d53a7858a392b314ef7e63d5d8d2f7fa8b6067dc0b9cc926adf219c0c4c0b768

Analysis

max time kernel
873s
max time network
861s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 11:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ZOD-master/42.zip
Size

41KB
MD5

1df9a18b18332f153918030b7b516615
SHA1

6c42c62696616b72bbfc88a4be4ead57aa7bc503
SHA256

bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa
SHA512

6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80
SSDEEP

768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK

Score

8^/10

adware discovery persistence stealer

Malware Config

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.80\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0"	setup.exe

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation	winzip28-bing.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation	winzip28-bing.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation	winzip28-bing.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation	Setup.exe

Executes dropped EXE 44 IoCs

pid	Process
6124	winzip28-bing.exe
3508	winzip28-bing.exe
2784	winzip28-bing.exe
532	winzip28-bing.exe
4720	winzip28-bing.exe
2356	winzip28-bing.exe
5416	MicrosoftEdgeWebview2Setup.exe
836	MicrosoftEdgeUpdate.exe
1064	MicrosoftEdgeUpdate.exe
4264	MicrosoftEdgeUpdate.exe
1928	MicrosoftEdgeUpdateComRegisterShell64.exe
1496	MicrosoftEdgeUpdateComRegisterShell64.exe
4036	MicrosoftEdgeUpdateComRegisterShell64.exe
5992	MicrosoftEdgeUpdate.exe
2980	MicrosoftEdgeUpdate.exe
5220	MicrosoftEdgeUpdate.exe
980	MicrosoftEdgeUpdate.exe
2260	MicrosoftEdge_X64_122.0.2365.80.exe
5316	setup.exe
5292	setup.exe
2668	MicrosoftEdgeUpdate.exe
5520	winzip28-bing.exe
4964	winzip28-bing.exe
1628	Setup.exe
1124	Setup.exe
6808	Setup.exe
7056	MicrosoftEdgeUpdate.exe
7092	MicrosoftEdgeUpdate.exe
6292	BGAUpdate.exe
2220	MicrosoftEdgeUpdate.exe
5496	MicrosoftEdgeUpdate.exe
4992	MicrosoftEdge_X64_122.0.2365.80.exe
632	setup.exe
6728	setup.exe
5604	setup.exe
7048	setup.exe
404	MicrosoftEdgeUpdate.exe
7088	elevation_service.exe
2788	setup.exe
468	setup.exe
7436	setup.exe
7724	setup.exe
7760	setup.exe
7832	setup.exe

Loads dropped DLL 48 IoCs

pid	Process
836	MicrosoftEdgeUpdate.exe
1064	MicrosoftEdgeUpdate.exe
4264	MicrosoftEdgeUpdate.exe
1928	MicrosoftEdgeUpdateComRegisterShell64.exe
4264	MicrosoftEdgeUpdate.exe
1496	MicrosoftEdgeUpdateComRegisterShell64.exe
4264	MicrosoftEdgeUpdate.exe
4036	MicrosoftEdgeUpdateComRegisterShell64.exe
4264	MicrosoftEdgeUpdate.exe
5992	MicrosoftEdgeUpdate.exe
2980	MicrosoftEdgeUpdate.exe
5220	MicrosoftEdgeUpdate.exe
5220	MicrosoftEdgeUpdate.exe
2980	MicrosoftEdgeUpdate.exe
980	MicrosoftEdgeUpdate.exe
2668	MicrosoftEdgeUpdate.exe
1628	Setup.exe
1124	Setup.exe
1628	Setup.exe
1124	Setup.exe
1628	Setup.exe
1124	Setup.exe
1124	Setup.exe
1124	Setup.exe
1124	Setup.exe
1628	Setup.exe
1628	Setup.exe
6808	Setup.exe
6808	Setup.exe
6808	Setup.exe
6808	Setup.exe
6808	Setup.exe
7056	MicrosoftEdgeUpdate.exe
7092	MicrosoftEdgeUpdate.exe
7092	MicrosoftEdgeUpdate.exe
7056	MicrosoftEdgeUpdate.exe
6808	Setup.exe
1628	Setup.exe
1628	Setup.exe
1628	Setup.exe
1628	Setup.exe
1628	Setup.exe
1628	Setup.exe
1124	Setup.exe
2220	MicrosoftEdgeUpdate.exe
5496	MicrosoftEdgeUpdate.exe
5496	MicrosoftEdgeUpdate.exe
404	MicrosoftEdgeUpdate.exe

Registers COM server for autorun 1 TTPs 49 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.80\\notification_helper.exe"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.80\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.80\\PdfPreview\\PdfPreviewHandler.dll"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.80\\EBWebView\\x64\\EmbeddedBrowserWebView.dll"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.80\\BHO\\ie_to_edge_bho_64.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.80\\notification_click_helper.exe"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.80\\notification_click_helper.exe\""	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=8EDECDD0544E482699D36AD368BBDFBF"	BGAUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe

Checks system information in the registry 2 TTPs 20 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5	BGAUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE	BGAUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content	BGAUpdate.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk	setup.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData	BGAUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE	BGAUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE	BGAUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies	BGAUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5	BGAUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft	BGAUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache	BGAUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Locales\tt.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.80\VisualElements\SmallLogoDev.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\mojo_core.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\show_third_party_software_licenses.bat	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\msedgewebview2.exe.sig	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\onramp.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Trust Protection Lists\Sigma\Analytics	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Locales\ko.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Locales\nn.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\122.0.2365.80\MicrosoftEdge_X64_122.0.2365.80.exe	MicrosoftEdgeUpdate.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\msedge_proxy.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.80\Locales\nl.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Locales\sr-Cyrl-BA.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\delegatedWebFeatures.sccd	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\WidevineCdm\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Locales\nn.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Locales\sr-Latn-RS.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\BHO\ie_to_edge_stub.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEDC7.tmp\msedgeupdateres_as.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Locales\ca.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.80\Trust Protection Lists\Mu\Fingerprinting	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Locales\gd.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\msedge_pwa_launcher.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Locales\sl.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.80\identity_proxy\resources.pri	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Locales\el.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Locales\qu.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\identity_helper.exe.manifest	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEDC7.tmp\NOTICE.TXT	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Locales\he.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\identity_proxy\beta.identity_helper.exe.manifest	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Locales\ur.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEDC7.tmp\msedgeupdateres_sr-Latn-RS.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Locales\az.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Locales\de.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.80\Locales\en-GB.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\VisualElements\SmallLogo.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Trust Protection Lists\Mu\Analytics	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\identity_proxy\win10\identity_helper.Sparse.Canary.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Notifications\SoftLandingAssetLight.gif	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\VisualElements\SmallLogoCanary.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\vk_swiftshader.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Locales\fi.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Locales\fil.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Notifications\SoftLandingAssetLight.gif	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Locales\it.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\d0f82d62-9f31-4785-a248-c485783edd00.tmp	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\dxcompiler.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Trust Protection Lists\Mu\TransparentAdvertisers	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{462079E6-C3EE-4AB7-A5C1-F430DB0ECE45}\EDGEMITMP_41DFA.tmp\setup.exe	MicrosoftEdge_X64_122.0.2365.80.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.80\Locales\de.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\msedgewebview2.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUEDC7.tmp\msedgeupdateres_pt-PT.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.80\Trust Protection Lists\Sigma\Staging	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.80\Locales\fr-CA.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Trust Protection Lists\Mu\TransparentAdvertisers	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Locales\sk.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\VisualElements\LogoCanary.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Locales\ar.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Trust Protection Lists\Mu\Entities	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Locales\it.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\vulkan-1.dll	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1820	532	WerFault.exe	177

