a06fe

SHA256
d8cb42a80155e1207cbb43a6d2c4f36340e341412f9fb33a9b90250da5364443

SHA512
0cff186647485ad4e6f6d04d6ef15bad5616957ef7572bfb48315701ba93eec9c9e15f304ef0a123b34973943f8ef3325828b818fb885516c855dd296b33e47a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\vendors-node_modules_github_quote-selection_dist_index_js-node_modules_github_session-resume_-9a8cd2-373766bf71f1[1].js

Filesize
40KB

MD5
4deff3c4a3a151987ca471f575325c47

SHA1
0b3931a774292111eff8c127599aa6a815acb165

SHA256
ef13136eb8c31f7bd51b3b6e6825a265db9bf466c484daf5a5a41d6c4370532f

SHA512
373766bf71f10c4bf8a4acfb54ea9246996bdf3e7476d8688c6cdc5f95cf1a280e578d9d6c14a9d4a10d75693410ec7626b0fbe33f7ddcc839aaec8e928fdd53

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\vendors-node_modules_github_relative-time-element_dist_index_js-6d3967acd51c[1].js

Filesize
15KB

MD5
e89cac3e3116110f5678d2857d9803d4

SHA1
c357fa95477a3a0a1a63dec0e9d2433d172bd005

SHA256
bf6dfa6b068f933d79071102dd912171c8feea27e9bb3f332ec9e6c358e199a2

SHA512
6d3967acd51ceaed2dc7390dea496c2db52afe8eb556126ee2b2f52b0b127e2869a921146554e8d1809ef22c2aba53019700a283f4362d85b226ad6fb1f5871b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-893f9f-6cf3320416b8[1].js

Filesize
9KB

MD5
fbbd4bcc22313de76bcd2b3e4bb12e0b

SHA1
1422fbb0c4a416eb66e429d2cf797ed29a70dca5

SHA256
8060d4de1a065854c98adcc50f292dcab8f424a9edbdd4aabb7409cc4c6eab99

SHA512
6cf3320416b89fca281c439927ac3d76da74f9463345a891c4904c8e50b476e21d11ed06aa2316ce770c36f18337aa4e2619bd3fd28a4cc8454d649110060726

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\vendors-node_modules_github_text-expander-element_dist_index_js-e40ed7658a74[1].js

Filesize
14KB

MD5
228c23e82e6508008d9d90c7c5e5d676

SHA1
608ba2203b26ba3953164f4cdc082010bbe5b515

SHA256
0a539066142a2dbf1e6dcdf2a49ee64839c7e73851a3c18cedec91f41df13b5d

SHA512
e40ed7658a745cfd613a689cfda47868a3075c0ae08eb872b00a606d310684bf20c98551f1aec7ec196830ac55c01f51985ad5e08a8b953583a306f23aaa1c20

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-858e043fcf76[1].js

Filesize
75KB

MD5
bc119e97d7bbac343f62984dc8d4dcfb

SHA1
b7fe0a56ce370e54bad0aae6d96bf52cc192a03c

SHA256
09620d3f9286d39a8eee8f036655e3555fab6c6b6ea0abd84a466aff8ae3814f

SHA512
858e043fcf7611a217e05ae5a181c4addfa23f21a298036b48430fbaa153a7248777408c1238742e7f6c53cd6bb4a1d6b6f60344048fa3714df464ce44b902e6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\vendors-node_modules_lit-html_lit-html_js-ce7225a304c5[1].js

Filesize
15KB

MD5
b4de96241178473d9f682dea5a92e41b

SHA1
e274c147c9bcb636b3bf4f9df1acfbada27d8a90

SHA256
c823056c4e37d95cdee809f535000bb37b9c8d956ab0410c98a6f4a8fab4f47f

SHA512
ce7225a304c5935fa3fdab2e736d9738651ed0fa6f4503bb65deaee022bc03c3033170d53adc2c1a77c88904ea14a9603519b87990f04e47885209a53c893056

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2VU64WB7\vendors-node_modules_scroll-anchoring_dist_scroll-anchoring_esm_js-node_modules_stacktrace-pa-a71630-67856ad29bae[1].js

Filesize
12KB

MD5
b984696210a2c3f1453aa68bc3968cfc

SHA1
cee0b717b546322023326c967463cb85c1ee3e72

SHA256
b1a8eae7c45252f27bb068d7db3d9ecc7c493cc746f05523ae86a71c766e7eda

SHA512
67856ad29bae3587bf500a15af63375a25b83bb3fd3dea57dfb135c720e4885014eaffb6065f991844d8f09b0cb2606266537068cba0d90c10d3f0b0ce378a7a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I05T464A\code-5fa7b9088c7e[1].css

Filesize
28KB

MD5
3d3d5cfa1c6cb53a996a6f1b8828fccb

SHA1
6b894d496e88bc5623d56b419f8b37e12eba88bc

SHA256
184feefeefe33ded252d65bf7cb6b73b16bfeaa175a5a061a37fc3b5375411ea

SHA512
5fa7b9088c7eaa47f3891c887eede00a6d5665e11d63fb5456d9353323ecc936bafc30df73711c403f9ff895b7888dc746df4c6e84e34bb3f5ec577db4cddce9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I05T464A\ng2-raider[1].htm

