nanocore | hxxps://cdn[.]discordapp[.]com/attachments/1228008626753372180/1248329617203527851/stub_safety[.]zip?ex=6704c4cd&is=6703734d&hm=107dffaba4b0aa177a50b58efc0b0ab89a5618e6c913d379d0e189c354712082&

Analysis

max time kernel
142s
max time network
147s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
07-10-2024 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1228008626753372180/1248329617203527851/stub_safety.zip?ex=6704c4cd&is=6703734d&hm=107dffaba4b0aa177a50b58efc0b0ab89a5618e6c913d379d0e189c354712082&

Score

10^/10

nanocore discovery evasion keylogger persistence spyware stealer trojan

Malware Config

Signatures

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

stub_safety.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	stub_safety.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

stub_safety.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	stub_safety.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	stub_safety.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

stub_safety.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DHCP Service = "C:\\Program Files (x86)\\DHCP Service\\dhcpsv.exe"	stub_safety.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

stub_safety.exe

pid	Process
5808	stub_safety.exe

Drops file in Program Files directory 1 IoCs

Processes:

stub_safety.exe

description	ioc	Process
File created	C:\Program Files (x86)\DHCP Service\dhcpsv.exe	stub_safety.exe

Drops file in Windows directory 5 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

stub_safety.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	stub_safety.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 20f99386ea18db01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\OneBoxLoadAttempts = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "435087272"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "132"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "233"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Packa = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "124"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "434467813"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f63fa722b818db01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = d0e1113eb818db01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "23"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = b0f8b45b0f23db01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6392183cb818db01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 0100000078e369835ad4bc40aa4d69e3adfda337b899a3e18ec1459d17566cf4857401ec408597fc010f85d9b43d9df8f82aa8d94810a807cde32bd9adac	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "648"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs	MicrosoftEdge.exe

NTFS ADS 1 IoCs

Processes:

browser_broker.exe

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\stub_safety.zip.co0wxw0.partial:Zone.Identifier	browser_broker.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

stub_safety.exe

pid	Process
5808	stub_safety.exe
5808	stub_safety.exe
5808	stub_safety.exe
5808	stub_safety.exe
5808	stub_safety.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

stub_safety.exe

pid	Process
5808	stub_safety.exe

Suspicious behavior: MapViewOfSection 9 IoCs

Processes:

MicrosoftEdgeCP.exe

pid	Process
308	MicrosoftEdgeCP.exe
308	MicrosoftEdgeCP.exe
308	MicrosoftEdgeCP.exe
308	MicrosoftEdgeCP.exe
308	MicrosoftEdgeCP.exe
308	MicrosoftEdgeCP.exe
308	MicrosoftEdgeCP.exe
308	MicrosoftEdgeCP.exe
308	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exestub_safety.exe

description	pid	Process
Token: SeDebugPrivilege	4332	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4332	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4332	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4332	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3616	MicrosoftEdge.exe
Token: SeDebugPrivilege	3616	MicrosoftEdge.exe
Token: SeDebugPrivilege	5808	stub_safety.exe
Token: SeDebugPrivilege	5808	stub_safety.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid	Process
3616	MicrosoftEdge.exe
308	MicrosoftEdgeCP.exe
4332	MicrosoftEdgeCP.exe
308	MicrosoftEdgeCP.exe
4524	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 33 IoCs

Processes:

MicrosoftEdgeCP.exe

description	pid	Process	procid_target
PID 308 wrote to memory of 664	308	MicrosoftEdgeCP.exe	79
PID 308 wrote to memory of 664	308	MicrosoftEdgeCP.exe	79
PID 308 wrote to memory of 664	308	MicrosoftEdgeCP.exe	79
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 2168	308	MicrosoftEdgeCP.exe	80
PID 308 wrote to memory of 664	308	MicrosoftEdgeCP.exe	79
PID 308 wrote to memory of 664	308	MicrosoftEdgeCP.exe	79
PID 308 wrote to memory of 664	308	MicrosoftEdgeCP.exe	79
PID 308 wrote to memory of 664	308	MicrosoftEdgeCP.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://cdn.discordapp.com/attachments/1228008626753372180/1248329617203527851/stub_safety.zip?ex=6704c4cd&is=6703734d&hm=107dffaba4b0aa177a50b58efc0b0ab89a5618e6c913d379d0e189c354712082&"
1⤵
PID:500

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3616

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- NTFS ADS
PID:360

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:308

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4332

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:664

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2168

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4524

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:1324

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Temp1_stub_safety.zip\stub_safety.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_stub_safety.zip\stub_safety.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:5808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L5P12AEX\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1H4GWXZX\6mZmj1db42G_jniFgdT7MCvBgyA.br[1].js