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 25 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.80\\BHO"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\122.0.2365.80\\BHO"	setup.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\RegFiles0000 = 43003a005c00500072006f006700720061006d002000460069006c00650073002000280078003800360029005c004d006900630072006f0073006f00660074005c0045006400670065005c004100700070006c00690063006100740069006f006e005c00390032002e0030002e003900300032002e00360037005c006d00730065006400670065005f0065006c0066002e0064006c006c0000000000	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\Sequence = "1"	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\RegFilesHash = faea51532a8242f242f97952ada97336bd6ed29777ee6f0f030a2569865e943c	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	BGAUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	BGAUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	BGAUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\msedgeupdate.dll,-3000"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\ApplicationCompany = "Microsoft Corporation"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}\ = "PSFactoryBuffer"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.webp\OpenWithProgids	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{983A8821-FE45-462A-919F-41A3B80645B2}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ = "Google Update Policy Status Class"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{983A8821-FE45-462A-919F-41A3B80645B2}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.xml\OpenWithProgids	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation\Enabled = "1"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.21\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ = "Interface {C9C2B807-7731-4F34-81B7-44FF7779522B}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\ = "IEToEdgeBHO Class"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeMHT	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.xhtml\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods\ = "10"	MicrosoftEdgeUpdate.exe

NTFS ADS 6 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 918059.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\e5ba620\winzip28-bing.exe\:SmartScreen:$DATA	winzip28-bing.exe
File created	C:\Users\Admin\AppData\Local\Temp\e5ba62f\winzip28-bing.exe\:SmartScreen:$DATA	winzip28-bing.exe
File created	C:\Users\Admin\AppData\Local\Temp\e5bd2ae\winzip28-bing.exe\:SmartScreen:$DATA	winzip28-bing.exe
File created	C:\Users\Admin\AppData\Local\Temp\e5df7e0\winzip28-bing.exe\:SmartScreen:$DATA	winzip28-bing.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 889306.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
5784	msedge.exe
5784	msedge.exe
4780	identity_helper.exe
4780	identity_helper.exe
1200	msedge.exe
1200	msedge.exe
5176	msedge.exe
5176	msedge.exe
5980	msedge.exe
5980	msedge.exe
5980	msedge.exe
5980	msedge.exe
5992	msedge.exe
5992	msedge.exe
836	MicrosoftEdgeUpdate.exe
836	MicrosoftEdgeUpdate.exe
836	MicrosoftEdgeUpdate.exe
836	MicrosoftEdgeUpdate.exe
836	MicrosoftEdgeUpdate.exe
836	MicrosoftEdgeUpdate.exe
544	msedge.exe
544	msedge.exe
1628	Setup.exe
1628	Setup.exe
1628	Setup.exe
1628	Setup.exe
1124	Setup.exe
1124	Setup.exe
1124	Setup.exe
1124	Setup.exe
6808	Setup.exe
6808	Setup.exe
6808	Setup.exe
6808	Setup.exe
7056	MicrosoftEdgeUpdate.exe
7056	MicrosoftEdgeUpdate.exe
7056	MicrosoftEdgeUpdate.exe
7056	MicrosoftEdgeUpdate.exe
1628	Setup.exe
1628	Setup.exe
1628	Setup.exe
1628	Setup.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1056	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeDebugPrivilege	4536	firefox.exe
Token: SeDebugPrivilege	4536	firefox.exe
Token: SeDebugPrivilege	836	MicrosoftEdgeUpdate.exe
Token: SeManageVolumePrivilege	2404	svchost.exe
Token: SeDebugPrivilege	836	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	7056	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	5672	taskmgr.exe
Token: SeSystemProfilePrivilege	5672	taskmgr.exe
Token: SeCreateGlobalPrivilege	5672	taskmgr.exe
Token: 33	5672	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5672	taskmgr.exe
Token: 33	632	setup.exe
Token: SeIncBasePriorityPrivilege	632	setup.exe
Token: SeDebugPrivilege	1056	taskmgr.exe
Token: SeSystemProfilePrivilege	1056	taskmgr.exe
Token: SeCreateGlobalPrivilege	1056	taskmgr.exe
Token: SeDebugPrivilege	5496	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	7784	sdiagnhost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4536	firefox.exe
4536	firefox.exe
4536	firefox.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5784	msedge.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
4536	firefox.exe
3732	OpenWith.exe
4720	winzip28-bing.exe
2356	winzip28-bing.exe
5416	MicrosoftEdgeWebview2Setup.exe
836	MicrosoftEdgeUpdate.exe
1064	MicrosoftEdgeUpdate.exe
4264	MicrosoftEdgeUpdate.exe
5992	MicrosoftEdgeUpdate.exe
2980	MicrosoftEdgeUpdate.exe
5592	AcroRd32.exe
5592	AcroRd32.exe
5592	AcroRd32.exe
5592	AcroRd32.exe
5592	AcroRd32.exe
5520	winzip28-bing.exe
4964	winzip28-bing.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 4536	5112	firefox.exe	105
PID 5112 wrote to memory of 4536	5112	firefox.exe	105
PID 5112 wrote to memory of 4536	5112	firefox.exe	105
PID 5112 wrote to memory of 4536	5112	firefox.exe	105
PID 5112 wrote to memory of 4536	5112	firefox.exe	105
PID 5112 wrote to memory of 4536	5112	firefox.exe	105
PID 5112 wrote to memory of 4536	5112	firefox.exe	105
PID 5112 wrote to memory of 4536	5112	firefox.exe	105
PID 5112 wrote to memory of 4536	5112	firefox.exe	105
PID 5112 wrote to memory of 4536	5112	firefox.exe	105
PID 5112 wrote to memory of 4536	5112	firefox.exe	105
PID 4536 wrote to memory of 4540	4536	firefox.exe	106
PID 4536 wrote to memory of 4540	4536	firefox.exe	106
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 3000	4536	firefox.exe	107
PID 4536 wrote to memory of 4428	4536	firefox.exe	108
PID 4536 wrote to memory of 4428	4536	firefox.exe	108
PID 4536 wrote to memory of 4428	4536	firefox.exe	108

System policy modification 1 TTPs 4 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1"	setup.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\ZOD-master\42.zip
1⤵
PID:1584