Filesize
299KB

MD5
e1aae86d87ed6dc0979262dda7f3e923

SHA1
9b5b6b36e4eea17b18df89ade7173c9b3779e068

SHA256
2503b0cab31b067e487ec5ee712ba581df0dcc64fabd32e24215c15178ade79c

SHA512
776248a6c37d5bb5844acbad52b6867b5a2b7e41ca567b8f30af976587e30dc5dcc142393f06f731d27291f20b26ea355bf3f37c238c1c2cb7731404dbfd72b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O7BCDYTA\repository-0f7cf89e325a[1].css

Filesize
29KB

MD5
1680289ab5dba7c7d2f122630b9c820b

SHA1
d24856e6233eb9a45e9b60e822c6dd92f32efa40

SHA256
81488a04cf8146db85d91c58695d5147a7a02d6ac61210d83decf90fe5ac9247

SHA512
0f7cf89e325a36d5dad6762760cd27d42e2b00c2adde6c5916a1872e536ad2eb02ddc58b4e5e67fdcde705677429cc8c353a8669bf0c4cb678b9053530716b0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A66A8DB907BADC9D16AD67B2FBFFDD5C

Filesize
281B

MD5
800e09a7c1e1c34f005969e27a41c30b

SHA1
6787b33fefb90d17cef9dd25a0c7dc3f64a5552f

SHA256
8a21e02070b91dedf2a7e5761c196f32e469862ee1fb5efa65342410d65ab342

SHA512
efadc02837b1665a5c1744888b74f1d9f3c9a3be59b5155da2b49e166ac9ce882ef5b709d4cb716f2fdf42c9450d7158acfb2b0e488ed7c1c6ff2cbf15581d27

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
1KB

MD5
25c54fab7220ecfc73a988bf72d56cca

SHA1
5f0f0a726613fbd50006545ddde92110b971d614

SHA256
1bb22f0189b4f8002ce72f04ace06dbde14f8b6feded81e8c239faebdf11f513

SHA512
9f1c882105d0cfd2cfd3b1fd0b166d592ac2248c4d1322d85cf2b1d3c4b41c184a7312f0a0759e67c597829d9613a67595c89ff5320137dc89a77bc1dc639af0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
979B

MD5
9f3e8c2907cd62e912e00b6140bad286

SHA1
dd0af1509676dd3e9e41a80c605e9a79002ac547

SHA256
1fe2e880f935d802ca1ae4e5fcb0fd12ab600193d8400527a7a7079e6833ceba

SHA512
fb8d0e264d0b430be3a34dd910bf8d04485543bff0855b704ce6ee4be168553d4dc38397770b7c4e8eb9033dadfdea4d538f7743719fd763b35e2f35fdc08c7b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5C

Filesize
480B

MD5
1c7f40c80b5d899a19c34e28c6d91a27

SHA1
11d8b1ff3e7751b2a20842600f61be0e51a86fdf

SHA256
285face816fb3df12d97ed9f627ab25ba59a738f300106c8c4f0cd71047e6dc1

SHA512
04c3a684d7d5b22695aaf32e7899d649054ef1d94e7fe28f92f859aa2ead080a612582becdc542afb0ebcdf54f93c2af04be2a71687a66137a12cdea405fa313

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
861aa9b3e0b2fb49ee105bf9f14e9fd3

SHA1
8169d3eca9061d17c8cf146d20b2a11a2570cf0f

SHA256
f0247c4be82511d5f270b233bae4bb0bc22e10d18043b6ad236de586072d52a7

SHA512
fef7e511d807d871dbe6380f07350884d877efd8c12933e0cf430a80ddc8e06ef1655b05c4064bf5539ab47a1d7ad5381aac9b36a1f46c17c1568dc847f90805

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
6198bdc799b8704274e411ad5a866564

SHA1
96fa10e19db8624bc957a13d93ca6e668356cfa7

SHA256
a53967f404259d3dc5b93a297c309f7cf630bac284f4179ad30e79a1f25909e9

SHA512
25ebafbbbaa0cdc5e5dccf136a2fc2817981672220398e0ee73ed1fd0e5706c7779832b3d88eac85c419c5deeb8a9af474433bdd2ef12e98791a92168bb35114

Download Submit
memory/596-16-0x0000020C14620000-0x0000020C14630000-memory.dmp

Filesize
64KB

Download
memory/596-35-0x0000020C13660000-0x0000020C13662000-memory.dmp

Filesize
8KB

Download
memory/596-1-0x0000020C14530000-0x0000020C14540000-memory.dmp

Filesize
64KB

Download
memory/1060-44-0x0000026311300000-0x0000026311400000-memory.dmp

Filesize
1024KB

Download
memory/1060-42-0x0000026311300000-0x0000026311400000-memory.dmp

Filesize
1024KB

Download
memory/2880-63-0x0000021BCE500000-0x0000021BCE600000-memory.dmp

Filesize
1024KB

Download
memory/5116-215-0x000001B9DF340000-0x000001B9DF440000-memory.dmp

Filesize
1024KB

Download