Filesize
667B

MD5
2ab12bf4a9e00a1f96849ebb31e03d48

SHA1
7214619173c4ec069be1ff00dd61092fd2981af0

SHA256
f8b5acf4da28e0617f1c81093192d044bd5a6cc2a2e0c77677f859adcf3430ac

SHA512
7d5aae775be1e482eada1f453bea2c52a62c552fa94949e6a6081f322e679e916b1276bb59ff28cf7c86d21727bcc329ecb03e5d77ca93204e0cd2694faa72bd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1H4GWXZX\8LIV7VPMYjV_ya4Ggnu8LBWQIQQ.br[1].js

Filesize
1KB

MD5
d81844c2ebcf5f3260a692e3e89dde7f

SHA1
5a3874fb9f597e42fdd94e5bc5da0a709b70d57a

SHA256
9905f086f3f40ac4b8ec2c9f0752a157ed637b2ffc2c87971e8306d6cb12fe9f

SHA512
8005f3ebd5bc8dc903917df581563595ea3e427f31992260aa4e6ed8bc30095442174ad153a83c378575ffb2de878338b0e87d8cdd57dfdc49e646ca9e4ada77

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1H4GWXZX\910ptS3pcIDQ7a5acMaHuQliuN0.br[1].js

Filesize
1KB

MD5
8898a2f705976d9be01f35a493f9a98f

SHA1
bc69bec33a98575d55fefae8883c8bb636061007

SHA256
5f30270aa2dc8a094d790e1e4a62b17c7d76a20b449d9b69af797a55fada9108

SHA512
c8575df93fbd1f65a285d484257adfe12733e47a6524a18d5910d33562eefd1d9da7197d16c7a3cad3bc5ad89546ff0fefe90e5c96e7850ecec9708c90334349

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1H4GWXZX\9MqrCXB0EVjVIRzDOArDGhu3yeM.br[1].js

Filesize
1KB

MD5
56afa9b2c4ead188d1dd95650816419b

SHA1
c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6

SHA256
e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b

SHA512
d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1H4GWXZX\9xGNA8UskvA9WHF58zbLOHZ5HvI.br[1].js

Filesize
511B

MD5
d6741608ba48e400a406aca7f3464765

SHA1
8961ca85ad82bb701436ffc64642833cfbaff303

SHA256
b1db1d8c0e5316d2c8a14e778b7220ac75adae5333a6d58ba7fd07f4e6eaa83c

SHA512
e85360dbbb0881792b86dcaf56789434152ed69e00a99202b880f19d551b8c78eeff38a5836024f5d61dbc36818a39a921957f13fbf592baafd06acb1aed244b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1H4GWXZX\NfTD8Ovh04Y_Ni14YxqYB8R_2_Q.br[1].js

Filesize
888B

MD5
f1cf1909716ce3da53172898bb780024

SHA1
d8d34904e511b1c9aae1565ba10ccd045c940333

SHA256
9abac0cbfa6f89106b66cd4f698ead5ccbf615ecf8cd7e9e88567a7c33cfec01

SHA512
8b641e93405565b4a57c051edefc8e02d6c929ddd4c52f9bfbd19c57896aa40426bf5ed6760dbd479719561c4f0a25bfc4102f0f49d3d308035c9ca90b1d0fce

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1H4GWXZX\UftfQbYuKvGGEUHPU3QGHYd90Z8.br[1].js

Filesize
674B

MD5
8d078e26c28e9c85885f8a362cb80db9

SHA1
f486b2745e4637d881422d38c7780c041618168a

SHA256
0bf9f3ad9cdbbc4d37c8b9e22dd06cc26eea12a27ef6c0f95db6cbe930177461

SHA512
b808a972cd44e6bda01ac1f8d904d5a281f33b9238b8caab03decb6adb6b494b19dd9bb35e3d1ea3ca914ff4957155f6d2cb5a9b3a00c2195f80f52804ffb244

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1H4GWXZX\V_fBQ_iVmAgE_Ta_T-6BNXc0ZY4.br[1].js

Filesize
576B

MD5
f5712e664873fde8ee9044f693cd2db7

SHA1
2a30817f3b99e3be735f4f85bb66dd5edf6a89f4

SHA256
1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2

SHA512
ca0eb961e52d37caa75f0f22012c045876a8b1a69db583fe3232ea6a7787a85beabc282f104c9fd236da9a500ba15fdf7bd83c1639bfd73ef8eb6a910b75290d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1H4GWXZX\_2I169N92jVtSc_VEsV0nma5sRY.br[1].js