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2480

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4536.0.1211291053\1880643702" -parentBuildID 20221007134813 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee7e26c5-7718-4efe-b94d-e20554428ca9} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" 2008 208f7aecb58 gpu
    3⤵
    PID:4540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4536.1.122448918\66492134" -parentBuildID 20221007134813 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33965736-8ebb-4f5f-acec-21b5bcd969f9} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" 2408 208eaee2e58 socket
    3⤵
    - Checks processor information in registry
    PID:3000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4536.2.849582695\823945672" -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 3180 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9b230fe-6194-4bea-b078-64309f7cefa0} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" 3364 208fb8a6358 tab
    3⤵
    PID:4428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4536.3.1735553530\1788492606" -childID 2 -isForBrowser -prefsHandle 3568 -prefMapHandle 3564 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {197fa4fd-1da8-45fd-bad8-44ed153005d3} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" 3580 208f9eaee58 tab
    3⤵
    PID:3532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4536.4.1512637977\965716832" -childID 3 -isForBrowser -prefsHandle 4492 -prefMapHandle 4488 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f0b0c4c-bd94-4f5c-9a82-88dc2a541a3f} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" 1708 208fd49fb58 tab
    3⤵
    PID:4236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4536.5.1231562033\1959388394" -childID 4 -isForBrowser -prefsHandle 5100 -prefMapHandle 5124 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9adb108-250a-4e17-b7bb-e95bf03b84c2} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" 5108 208fdb7f758 tab
    3⤵
    PID:5172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4536.6.1551453430\730617475" -childID 5 -isForBrowser -prefsHandle 5276 -prefMapHandle 5280 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {860e2f7a-b254-482d-ab3c-5244e8c570b1} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" 5136 208fdb80658 tab
    3⤵
    PID:5180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4536.7.1990863849\1488034394" -childID 6 -isForBrowser -prefsHandle 5448 -prefMapHandle 5452 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60ee0e6f-292e-491c-a39d-856a1da4e0ef} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" 5440 208fdb80958 tab
    3⤵
    PID:5188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4536.8.241929634\239974375" -childID 7 -isForBrowser -prefsHandle 5976 -prefMapHandle 5972 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e670c33-db38-4dc6-b070-babbed7d55b9} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" 5980 208f785e258 tab
    3⤵
    PID:6080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4536.9.812802400\634341430" -childID 8 -isForBrowser -prefsHandle 2904 -prefMapHandle 5472 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c3bbc14-e4ab-4266-8492-40ddc44a8790} 4536 "\\.\pipe\gecko-crash-server-pipe.4536" 1664 208ff2e5258 tab
    3⤵
    PID:5660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc13b046f8,0x7ffc13b04708,0x7ffc13b04718
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4576 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1768 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6784 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6620 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1436 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7360 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5992
- C:\Users\Admin\Downloads\winzip28-bing.exe
  "C:\Users\Admin\Downloads\winzip28-bing.exe"
  2⤵
  - Executes dropped EXE
  - NTFS ADS
  PID:6124
- - C:\Users\Admin\AppData\Local\Temp\e5ba620\winzip28-bing.exe
    run=1 shortcut="C:\Users\Admin\Downloads\winzip28-bing.exe"
    3⤵
    - Executes dropped EXE
    PID:2784
- C:\Users\Admin\Downloads\winzip28-bing.exe
  "C:\Users\Admin\Downloads\winzip28-bing.exe"
  2⤵
  - Executes dropped EXE
  - NTFS ADS
  PID:3508
- - C:\Users\Admin\AppData\Local\Temp\e5ba62f\winzip28-bing.exe
    run=1 shortcut="C:\Users\Admin\Downloads\winzip28-bing.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:532
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 2088
      4⤵
      Program crash
      PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8492 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8208 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8876 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8276 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8832 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8916 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9264 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9604 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9780 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9760 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:544
- C:\Users\Admin\Downloads\Setup.exe
  "C:\Users\Admin\Downloads\Setup.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://pcapp.store/installing.php?guid=1821D3B4-FC3C-403B-AC71-765075A19C10X&winver=19041&version=fa.1087r&nocache=20240314120237.992&_fcid=1710417729921644
    3⤵
    PID:6388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc13b046f8,0x7ffc13b04708,0x7ffc13b04718
      4⤵
      PID:6372
- C:\Users\Admin\Downloads\Setup.exe
  "C:\Users\Admin\Downloads\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1124
- C:\Users\Admin\Downloads\Setup.exe
  "C:\Users\Admin\Downloads\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:6808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1
  2⤵
  PID:6436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:7096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10216 /prefetch:1
  2⤵
  PID:7128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1
  2⤵
  PID:6500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11140 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8756 /prefetch:1
  2⤵
  PID:6956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10312 /prefetch:1
  2⤵
  PID:6764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8724 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11156 /prefetch:1
  2⤵
  PID:6828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10960 /prefetch:1
  2⤵
  PID:4348
- C:\Windows\system32\msdt.exe
  -modal "786522" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDF4F1F.tmp" -ep "NetworkDiagnosticsWeb"
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9424 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10800 /prefetch:1
  2⤵
  PID:8116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10824 /prefetch:1
  2⤵
  PID:6624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11032 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9468 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11460 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11628 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11668 /prefetch:1
  2⤵
  PID:6296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10780 /prefetch:1
  2⤵
  PID:6616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11672 /prefetch:1
  2⤵
  PID:7440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11636 /prefetch:1
  2⤵
  PID:6456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12244 /prefetch:1
  2⤵
  PID:7448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12384 /prefetch:1
  2⤵
  PID:7456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12500 /prefetch:1
  2⤵
  PID:7464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12600 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12868 /prefetch:1
  2⤵
  PID:7476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12756 /prefetch:1
  2⤵
  PID:7480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13528 /prefetch:1
  2⤵
  PID:7140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12508 /prefetch:1
  2⤵
  PID:6292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13332 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13988 /prefetch:1
  2⤵
  PID:7088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14192 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9134575016281774701,13967682328690699142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14220 /prefetch:1
  2⤵
  PID:6392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5468

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 532 -ip 532
1⤵
PID:8

C:\Users\Admin\Downloads\winzip28-bing.exe
"C:\Users\Admin\Downloads\winzip28-bing.exe"
1⤵
- Executes dropped EXE
- NTFS ADS
- Suspicious use of SetWindowsHookEx
PID:4720
- C:\Users\Admin\AppData\Local\Temp\e5bd2ae\winzip28-bing.exe
  run=1 shortcut="C:\Users\Admin\Downloads\winzip28-bing.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2356
- - C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /install
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious use of SetWindowsHookEx
    PID:5416
  - - C:\Program Files (x86)\Microsoft\Temp\EUEDC7.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EUEDC7.tmp\MicrosoftEdgeUpdate.exe" /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Sets file execution options in registry
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:836
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:1064
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:4264
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:1928
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:1496
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:4036
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTczOTNBNEUtOUNCQy00NEI0LUE3NDYtNjUwQUE2NDNDOEE1fSIgdXNlcmlkPSJ7QjgwQjYyOUYtMTlBMC00NjQ0LUEzODYtOTM2RDJERkREOUY5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins3QTcyMTlBMy0yQTM2LTRGMEYtOEQzNi1BRTlCRTQ3MTZDOEZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODUuMTciIG5leHR2ZXJzaW9uPSIxLjMuMTg1LjIxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NjE4NzYzNjczIiBpbnN0YWxsX3RpbWVfbXM9IjU5MyIvPjwvYXBwPjwvcmVxdWVzdD4
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        Suspicious use of SetWindowsHookEx
        
        PID:5992
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{E7393A4E-9CBC-44B4-A746-650AA643C8A5}"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2980