Filesize
622B

MD5
3104955279e1bbbdb4ae5a0e077c5a74

SHA1
ba10a722fff1877c3379dee7b5f028d467ffd6cf

SHA256
a0a1cee602080757fbadb2d23ead2bbb8b0726b82fdb2ed654da4403f1e78ef1

SHA512
6937ed6194e4842ff5b4878b0d680e02caf3185baf65edc131260b56a87968b5d6c80f236c1de1a059d8158bc93b80b831fe679f38fc06dfb7c3413d1d5355aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1H4GWXZX\a224OTR91R7nhnUp3RpvwJI8dVU.br[1].js

Filesize
19KB

MD5
5cd7e9ec89646c664e189ca7bb2a9841

SHA1
c662dd49f63a3a8c8d6f1ae4309fabb0965a9797

SHA256
ad87e00ca1f7a028f7f972199ce9b2b978306c5048ef90802f08bc17ea90a9ed

SHA512
dcf14925578a125109054b471a7006a41c98fef2843dcd4dbd9bd8ffdb4c0802488ed98cf0bd9863a7cff48c32c1be73c56097452ff4482d64d7e42b12a09e0f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1H4GWXZX\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js

Filesize
289B

MD5
9085e17b6172d9fc7b7373762c3d6e74

SHA1
dab3ca26ec7a8426f034113afa2123edfaa32a76

SHA256
586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d

SHA512
b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1H4GWXZX\iY8PAEydb3lbGfuJiuA9ICzXgY8.br[1].js

Filesize
918B

MD5
341fc0acd15df6d8a064e4c3a896f65d

SHA1
1258fd48a874d80cb635be454f9e4023a0df7c49

SHA256
4bc6635d4d95f9c05a91904b19370a40cc6e4c2ab43661c00615eddadefcf9eb

SHA512
6b552d786e782c36f17bee1a6ae204f1e8c9f85be5eb9adac1793d60b537cad13228cb2d4299949f051e6bc364c2e5a4105de9bbf2885f492edb425cb14ce982

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1H4GWXZX\mOy7YpeLJ3c40BBAFNUI6SmOUTY.br[1].js

Filesize
1KB

MD5
16050baaf39976a33ac9f854d5efdb32

SHA1
94725020efa7d3ee8faed2b7dffc5a4106363b5e

SHA256
039e6b3df1d67341fb8e4a3815f0d1bb3292a2040334ceb9cfc4a8d6abf2fb55

SHA512
cf0d54f0368ffbc6908216fd2573df8f5fe4c34ac08e17301b8734b3fabc674672a7f456707f632f82f44b36812dad8a0cf81a51d5cea21ea7f0e18500298375

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1H4GWXZX\t7vjQF3Su3ZV-EkXGBcNcV5x97o.br[1].js

Filesize
6KB

MD5
6904aba1ce02bb3a01b6550c4bf98a7e

SHA1
858127221daf72534247d665be661a175fad6dd6

SHA256
4492b7ef7f9e30168d8f6410ff6928fcc3019618019116f82b25459b9267b038

SHA512
ebd259047bcded6f925c3184a27d0d197d48b0ee3ebc2c12a27a2c9843b08c551d6dc34c299cd6e4931446f33c1d6bff3f8cdeb018fb6c614671cf43b6497585

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1H4GWXZX\xvEz2IbMlyghPZ3oNAHr9N-xMOA.br[1].js

Filesize
6KB

MD5
dc221228e109f89b8b10c48f2678fb46

SHA1
1bfc85cba5c424136941ac1dfd779a563b5beed4

SHA256
f4fb7234959f48c2b2ca73fd6c35d36eaf65d8c431d982a1ba208f5cdc766419

SHA512
46f49e5ac18436251778d1f50c027729a2442ed6541c3162d878720703e37797b6028d96eb1568c23ec5006fb022c8e05855e250d6a1a590f41e890866529cd2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1H4GWXZX\zlfm-hC70pZAs62UVTTl3KShKOE.br[1].js

Filesize
838B

MD5
8c8b189422c448709ea6bd43ee898afb

SHA1
a4d6a99231d951f37d951bd8356d9d17664bf447

SHA256
567506d6f20f55859e137fcbd98f9e1a678c0d51192ff186e16fd99d6d301cff

SHA512
6faa73d59082065426769a27081cbedcd22146ef948afdd9a86801f205b2dddc63e03ac5d555ef0af23ef05901ebffe7e8aadd82260ef505cb89d99e572fdf4a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\8CgcSSLayxEVUBf0swP_bQGMId8.br[1].js

Filesize
226B

MD5
a5363c37b617d36dfd6d25bfb89ca56b

SHA1
31682afce628850b8cb31faa8e9c4c5ec9ebb957

SHA256
8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f

SHA512
e70f996b09e9fa94ba32f83b7aa348dc3a912146f21f9f7a7b5deea0f68cf81723ab4fedf1ba12b46aa4591758339f752a4eba11539beb16e0e34ad7ec946763

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\8w26ODmd1hk4C30WJtfkdBYFSfE.br[1].js

Filesize
574B

MD5
072d0f8c7fdb7655402fb9c592d66e18

SHA1
2e013e24ef2443215c6b184e9dfe180b7e562848

SHA256
4cd4cc3d07bbacdecb7331bf78fc5353b4b2664b6c81c1c0237136123d8e704a

SHA512
44cecee114212d2901dd13f9200771c708ef6e89b9bdcb75edf898a1e39833aafa4c7f8ebfc2f613d46eeea35222a1dfee3671a1b42679a94beaec099164f009

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\AsdMf7D6KLdP5SQOeuSIZtV8-sA.br[1].js

Filesize
4KB

MD5
43b58b6b14b60581457ef8a405721626

SHA1
fa9da729b92847cc05ad81625b5667f299b75c08

SHA256
cef3b449403a4725a3866768f730e13f1bddec067cc67f306f023de2815a2789

SHA512
4c22ec83b8a81e0716c4ea9c643cfb4c4f9256447a114b7b0e05c0b38bc073f4a0538e2a385e963b3e2634ef34f66050ac2c36801772a345670409be8fd2e829

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\ID-70CBAEOXh6Nwxga-CxgpUq4k.br[1].js

Filesize
883B

MD5
fd88c51edb7fcfe4f8d0aa2763cebe4a

SHA1
18891af14c4c483baa6cb35c985c6debab2d9c8a

SHA256
51f58a23f7723b6cbd51b994cb784fbc2a4ab58442adaeda6c778f648073b699

SHA512
ffe417fa00113273fe7ac1b1bd83c98a3a9dc12d41c77b60c52cc5ffd461d9ca2020c2444ac43771d737c70c58eca40786a5c5762b60f30da523f709684510df

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\K_V1CARn2Q2lTs5njJKUvUkHyi4.br[1].js

Filesize
242B

MD5
6c2c6db3832d53062d303cdff5e2bd30

SHA1
b7a064a64ceae5c9009ef7d6d8f63b90d3933c9d

SHA256
06b77ee16a2cd34acd210b4f2b6e423762ea8874bb26ae5a37db9dd01a00ff70

SHA512
bc2d115b53035b700d727af9d7efaf32dd2a39a2344f3f5fa1a82586be849ec7803e8320661e66ab7dd2a17e64b7897e95bbd84502b91997fa46eba4e67e8c7d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\Yb-MiHwFpZo4XYbuuNLKCnyhd1M.gz[1].css

Filesize
715B

MD5
aca7b62ef304e4e17941914622bf3a91

SHA1
0d66f41d9084a43dd339dfa584d0c44fc3c438e3

SHA256
a4579184b85367432ce944bc8652024345ba631b3e16bcf6330a9be1c45c1591

SHA512
7bf21542a5b092d32ed1bee229447baecdb9c2e9bdc4ec7f6cd7101f84ce67039e2142ac6413b9a231a77a427e8959b99edbd2445c293af54c0135c7c303c344

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\eKvcHdnNwo1WcxoSioV4ztnfZk8.br[1].js

Filesize
2KB

MD5
fb797698ef041dd693aee90fb9c13c7e

SHA1
394194f8dd058927314d41e065961b476084f724

SHA256
795e9290718eb62a1fb00646dc738f6a6b715b1171dd54a3d2defa013a74f3da

SHA512
e03c4ab727567be95b349b971e29cffb3890cfb1a1ddf997b34b9d69154294a00a5112f4ffca4df4e26bbf96afa75e5943e965edc8f8e21035ed2ef30b7688d8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\gKwIRAF4fg7noG1zyeUz8x3Jdhc.br[1].js

Filesize
924B

MD5
47442e8d5838baaa640a856f98e40dc6

SHA1
54c60cad77926723975b92d09fe79d7beff58d99

SHA256
15ed1579bccf1571a7d8b888226e9fe455aca5628684419d1a18f7cda68af89e

SHA512
87c849283248baf779faab7bde1077a39274da88bea3a6f8e1513cb8dcd24a8c465bf431aee9d655b4e4802e62564d020f0bb1271fb331074d2ec62fc8d08f63

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\n21aGRCN5EKHB3qObygw029dyNU.br[1].js

Filesize
1KB

MD5
cb027ba6eb6dd3f033c02183b9423995

SHA1
368e7121931587d29d988e1b8cb0fda785e5d18b

SHA256
04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f

SHA512
6a575205c83b1fc3bfac164828fbdb3a25ead355a6071b7d443c0f8ab5796fe2601c48946c2e4c9915e08ad14106b4a01d2fcd534d50ea51c4bc88879d8bec8d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\nt6a1ZR520utsLoZmSYgwxdOPgI[1].js