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
PID:5220
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTczOTNBNEUtOUNCQy00NEI0LUE3NDYtNjUwQUE2NDNDOEE1fSIgdXNlcmlkPSJ7QjgwQjYyOUYtMTlBMC00NjQ0LUEzODYtOTM2RDJERkREOUY5fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QUQ1RkEwMzUtN0YzMy00RkMxLTg4NTAtN0QzMDdCOTM3NEFCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMTYiIGluc3RhbGxkYXRldGltZT0iMTcwODk1NzQwNSIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzUzNDU4NzQ5NzYyNDE4MCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE2OTE1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NjI0MDM0MjExIi8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:980
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A54282AF-0F00-40CE-AFF4-84E0566F60D9}\MicrosoftEdge_X64_122.0.2365.80.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A54282AF-0F00-40CE-AFF4-84E0566F60D9}\MicrosoftEdge_X64_122.0.2365.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:2260
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A54282AF-0F00-40CE-AFF4-84E0566F60D9}\EDGEMITMP_B4AB1.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A54282AF-0F00-40CE-AFF4-84E0566F60D9}\EDGEMITMP_B4AB1.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A54282AF-0F00-40CE-AFF4-84E0566F60D9}\MicrosoftEdge_X64_122.0.2365.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:5316
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A54282AF-0F00-40CE-AFF4-84E0566F60D9}\EDGEMITMP_B4AB1.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A54282AF-0F00-40CE-AFF4-84E0566F60D9}\EDGEMITMP_B4AB1.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A54282AF-0F00-40CE-AFF4-84E0566F60D9}\EDGEMITMP_B4AB1.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.80 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff70e1869a8,0x7ff70e1869b4,0x7ff70e1869c0
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:5292
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTczOTNBNEUtOUNCQy00NEI0LUE3NDYtNjUwQUE2NDNDOEE1fSIgdXNlcmlkPSJ7QjgwQjYyOUYtMTlBMC00NjQ0LUEzODYtOTM2RDJERkREOUY5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBRkM1MUMwNi0zMDFELTQxMUMtQjk3MC1CRTU5MjYzNDMyNkZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyMi4wLjIzNjUuODAiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc2NDA0Mzk2MDEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NjQwNTk1MzYxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzk4NDkxMjU0NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNWQyYzdkYmYtMmZhNC00ZmM2LTg2M2EtMmFjNGY5NzM2M2Q2P1AxPTE3MTEwMjIyNTQmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9ZEE1RHJqODgycSUyYktLN2ExbFBQS0FLMVFyb0olMmJWdEd3cTcwM1UlMmZBSEdMU0xiMEtEb2FpV3pQQXRJc3VZeU8lMmZnaXI1WVZlejRoaDE2MXFHR2RVMDVyUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MTcwNzk2MCIgdG90YWw9IjE3MTcwNzk2MCIgZG93bmxvYWRfdGltZV9tcz0iMzIzNTQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3OTg0OTEyNTQ1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzk5ODg3NDM3NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iODQ0MTg4MjY3OCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjEwMDAiIGRvd25sb2FkX3RpbWVfbXM9IjM0NDAwIiBkb3dubG9hZGVkPSIxNzE3MDc5NjAiIHRvdGFsPSIxNzE3MDc5NjAiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQ0MjcwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:2668

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3416

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2404

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5592
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:2268
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C8F9B7A2B2831D235E89215C046BCE86 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5088
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=AE0652929DB41F2D9646890A5E82BB84 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=AE0652929DB41F2D9646890A5E82BB84 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:5944
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4895E1CEE34DB561FB2D19C4CB91792E --mojo-platform-channel-handle=2184 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1688
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8D03721F865DA8C72E65109002D8826E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8D03721F865DA8C72E65109002D8826E --renderer-client-id=5 --mojo-platform-channel-handle=2416 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4508
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1E247AC755E94A2258C3E641549082E5 --mojo-platform-channel-handle=1960 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:392
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=74F5A6BDB87C34B986B97B35BCA38B01 --mojo-platform-channel-handle=2676 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5068

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\66d55490b1604830b6535beb129e9781 /t 3248 /p 2356
1⤵
PID:4812

C:\Users\Admin\Downloads\winzip28-bing.exe
"C:\Users\Admin\Downloads\winzip28-bing.exe"
1⤵
- Executes dropped EXE
- NTFS ADS
- Suspicious use of SetWindowsHookEx
PID:5520
- C:\Users\Admin\AppData\Local\Temp\e5df7e0\winzip28-bing.exe
  run=1 shortcut="C:\Users\Admin\Downloads\winzip28-bing.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4964

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:7056

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:7092
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9C1A44E7-79BB-4E63-9DEC-24D4EF4C0631}\BGAUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9C1A44E7-79BB-4E63-9DEC-24D4EF4C0631}\BGAUpdate.exe" --edgeupdate-client --system-level
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  PID:6292
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODczOEM5NUUtNkY3Ri00RTAyLThFQUUtRkI5NTZGQzUxODFEfSIgdXNlcmlkPSJ7QjgwQjYyOUYtMTlBMC00NjQ0LUEzODYtOTM2RDJERkREOUY5fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InswQTkyRjg2Mi0xNzM0LTQyRTUtOTQ4Ny05QjhBNTQwNDY2NUF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1c1NlZhL24vR0kvbVRySHdZN1k2ZHB5TU43Rm5tRjZOZjZSZ2RGSG80Mjg9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezFGQUI4Q0ZFLTk4NjAtNDE1Qy1BNkNBLUFBN0QxMjAyMTk0MH0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjIuMC4wLjMxIiBsYW5nPSIiIGJyYW5kPSJFVUZJIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA2MTYzNTM4MDUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDYxNjM1MzgwNSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDg2Njk2NzcwMyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzU5MTY1OGFjLTljMGYtNDY3Ni1iZTZkLTcyYjhlMWM5NjQ3Nz9QMT0xNzExMDIyNTUxJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVpGVTljR09mZUQ2eHVteXkyTGFrMyUyYnA5dzJoNFM5cXF4aGN1WlpoYTJaTnBjVUhXTlhyemZ5aWJSbUxGaW1DS09EbUQlMmJCbWJ2NDZsY2lvODYzYnp6USUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIxIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA4NjY5ODk4MTkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzU5MTY1OGFjLTljMGYtNDY3Ni1iZTZkLTcyYjhlMWM5NjQ3Nz9QMT0xNzExMDIyNTUxJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVpGVTljR09mZUQ2eHVteXkyTGFrMyUyYnA5dzJoNFM5cXF4aGN1WlpoYTJaTnBjVUhXTlhyemZ5aWJSbUxGaW1DS09EbUQlMmJCbWJ2NDZsY2lvODYzYnp6USUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE4MDQ5NTY4IiB0b3RhbD0iMTgwNDk1NjgiIGRvd25sb2FkX3RpbWVfbXM9IjI0NzQ1Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA4NjcwMDk2MjIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDg3MjkyNjAxNSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwODg4NTEzMzc2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNDQwIiBkb3dubG9hZF90aW1lX21zPSIyNTA0NCIgZG93bmxvYWRlZD0iMTgwNDk1NjgiIHRvdGFsPSIxODA0OTU2OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMTU1NCIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:2220