Filesize
606B

MD5
0c2672dc05a52fbfb8e3bc70271619c2

SHA1
9ede9ad59479db4badb0ba19992620c3174e3e02

SHA256
54722cf65ab74a85441a039480691610df079e6dd3316c452667efe4a94ffd39

SHA512
dd2b3e4438a9deaa6b306cbc0a50a035d9fe19c6180bc49d2a9d8cdbb2e25d9c6c8c5265c640ac362dc353169727f8c26503e11a8a061a2517a303f61d0ccd3c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\stub_safety[1].zip

Filesize
3.4MB

MD5
a6c11b0e8033704b6764427f091b9c02

SHA1
d78e75d06f4bc87aca7cf76d48a6d48ddb7c3c56

SHA256
f628c99a2cec840448ecafacec237ac18dea746fbc0a5f05c05e233af73865e3

SHA512
03d4ebaeee536479cc441f44910a3e8aa250a0cbdae9370cf03ab23e1294bb093a46517521a81dbcb950e9b2ca54239267911b3441d11f81bf2ff87670c411fc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\th[1].png

Filesize
616B

MD5
63343141c64682bd3e0f711730475354

SHA1
a2a7298e8f58a74292885bae9a3f44c76c7aa945

SHA256
f90e661a7731c97e3478027d07afd8c86e461c5f379932e15efad17d0e96d402

SHA512
17f7f14b0c929164283d5fd7bc829d907b923bb12a7b9d6124a6aac64eb79aaa47163583acca91fc71047bb7bb707d649407801c8762d8942a44531da9559edf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\uiannz55FdT0j3p9jGwegfI5aIY.br[1].js

Filesize
1KB

MD5
45345f7e8380393ca0c539ae4cfe32bd

SHA1
292d5f4b184b3ff7178489c01249f37f5ca395a7

SHA256
3a40a1ff034448d68d92a75ababa09ba5f2b71d130f5f6bdf160dcf8851529a9

SHA512
2bfd00bf303ad5a1e8413b5ee6a162167605511fefb8df61a8f40f80382f5520df690a53b1058365f1d81562b2668376886d0f829517a642fcd87412801fe987

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\x12uI8Q-OP_G0YUbMcEKo8IIlH4.br[1].css

Filesize
50KB

MD5
319f554ab214ed6702d5d2894dbab0f6

SHA1
85066a911732ea9aa94ea23d1422f17446e1f6a4

SHA256
68662add453f7d4ac4220d76deb9507c9635890e2323299fd659dc613af0934d

SHA512
6969b054dbdcca749acbb693e3c07007b43e4199134996a939e4b3084a9797355c599cf04d1f008aff23a784a0e888dcea1fe54456863da6f21f5a4aba524dbb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\y1tiMssL1_ZRGIkBjxDYmR2kX8o.br[1].js

Filesize
198B

MD5
e3c4a4463b9c8d7dd23e2bc4a7605f2b

SHA1
d149907e36943abb1a4f1e1889a3e70e9348707b

SHA256
cfb7fa1c682c6eee2b763b37e002022463cd6435434a16f6335f33fb98f994a6

SHA512
3a4e38e4c631d8e845edbc01c986f73b0368f8049beea7a3e8a34bdd5864c34103a48b19749c11b5bcc71fdaa672ef6c42e305e1cc6b37abea934766f3deb068

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\yZjAz6-B4hIBhJ6D3nAyY_Ebn44.br[1].js

Filesize
357B

MD5
2df9793cf020a37c88178be84311427a

SHA1
29cfe86239722d4f4af07c494d676092896a8600

SHA256
a69d257eee41e843881d548d2e4ee5a0727b889ab22bffdaa8ed1074e802bcc6

SHA512
e9a35ec1e466feb3e273fb991a3282ba1c45fd0eacea956e9821914cc4261377684b062bde888ebf5767bbc055db191dc14e00af8037b5607449c06e5d2dd082

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\ydDuUFvQrnTEDpvE14Ya7abrPGk.br[1].js

Filesize
1KB

MD5
d807dbbb6ee3a78027dc7075e0b593ff

SHA1
27109cd41f6b1f2084c81b5d375ea811e51ac567

SHA256
0acdce370092c141b0c6617ed6e2163f04bb9b93d3213b62c2bc7a46fe0243c7

SHA512
e037dfc31d595b459660fe7d938eedb4f43d208d247174ee8d6fd0d125f211142cd73497e4601893cecb6f565b7e2e7815ce416d72bb95504d3f277e4e806d11

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WN3ARXN2\5L3iD467J3iJWEPwIjxlK0MMDpY.br[1].js

Filesize
1KB

MD5
2ef3074238b080b648e9a10429d67405

SHA1
15d57873ff98195c57e34fc778accc41c21172e7

SHA256
e90558eb19208ad73f0de1cd9839d0317594bf23da0514f51272bf27183f01da

SHA512
c1d7074a0ebf5968b468f98fc4c0c7829999e402dd91c617e679eeb46c873dc04096cbf9277e115fc42c97516a6c11a9f16afa571e00f0d826beb463e2d1f7b0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WN3ARXN2\9cuwOQ_qE7qTGKohzrf_gIjTlPI.br[1].js

Filesize
3KB

MD5
fabb77c7ae3fd2271f5909155fb490e5

SHA1
cde0b1304b558b6de7503d559c92014644736f88

SHA256
e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c

SHA512
cabb38f7961ab11449a6e895657d39c947d422f0b3e1da976494c53203e0e91adfc514b6100e632939c4335c119165d2330512caa7d836a6c863087775edaa9f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WN3ARXN2\Gw7eETSwe7GHmKwW1lRqGPQJXRo.br[1].js

Filesize
2KB

MD5
17cdab99027114dbcbd9d573c5b7a8a9

SHA1
42d65caae34eba7a051342b24972665e61fa6ae2

SHA256
5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de

SHA512
1fe83b7ec455840a8ddb4eedbbcd017f4b6183772a9643d40117a96d5fff70e8083e424d64deba209e0ef2e54368acd58e16e47a6810d6595e1d89d90bca149a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WN3ARXN2\Gyuq2bqitqDJM0BeAkbKXGlQXNw.br[1].js

Filesize
1KB

MD5
a969230a51dba5ab5adf5877bcc28cfa

SHA1
7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265

SHA256
8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f

SHA512
f45b08818a54c5fd54712c28eb2ac3417eea971c653049108e8809d078f6dd0560c873ceb09c8816ecd08112a007c13d850e2791f62c01d68518b3c3d0accceb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WN3ARXN2\K3hC1_cQXGFr6cxRJVWYpzZJaAM.br[1].js

Filesize
891B

MD5
02b0b245d09dc56bbe4f1a9f1425ac35

SHA1
868259c7dc5175a9cc1e2ec835f3d9b4bd3f5673

SHA256
62991181637343332d7b105a605ab69d70d1256092355cfc4359bee7bdbfb9c6

SHA512
cbb43000a142807ff1bb3bfac715cef1240233117c728f357c824ce65b06be493df2306c7b03598817f09b02e9e36ec52314f88467679c5bef3ee1504a10c7e6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WN3ARXN2\awRIKLY04rWw5wNlVL186SolQSo.br[1].js

Filesize
33KB

MD5
e4fb9b839186660b1f729b8df8c994b4

SHA1
931792cd70ced4ad586f6329c30c294ebea1548e

SHA256
6838611c8ab6539005e11c84ca308158f89a51db57a62caf21faab48bf576177

SHA512
625436bb52cbd7df7ed03be05fea52c5d54b6cc15037d70c268d9598e648a22246db902b9c6f097ba8b18bd924f6ab17120736285d54dce13773237f1669853a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WN3ARXN2\g2mFaePdYzQOubI8JEItbebrED8.gz[1].css

Filesize
824B

MD5
6d94f94bfb17721a8da8b53731eb0601

SHA1
ae540db8d146e17cfc3d09d46b31bd16b3308a6d

SHA256
21829c74fce2c9bbbb3099a7a487de71465ed712410c32bc6c69884db07a90dd

SHA512
bf33fb4858b56f888108bcd5c2691613b68715e260e59c1e37a050a709be04a8e0eaf5509667183a0d51f1201e58c02df4f744a0772242ee5b61595c44c072e7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WN3ARXN2\lLk8XmbdNzzlnPRzVzDhaF9yjqw.br[1].js

Filesize
824B

MD5
3ff8eecb7a6996c1056bbe9d4dde50b4

SHA1
fdc4d52301d187042d0a2f136ceef2c005dcbb8b

SHA256
01b479f35b53d8078baca650bdd8b926638d8daaa6eb4a9059e232dbd984f163

SHA512
49e68aa570729cc96ed0fd2f5f406d84869772df67958272625cba9d521ca508955567e12573d7c73d7e7727260d746b535c2ce6a3ace4952edf8fd85f3db0dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WN3ARXN2\o7B3FK6ymEOn7sBfZSmifVTwxPk[1].css