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5672

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4d4 0x504
1⤵
PID:6440

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5496
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{462079E6-C3EE-4AB7-A5C1-F430DB0ECE45}\MicrosoftEdge_X64_122.0.2365.80.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{462079E6-C3EE-4AB7-A5C1-F430DB0ECE45}\MicrosoftEdge_X64_122.0.2365.80.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4992
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{462079E6-C3EE-4AB7-A5C1-F430DB0ECE45}\EDGEMITMP_41DFA.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{462079E6-C3EE-4AB7-A5C1-F430DB0ECE45}\EDGEMITMP_41DFA.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{462079E6-C3EE-4AB7-A5C1-F430DB0ECE45}\MicrosoftEdge_X64_122.0.2365.80.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
    3⤵
    - Modifies Installed Components in the registry
    - Executes dropped EXE
    - Registers COM server for autorun
    - Installs/modifies Browser Helper Object
    - Drops file in Program Files directory
    - Modifies Internet Explorer settings
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - System policy modification
    PID:632
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{462079E6-C3EE-4AB7-A5C1-F430DB0ECE45}\EDGEMITMP_41DFA.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{462079E6-C3EE-4AB7-A5C1-F430DB0ECE45}\EDGEMITMP_41DFA.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{462079E6-C3EE-4AB7-A5C1-F430DB0ECE45}\EDGEMITMP_41DFA.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.80 --initial-client-data=0x230,0x234,0x238,0x20c,0x23c,0x7ff6f2e769a8,0x7ff6f2e769b4,0x7ff6f2e769c0
      4⤵
      Executes dropped EXE
      PID:6728
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{462079E6-C3EE-4AB7-A5C1-F430DB0ECE45}\EDGEMITMP_41DFA.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{462079E6-C3EE-4AB7-A5C1-F430DB0ECE45}\EDGEMITMP_41DFA.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      PID:5604
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{462079E6-C3EE-4AB7-A5C1-F430DB0ECE45}\EDGEMITMP_41DFA.tmp\setup.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{462079E6-C3EE-4AB7-A5C1-F430DB0ECE45}\EDGEMITMP_41DFA.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{462079E6-C3EE-4AB7-A5C1-F430DB0ECE45}\EDGEMITMP_41DFA.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.80 --initial-client-data=0x230,0x234,0x238,0x20c,0x23c,0x7ff6f2e769a8,0x7ff6f2e769b4,0x7ff6f2e769c0
        5⤵
        Executes dropped EXE
        
        PID:7048
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzU0MENGRjktQzU5Mi00OTlFLTlFMzgtNDZGQkRGMjlDNERDfSIgdXNlcmlkPSJ7QjgwQjYyOUYtMTlBMC00NjQ0LUEzODYtOTM2RDJERkREOUY5fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InszRDYwMTcxOC0yNkZDLTQyQzQtQUY5Qi04MjI2MzNBRTIxMEV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1c1NlZhL24vR0kvbVRySHdZN1k2ZHB5TU43Rm5tRjZOZjZSZ2RGSG80Mjg9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODUuMjEiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iUHJvZHVjdHNUb1JlZ2lzdGVyPSU3QjFGQUI4Q0ZFLTk4NjAtNDE1Qy1BNkNBLUFBN0QxMjAyMTk0MCU3RCIgaW5zdGFsbGFnZT0iMTYiIGNvaG9ydD0icnJmQDAuOTgiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iMTciIHJkPSI2MjY1IiBwaW5nX2ZyZXNobmVzcz0iezZGRjVCMzMyLUYzQ0MtNEM4OS1BQzEyLTk5Qjk4M0M5OURCNX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjciIG5leHR2ZXJzaW9uPSIxMjIuMC4yMzY1LjgwIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjE2IiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTQ4OTEzNTg0MDQ4MTcwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTQ3MTg3NzkxOCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTQ3MTk1Nzc5NSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTUwMzM5ODAyOSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTUxODE4MTA2MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE4NzYyNzM1MTciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI1NDQwIiBkb3dubG9hZGVkPSIxNzE3MDc5NjAiIHRvdGFsPSIxNzE3MDc5NjAiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIyIiBpbnN0YWxsX3RpbWVfbXM9IjM1ODA3Ii8-PHBpbmcgYWN0aXZlPSIxIiBhPSIxNyIgcj0iMTciIGFkPSI2MjY1IiByZD0iNjI2NSIgcGluZ19mcmVzaG5lc3M9IntCMEIyMENENC0wNkJELTRDOUEtOTgwRC02OTE5OTAxOEZBQkF9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyMi4wLjIzNjUuODAiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZT0iNjI3OSIgY29ob3J0PSJycmZAMC4zNyI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0iezQzQkFGOENFLTRCMTItNEU3OS04QTUyLUYwQkJBNTJEQkMzRH0iLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:404

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1056

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:7784
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:7964

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\690a835c8c664a27acb1d2728df7daf7 /t 1884 /p 4964
1⤵
PID:1628

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:7088
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Installer\setup.exe" --rename-msedge-exe --system-level --verbose-logging --msedge --channel=stable
  2⤵
  - Executes dropped EXE
  PID:2788
- - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.80 --initial-client-data=0x230,0x234,0x238,0x20c,0x23c,0x7ff77ae169a8,0x7ff77ae169b4,0x7ff77ae169c0
    3⤵
    - Executes dropped EXE
    PID:468
- - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Installer\setup.exe" --msedge --channel=stable --delete-old-versions --system-level --verbose-logging
    3⤵
    - Executes dropped EXE
    - Modifies data under HKEY_USERS
    PID:7436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.80 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x7ff77ae169a8,0x7ff77ae169b4,0x7ff77ae169c0
      4⤵
      Executes dropped EXE
      PID:7760
- - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
    3⤵
    - Executes dropped EXE
    PID:7724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.80\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.80 --initial-client-data=0x230,0x234,0x238,0x20c,0x23c,0x7ff77ae169a8,0x7ff77ae169b4,0x7ff77ae169c0
      4⤵
      Executes dropped EXE
      PID:7832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Installer\setup.exe

Filesize
3.5MB

MD5
65853181c5e63da18da9e0be33909c0c

SHA1
fcdad63a7bbc709baa34b311ef12f9d1e5b587cd

SHA256
5fda479717ae5a4ed9d9029a4577eaa33ddf862cd66ff2ae0ee8eed713b70e31

SHA512
fa748a797802729cfb634cdd493d101b9a9339bcfe8f4b51ecd373214bf0e6debe53fa0b4fae80ce09c150abd1003512fc4eef02e54364044c80e1d89421775d

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.31\BGAUpdate.exe

Filesize
17.2MB

MD5
7df4e0689b32a3afdebed380ca0a5780

SHA1
46c7f858178b6220193b946a06d1a7046a0fa69c

SHA256
f6dca492da5a2d05b4ac5147757090e4933179e9a877696d3b934492fd4ec18e

SHA512
278fba0cd937eee4228b5f4298e21874a7d6dcaa656446f94946330cb1e7769af9d835ccb54d165c6d5043d65073fc2127b100e8145f813eb69e1590bda90627

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\122.0.2365.80\MicrosoftEdge_X64_122.0.2365.80.exe

Filesize
101.2MB

MD5
07f9573eef0b5aa970150d57d66cc7e9

SHA1
28be83d5c6c46ed58a6fce3814dd132044905b95

SHA256
b43e9c2473ca3437f1edb7e55fb106a3d5a0e1fa56dbc1c85f285d9b4d1e8f7f

SHA512
1f780f61385181a74f0813423a17082abd4e87a3fc61610c1c607b206259e551b113f230aabecf3de7afabee9818b758d24cda3643f0ca12e3b1d552dd61ae80

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{462079E6-C3EE-4AB7-A5C1-F430DB0ECE45}\EDGEMITMP_41DFA.tmp\SETUP.EX_

Filesize
2.8MB

MD5
99d19629b0c8009ddada506662d4f1d4

SHA1
b8c401fd5497417eecf080ca6a81b59b832bec50

SHA256
b709498c3d5ea24931bc5faef2bbae5812ec5d6e41e6603eca4598c7228aa98d

SHA512
4f31cf2eb811c8c82dc84c9ed2d854b35699183029e71144219bceb428a20bcf577d6b14d1df7ce5aeb68fa5b925255addc6af525f881518c14599966590bddc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUEDC7.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUEDC7.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
182KB

MD5
433681ca511d96f96479ac2cca102522

SHA1
321b86c79779e3685b022012a4ccae8b5f3aae19

SHA256
da5f97895efb9698657ea213e6d0cab53ffe6bee32933ca2341406faf64dfcbc

SHA512
7b90a0c624f9500a6aaf39c9244818d128cabc898f5e1e8a28f7a67fafb603b6906610834e172d2762703660dae2cc541d51a5b7478644faa5b6b820b6724188