Filesize
6B

MD5
77373397a17bd1987dfca2e68d022ecf

SHA1
1294758879506eff3a54aac8d2b59df17b831978

SHA256
a319af2e953e7afda681b85a62f629a5c37344af47d2fcd23ab45e1d99497f13

SHA512
a177f5c25182c62211891786a8f78b2a1caec078c512fc39600809c22b41477c1e8b7a3cf90c88bbbe6869ea5411dd1343cad9a23c6ce1502c439a6d1779ea1b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WN3ARXN2\psgXZvzYJMEW2ydikIk493Va1d4.br[1].js

Filesize
1KB

MD5
f4da106e481b3e221792289864c2d02a

SHA1
d8ba5c1615a4a8ed8ee93c5c8e2ea0fb490a0994

SHA256
47cb84d180c1d6ba7578c379bdc396102043b31233544e25a5a6f738bb425ac9

SHA512
66518ee1b6c0df613074e500a393e973844529ca81437c4bafe6bf111cba4d697af4fe36b8d1b2aa9b25f3eb93cd76df63abfc3269ac7e9f87c5f28a3764008e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZKJ93ENO\tlifxqsNyCzxIJnRwtQKuZToQQw[1].js

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZKJ93ENO\x6CS8glKlDAxrUISUqfsWELwuk8.gz[1].js

Filesize
10KB

MD5
a11c94339eeee97cb5970f1e67d968c8

SHA1
67ec6b6f0883da56cce10a9d704718a2e1879f81

SHA256
075448f2e460e6e3e64ef93c8aa1291710123c60bbaeeaa3677e9b5630a472ab

SHA512
6dbe79f332d83ad6edf5927ed8a1882d24903a1cf6afed53b1c313b2694faa247638f8e704f0ebabc89aaae61cb0d76cff43fd1803515fec8b36db8dd1f816ba

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\CE6OL3GU\www.bing[1].xml

Filesize
1KB

MD5
d2fe841c0f48dca08697d9e61f5a903f

SHA1
eafbf537fff6321f62c8a72174475e0c935aecd6

SHA256
fc72fe09074b9bc874f5afb79560b7690eb6d7bb066d7ac6c32761ac727e15c8

SHA512
73872cfab56c7666c07db85d8d913169a58af9d0f0ba668c721a41083e24edc3d2e63e1c674e8d3c22768ed8a73543b4587b13c92e67efef29410df5d9d8f4dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\2X206TA8\favicon-trans-bg-000-mg[1].ico

Filesize
4KB

MD5
5879b2763fc53367a29f1e64721976db

SHA1
edee687feb0438fbb4fdf6e0b9bc941f2a0c464d

SHA256
b5f794efdee46f6e8759441cfb2bdc36640f50e47cad9f11cea18bed48e6c43b

SHA512
6b04809dad6d927b7c9fe0d674b8e14c9bb374ea069558e53468e33da76be44c8de6221f90f719462bcea90bec1a90ece58a706e440229ec78d81ba9063ad0f1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\2X206TA8\favicon[1].svg

Filesize
221B

MD5
245b6f249b722cdeb1d29455e7781fa4

SHA1
6364f43aa6225e642c1b7001cd436f2aa50c92d9

SHA256
f0d88cf32c5ee0030df2abb579468878f3fb8472e18ad74dfd1e5bf99d54351d

SHA512
13b2f5b48c151220835c136d838ca2f3256692d93c609d75415b58ff98a60e29b890f5bc142d1febaee599ddf3dbc9298f6ceabd596b8e844d2f5ddff4566b72

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QE6ZHUW3\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\WX2JLRZY\favicon[1].ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\WX2JLRZY\favicon[2].ico

Filesize
1KB

MD5
0e4715af1205ce06ff57ce9d076d32d6

SHA1
a755af5816f39d6a3a95ef84a05ba6e8bed1e525

SHA256
39a6ce45d727a3267760a5c9d9af63cd4c9ebae4b64f6cff47ecb5a6b3dd0b2e

SHA512
2ec2933f0603e2d4a22650609231d1fd5d71b4cf81ee38300b3c8b875c813a479b5f17634183d66f5af8705dbba3d5964ff4cc55973b54b75c333f654bfa0c68

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF9A54CC690F783F3C.TMP

Filesize
24KB

MD5
d3cdb7663712ddb6ef5056c72fe69e86

SHA1
f08bf69934fb2b9ca0aba287c96abe145a69366c

SHA256
3e8c2095986b262ac8fccfabda2d021fc0d3504275e83cffe1f0a333f9efbe15

SHA512
c0acd65db7098a55dae0730eb1dcd8aa94e95a71f39dd40b087be0b06afc5d1bb310f555781853b5a78a8803dba0fb44df44bd2bb14baeca29c7c7410dffc812

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T918P7WY\stub_safety[1].zip

Filesize
92KB

MD5
c77b16a5e391249f282b7d91bc586d6a

SHA1
29e2e64e40ca1fc2c72ccfa468a0be3e82891b7f

SHA256
eebb39b482e21f68f5a102b2104a5b322d55e3bc0a8d5aa88eefa4dbff26d826

SHA512
1e3ec751715a8ef9699e385f6f0700262fe90e8d1343c01b6e3d7d075dfa69c749076495971aba6abc005cdcdf7083523494ea15a6b25fbc4b5abb8688ee1e35

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

Filesize
313B

MD5
476f325468f43aa0857a4b3bbd8dee89

SHA1
4d1ca308b10aac8e322c6539bfa323c40e14dbb0

SHA256
21ab5dfc61ea58a61bcdd21da6d1875bf5e17bd599b1c70195395e1c7bde7d4e

SHA512
6bcd83dc3f4e6c4c29f314f0414d349277c1f01d1b6b59d07e9ddac22ab302886dea9e60ce5261790d0be2fb824f0f1a1abc2332bab19279f0bed3219e546ae1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

Filesize
400B

MD5
f48406c9c6961438bddee678f418e27b

SHA1
9c2c61e7258dd7b5d94b7c9ef8b093692b82356a

SHA256
efd0daacac97fc7ee1fb70fb02c51a35f579b93f09b60d6452f3ae62e039f12f

SHA512
8ba1251db6648eb44b3845e1037653daf537230499d032aa9d0d60c34beae911854bbe52e2929d2197b5f745e0b0671312576eb4ad47369822052d0b75c1a6d7

Download Submit
memory/664-62-0x000001BBCFC50000-0x000001BBCFC52000-memory.dmp

Filesize
8KB

Download
memory/664-65-0x000001BBCFC80000-0x000001BBCFC82000-memory.dmp

Filesize
8KB

Download
memory/664-67-0x000001BBCFCA0000-0x000001BBCFCA2000-memory.dmp

Filesize
8KB

Download
memory/664-58-0x000001BBBFA80000-0x000001BBBFB80000-memory.dmp

Filesize
1024KB

Download
memory/2168-76-0x000002EF9D700000-0x000002EF9D800000-memory.dmp

Filesize
1024KB

Download
memory/2168-392-0x000002EFADF50000-0x000002EFADF70000-memory.dmp

Filesize
128KB

Download
memory/2168-426-0x000002EFAF0E0000-0x000002EFAF0E2000-memory.dmp

Filesize
8KB

Download
memory/2168-519-0x000002E79B7E0000-0x000002E79B8E0000-memory.dmp

Filesize
1024KB

Download
memory/2168-509-0x000002EFADE60000-0x000002EFADE62000-memory.dmp

Filesize
8KB

Download
memory/2168-418-0x000002EFAE7F0000-0x000002EFAE7F2000-memory.dmp

Filesize
8KB

Download
memory/2168-517-0x000002EFAF9A0000-0x000002EFAFAA0000-memory.dmp

Filesize
1024KB

Download
memory/2168-420-0x000002EFAE9F0000-0x000002EFAE9F2000-memory.dmp

Filesize
8KB

Download
memory/2168-1001-0x000002EFB0F60000-0x000002EFB1060000-memory.dmp

Filesize
1024KB

Download
memory/2168-428-0x000002EFAF4B0000-0x000002EFAF4B2000-memory.dmp

Filesize
8KB

Download
memory/3616-0-0x0000022F13C20000-0x0000022F13C30000-memory.dmp

Filesize
64KB

Download
memory/3616-35-0x0000022F112C0000-0x0000022F112C2000-memory.dmp

Filesize
8KB

Download
memory/3616-16-0x0000022F13D20000-0x0000022F13D30000-memory.dmp

Filesize
64KB

Download
memory/4332-45-0x000001B115500000-0x000001B115600000-memory.dmp

Filesize
1024KB

Download
memory/4332-43-0x000001B115500000-0x000001B115600000-memory.dmp

Filesize
1024KB

Download
memory/4524-290-0x000001F5BB0A0000-0x000001F5BB0C0000-memory.dmp

Filesize
128KB

Download
memory/4524-167-0x000001F5BA980000-0x000001F5BA9A0000-memory.dmp

Filesize
128KB

Download
memory/4524-172-0x000001F5BAC10000-0x000001F5BAC30000-memory.dmp

Filesize
128KB

Download
memory/5808-2530-0x0000000000400000-0x0000000000CF8000-memory.dmp

Filesize
9.0MB

Download
memory/5808-2536-0x0000000000400000-0x0000000000CF8000-memory.dmp

Filesize
9.0MB

Download