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUEDC7.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
31f9e08922765ba2913632f758bc7423

SHA1
b36b4bf74d6d4b6c8c0e38d9c6b65ec7da2fa9e7

SHA256
c2988c13f66ce033fef65f3af20a00faf555047e710dc6c282c124c848c1eb88

SHA512
13808d6b3cf8f8e645bd421eb3916b12cfcef46ab5f0ce1a0cbda91c4be374d03504ec09d1a5916ff2944cc24135cd46dc5be3e6c72fb599b30a58cf8aad7c57

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUEDC7.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
215KB

MD5
23a351591308d49bfe2625d302820715

SHA1
4787ceafc8492b09f85a1c8abb7e5d0c07f52e96

SHA256
7610b2c0bf22563e850e185864d9244eee94c853e6595cd18ac59b6d603af651

SHA512
cb266826f6ca3de75968dffebd2a3b480fd3348fa1c0b972851f1008540285cf93158555448446fb8b83f1fbff726221e05a3a18b11da0518ad65283d8eb8247

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUEDC7.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
261KB

MD5
f5e9477194d0d7c18a7c3529a10f917c

SHA1
17b0f78f7c56a89ddcf2232242de8f13f0cdba18

SHA256
f5c45634efa29acb9dbd1f16880737797171630c3f81fe23aea26f4dfb094323

SHA512
227d890734313d4dbaed48501e6c4cd1f3d1bef403bbab1f65084ead6a32779381bd9d71eab03ca6eed332a7866030eb1fa01fcd1c28a8d7899705dde33446da

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUEDC7.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUEDC7.tmp\msedgeupdate.dll

Filesize
2.1MB

MD5
9cb2b82fbdde7133369f0d8618dba139

SHA1
4ac0771b6da4c435ed9ab270e4b87f5720fda0de

SHA256
0aa838b27da61c7bd94e073b35cb5cf1cf0762d74ccc0214d052f7327d52ae06

SHA512
002ffd9938e309693e2b4ffa3e2d3add2046f133e0f219cb5e8f898f55003815f326c98f529fddef9f7653a9a81e3ebb543f8ca034e786b25ae960c3cb2c730f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUEDC7.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
b02f36aca674edfd030906d8aa7d3e11

SHA1
638981c1e6713e1c2ce2f551bf7326a1d48ae3c7

SHA256
962a6ed3be729a924512528f6170fcec6a86bcdc37f89faf8df3e31fb2c9bf21

SHA512
2b5c087c5a1a12e87b6b3ad621b9d5e0380f0a962a727bd261ab1b0ed0a40aa9d7c2500648469758889df598b86e343cb2a3f2d034d07250243a7d1e99dbdfb5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUEDC7.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
9a1b664570e9631e6cedf8c2d662421f

SHA1
d9efd018975d111a08e35fa92b1d8955dc31eb5f

SHA256
52d1f080f3c41c4579603c3cca47b6667472d6b4ed787a3dd7d345ed8b3ac747

SHA512
69d4b33cecc3280ba369dbdf60fae92481e8965d6640a1424ac4d72a2355f3d0c367469f638ea6296c1e508fc906f94a2987eddf9cff3ca13659113cd4c178ef

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUEDC7.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
ff770d70c8ba319bd01ca708e2644572

SHA1
6b8c84053f4ae62afdc7002cb3f2e849800dcbb9

SHA256
db673f6e96287e8827ffdea3ae880aebb5f1b2bc5d45bf26be6513629ed12f1b

SHA512
8bdd358dcff62a0e3927202e7bcb85d374a2cc351e940707ed4d2638f4f40b3666c7741345f6c0bcfa75b9b3204c1a821dbb44458fdda95a05b0b6a253890cd1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUEDC7.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
009dce4ff4b372178c28397fce96a59f

SHA1
92277110bc332fe7863beb2ddd4e09fbc55bf81c

SHA256
d333edca46076709ce749e5c55efc888e49120e27c63ffecdf3e78222ea155e5

SHA512
4661f3262e7f002916530cb2c9c70d2de5297ba634ad451d4fb39870a26d1a829082995737b5c0b0911c32a20720862dd753330aeb30e993a882fb4fbb110c43

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUEDC7.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
ef2bdeeade769996349c0a0f4a7c5872

SHA1
8d3944bebeca2cc674b0459c637e125df0621967

SHA256
6d23e6e87ce3e847ed059781bf895c846e5e34e66083f92089cf08b403432a55

SHA512
260d001693a36c7a5db55739d1781bc41b7c76a182d6761229af2723ec223b426b4b4b568544bcd1c97b2415821f2a9514a49c5483f9038438349f7dc31993b8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUEDC7.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
90afa78198ebd61bb588145b28f6ae28

SHA1
56e954a7a9d086a30c49b3fadb39108ed41008fd

SHA256
900f4de13607028d1e4442d361e7e0b80670c9601cde0a634a12119b13ad1fb1

SHA512
d3d5a80e06f1cdf976cff20ac840eed31034e7e7eb37ce10d58bd7a99c2a3a6db711358e32d77e8248e8f7029aee2b87b37a8ae600810c4b454ee3c08ab723e1

Download Submit
C:\Program Files\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
288073a6fc82c445e60a1e3eb3ef211a

SHA1
b6c3b96b7c724ee9e06d6fe011cf05decbb88b3e

SHA256
df03be5867f88d828be44ba8fe4b3a20044147dd929e2215424f7b93f53327bc

SHA512
7ed45192a6481641af88daef265a5d6ba60f6ccef738c86a618d9e93a8aead589cc4a79e0e82fb24163c76ff51451eca610118bb6d2b74c321a766bf3889e1f8

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
106KB

MD5
8f16c1752623be1471d96d651aa72b11

SHA1
01c649e378e3e8a06c7ece1d11023fd57e219e6f

SHA256
92a6a1d64c40eb96398f0e7b8a786ad3ad813b202e40e9bd41f93c2ed0c25679

SHA512
00e85cf18621ba25e8b01de7f6be72772e7ce7dbd44d38805f5d84efd00c488a65cfaf3efeae6265ff3c2dd323e9f56569241684c9f6c7bf0299080006bedf90

Download Submit
C:\ProgramData\UniqueId\data

Filesize
294B

MD5
14b02bca2491b8a9ff65331ea1106d2e

SHA1
4b20c790e26a5f95699ae68b75530cda09c4a166

SHA256
31cd5cc0bed0911a1d6a88c3cb593f820296bf01ae866a9da549f9aa05ecaf75

SHA512
a7c966d5629f8a360bd06ce2bd262a2495da24880c96c995397c17554d0785395612523fb108c12d19538e9ebf3a8f4e3238f6118ec1eb1e1a8ff24217f25fd2

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024031412.000\NetworkDiagnostics.debugreport.xml

Filesize
69KB

MD5
bc304a9a5a318a5c6708edadeae65053

SHA1
752b60dba6204d0b196669d079ff36c5ac006dcd

SHA256
060cee0bf563d71d89163ea40a2f6a54df3dfa30aa47232de5978eed68a635cb

SHA512
95a8fdcfc01e20f03a3fb7541740767b46fb2654a42130156c97598021b82cfa1de2657beab907d236b8859727bbc6ac69c714e3d2b04e376fa585c177b50839

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024031412.000\ResultReport.xml

Filesize
36KB

MD5
0ada75971965b4b318444f366bcd35ed

SHA1
51cf037b02594c71de3af446df2f2d9f0be72b9b

SHA256
0d1dc7f53598595e594d8a73570d3166439c47e4a60abcd439286e5deee58c8b

SHA512
84704f0abe76d78251fa55d13633377a6e99d384a6e253812becc7821d39811b120b35a7e4769838e6b51ea9b0f03bc7de35dff552b277a2fbdc0cf9673a40db

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024031412.000\results.xsl

Filesize
47KB

MD5
310e1da2344ba6ca96666fb639840ea9

SHA1
e8694edf9ee68782aa1de05470b884cc1a0e1ded

SHA256
67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

SHA512
62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
32KB

MD5
97036f291cd93f105818adb5662e048e

SHA1
e2a875356a7c875628a390d06ff83ce9947cfc0c

SHA256
fb7e8cf09e4d38d74bcb267da3b066688274c217ed4348e8923fba6f3ea1ae34

SHA512
1eb4f2fff2d3427b5c6d2b4ef695266a4f66ec836ea7c1d2c1adb564b82d9aa31a57cfb0333c27d10b092122abbf6d5089c81f8853e89fae6c4f07a3a8a35266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.1MB

MD5
e211d6f9c73674cf3acd9381f2583e64

SHA1
906822d2ff32de7a218342784a6eca9277324096

SHA256
3ddda4dac80d8779a3ce8697cc8132b717bcaf58417936c68a24c5f4b34baa60

SHA512
f4cc5d4b277f489ba93cc3b9f926d567da229f5ca3cf1d0b722f33c031e01fada39052f35de592b6eb655efb223abd769d2108f31150358277339d0b02ac4e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

Filesize
62KB

MD5
98a8a5d471fe111c573e93bf61d14b6c

SHA1
75a0d1a33fdb53af8ff78560e6a716fdc37b539d

SHA256
a3e0a65923306d126ffe4f9ca8b2288dbad7a02e8b8efb8c3a4ef8351889f9b7

SHA512
100cfaa619b5136ec83ac82c9a2333216716581ea7bbd934a964fa03fb9d92e695eeeb8e6425a3cc86348b654e15050aa1faccab7189fc4ce7e66bc9bf488c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007f

Filesize
19KB

MD5
17638a050e2d849a50bff892bbab78df

SHA1
bb37f6dc9198a28ebb2f6f9fd2bf4d81ed2b807b

SHA256
53004a91c39704dcaea8f54724c730695a0d43bfba2da764caa44e6da1aa2eab

SHA512
179615aeb045f21fc297a52bad9e9abf4aeb132b7cd89843d5c37b7eef90786358f5202ea95cf28db7fdb7064bf56aa7d8a27b1315e24cac1a743ceb36b06dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009b

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010a

Filesize
136KB

MD5
9174e0bf41ae55e427f491139b73d70a

SHA1
0d7446e86cc72bc514d282bb8f0a730ade0c4f39

SHA256
378e3bb7735e8f3cbece7db82211689b1333bae0348bcac42a893bf43b020749

SHA512
447b3c754ab99e54ad37ae993ae36ffe40b62908985cbd96d3fe1d049073fcc07182dccf87464a6a06d615e9d8b0772fc59e198485acb9e746093cfce6cc59ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000127

Filesize
73KB

MD5
34fec28548be2619a3c5371cad2da1fc

SHA1
e4c246ec1f4e5848759e78bae65e32d9554cafe4

SHA256
221c5ce3713f6e26d01feddfb04245a55776a793cfde7c4649f455d73fc72494

SHA512
ec1b2f57f5aa9aaf555150abfa9af5fc2df599631f8b5beff5a48a3e78a59df9290fbe1d9221bef1ee8abead15735dd294bf7e85fda4e461faf19b727a571498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000128

Filesize
25KB

MD5
bd277d6710263cbd9eed572248cb83b2

SHA1
2ee01929f87f04b766f04a9dc2e19860139f3a90

SHA256
8b96c5f204df1979e7452832ba595b20ee698b5ef9d334cb2342f6ca9a354f04

SHA512
cc79e88e39f54f7497600716db9d30e073edd4350fec8e4d58d427f8c194bc9532a108ac27d88e1bebbca0780a3fb02294d35a3b5acc8383344eacbafcaafc3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000130

Filesize
16KB

MD5
89a574ff00e6b0ec61d995d059ce6e65

SHA1
aea09e96808ab77165ffa712eaa58b8f056d0bb6

SHA256
e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

SHA512
30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00013a

Filesize
30KB

MD5
6fb26b39d8dcf2f09ef8aebb8a5ffe23

SHA1
578cac24c947a6d24bc05a6aa305756dd70e9ac3

SHA256
774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059

SHA512
c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00013b

Filesize
62KB

MD5
47953bcd62e93772ee22d834d1438f17

SHA1
5d1dd3b5dcb3e1fd32d552eaf0e583ef02f2acd2

SHA256
f17878d7c848d8cdc3652e58692f7636a9d19a48e94030d64009dfd66b0e8425

SHA512
5590afbb8a596d3b4f329458f05c5be230048a1e65aa9559aa18ba5e46a14362788e61e728dbe0ecf9fea6caae8b455dd6e29cb50b497f85eafd0f89c5b5910c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00013c

Filesize
31KB

MD5
e22be493da1dc48a98d8d6f0178cd1f6

SHA1
8c9b7faba91939dd36b502417d1a9eb35714314d

SHA256
ac73feacde76fe096b76b0e319ffd553366a25e73b326c4bfd0d565e0babc845

SHA512
b471700ab86108c321ede5c805bf043be8b13fd1e7073ab072a99f45a417eec3b627501a5d996eb0665303397f99b59c4270993c54e613e7d9438c74ca494257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00013d

Filesize
64KB

MD5
65e8dfe03ac61fdc7c7f3f01b00d0742

SHA1
3872bb65274c78164455175ab6376a5731fed235

SHA256
c906ed6025ca3050962802dc227fed22cd0150ebb3d942f7c7549330020c74a2

SHA512
5827c08359eaff7c0aaa9fe33525e9e56926c2acb7dd9f7612e515d5b4dafed609d8d5f6d73edca029a25b092aa5349deadf7b9ed6407a370d5463ef7c03205d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00013f

Filesize
33KB

MD5
c15d33a9508923be839d315a999ab9c7

SHA1
d17f6e786a1464e13d4ec8e842f4eb121b103842

SHA256
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

SHA512
959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0

Filesize
42KB

MD5
0de55fe0782d1e87f1d952dffe3ef64d

SHA1
96b959008cb1352ef5cf1b6a417b8eb293f58500

SHA256
3b60ca7ae4c6adde660179e241f18966aed5f385e2d5833a673d252cd9b3e313

SHA512
a5fc99f0d37939d0a0b956258e997f20bff0707a2b57a4325cbbcfe7886a8b281efcae4ed40d692bb137248fbcb867faa3b5d35e6c818f1ebc1ea0f43b477c4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
6743340d883d4cda0e00ded497ec30ef

SHA1
713513748d22e60c69aeb334b12581d1c160c62f

SHA256
a71a4e5b593d9dbfd0bbdd56762aaa39edbc8988c08546959a5175dd66c1f81d

SHA512
460c1d8bc851e835316e02d1180fde46a27af3b043e0ded2cab34b1dd58e92399c1cd24a45de5e93c7287fe0f344f078c91e259dee4c846c9d897b8a0fd28108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\066f2f7a94eec918_0

Filesize
110KB

MD5
6cd25e3a9a504776012bdf2bbaa9d924

SHA1
eaf35c7ea5440f6cc3a8901dc5da9b8eb88b799a

SHA256
a13381569aa4b7cf6d19d1a68df3f2ea773f51cb2f89491b25e1c317606b642a

SHA512
b3ad8cbe2854f414da7497832e7bc79a619c57398952a6f17e17469764393bd42ff0843accfea139d35a96ba82d72581c6314916680d548f8112f8ee18552778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\083a56541eb9f2d9_0

Filesize
289KB

MD5
78e3d286d39962fb9b912f55a395a5cc

SHA1
c73a221ed5e1c9339a2dfc5f8abdd92157bb0bd5

SHA256
291891367f00f3e69297066a4ba9a75b6bda9cebcfdfd65c7dcbca91ee80aa1d

SHA512
d9873c1f7e5d2d475e9aa777650b9ac3d7542146ad96ed05f2cea32d049d111c1fe333cacf87b0cb20e35fcfca2395b361d90abd72bdf1b6128c50f1a6a36809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\096fae0c49b6663b_0

Filesize
4KB

MD5
0da85393baca9ab3e3fa3c3232becf73

SHA1
2da24417936605c5a3ff37fa8178b87916e77f6d

SHA256
3367b454a6c98c685db64e68b0d23f74dadc4f9f0828447fa874004c4f22a7aa

SHA512
112a1486c4133b2844c0a6c6df3c3f2cebe1ad168cada832cad571ec87c6ebbd96f115c656beabef6d4b53fe4e142385c6b21132144c795f387440326503f70b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
cb33be03a9a4562b3b55741fbf6b039c

SHA1
76878b4ebce3dd08d75558ff559641e06b6f7a36

SHA256
9501e6454a1f6e9ab77f4ab41728d76233098307a36a41f54b9b409591c7cb7a

SHA512
d38cfcdbba0496c2cc500275c159d6f1ea7a86f290eec8404559840ed606448129257ae5980a624b933f857aca0884d73f0e276a4d3a29eaf6fe613617bc3ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ef81746712c4422_0

Filesize
148KB

MD5
15d0c32a178c3b11e872f6f077da6fef

SHA1
611edf1d50a92eaf8d4c6be8a580791e4d7ec559

SHA256
8e1cb6a67f595324c2c14922cbda814ffbc27367268bcff6620d47b34db95d16

SHA512
bf3268dfd8179171d8ffdc8df262487ffc717b5529f1c3b5e9b561dd69afb338d376ec53ace8c4e8c76937125ad3526f3e73d96263d72af7ead0dd47efd1d663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\234e079021a876a0_0

Filesize
175KB

MD5
7e9233353544d512a1a823b639b91153

SHA1
b5667798c58e4f1e9558df971c0f958135452ad7

SHA256
e4ead236b9388515b68107d3a76a06d918d3d4994a8a6bb91fe237ff2726058d

SHA512
e2e74d1517b58b742dfc93e27cec97567021addfc77c108a15c9ad54831ac3d46f8a1091a3a009bedef0525a51b68608bf75469aa6e14f371e73ebe73276e30d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
3KB

MD5
160bc66c9ef5a9dee55af14112cb86c1

SHA1
f8a157e31f3e1520f614136f5d2562c95abec8a8

SHA256
e805cda349fc3a37835fba48ebaf366f747927353a7b591546cdc0939caebb9d

SHA512
5cab59e42f88d2aa63e21cc05244d84a65a71d99295a22ca712bdacc0b534f5445364223a142641653a74f011715c74ee036c469ebacd14045bc71af02752cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\268d330628d1af77_0

Filesize
262B

MD5
7321f723d5b90ea1ad322a58d18d0b4d

SHA1
ee48c8d5299ee817bf407d0ac8937f95e245795b

SHA256
ae314d1249b6affb1be78de9500e9a718f1798e0ccc268918b4b1c34fce33745

SHA512
fe379b13084d5e711ee9935b7bdfdf197d6b808513849c41354541d409d9ddd0a4fe21f00aa6ca6ba121e2848b6c616ef45763f256d4dcb7c0044bfde6bcaca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\28324e9db7b11193_0

Filesize
32KB

MD5
5b772d62d5bdd1137e00c6e71fdc492b

SHA1
98b067328b1c961f8eead63a26f7d988a225e52e

SHA256
b028fdd0347dd9f518ed5f5f5b2de24b13bf1e25328f3a6e7cef2f603571a53e

SHA512
5ae5d1b3e360d372a90fe171835b8994915317d827547498bf1e2cdbdc449d28e3ed87205666a6902966f5857385a0c5ea718f5ca0cb01c6ab173d11815f457c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2ce29dfb4fbfd6fd_0

Filesize
5KB

MD5
f35dee648a5af43d9eafb1e2760312d9

SHA1
ed4d69b8b024d594ff67bd69c61d60a6b18fb37f

SHA256
fe6358027088496c2b6382c7abc1a8d35e05352a596419c073f8f8ac96f16b0b

SHA512
782500a6688e92d221ca0f2c9618e545299cf73982bc1f97d8427e40c3e0b8ce27939d4707e07516b037e58d48cc81bc683e4606d02f1bd7c62b6dba884fbacb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\35fb661c62eb428f_0

Filesize
11KB

MD5
debcca68170320e9ea7cfd7b15c4e71f

SHA1
084c6838d9761b958c7accfe1dc451987287bbdd

SHA256
50056d55c8c499587a05f1746f9329f3585122827df028dfdebfd5e0543a3abe

SHA512
6147bccde6a4411e6e6926a3f94b9d41713c857cb2a462a576c40fe8f5aea904962b75acfafd72082ffb55d8d15c46aa2e2b66c625d1f5f79a8feda3ee095abc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
b658545f12758d53d64efb8cd851bc7d

SHA1
94bcba1f85e6be98688a130438ed0acc25324ef5

SHA256
61ef70eaa621b401a3ec7b0dae66501d91d63211b25fa9cfc87b1851afb69a26

SHA512
91cfcc2d4bd5c6200efdff02b79d81acb689d04c77ff4f0251f80291f48d6a766f750e73fd8e0e3bb631219b9e391c3cbc7285e61cf6dcb25dd47402401daf5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

Filesize
262B

MD5
6b1a48cc2cd352080e2823a050426282

SHA1
c1b540f929f14e78a65aa16b146285ef077e85cf

SHA256
f739f48e6b2baa9d8d2a746572c48b7fda2e64ddbff07b81f6c6a32bff90f8aa

SHA512
037b4b1cacf83ba0a1b002946dbb18f933c5cdaac863d9b634de408773e492b6d70175acbcf2f113bf8939e8a2d3ff61b16477d7157a1d398b247b2bbf566eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c693273baa0190b_0

Filesize
10KB

MD5
eda6c2f8ba50a369176e74411b988246

SHA1
93954693d77dd0f1c2d0b586a937d070e70ca639

SHA256
6a935ff6b7db48900957048798b36e9e419e92b10038f4f7389a13ea9a0faa2b

SHA512
3de64fe9bc800e7edfc72d0048b023dd518e3fb379aa85f18d8e59b1f9d732ba00f935ef4de7f0068b8837d059c537454029106b4ed814f1ce67c982b43e13f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e094f35545842a3_0

Filesize
4KB

MD5
3c5d9d895989380769b9edb6b0fa9c46

SHA1
76cf8f4fcf29fd571727cb3ca7d65608e8e23c1c

SHA256
61399b49c8966c2f89e897a37f628de0743c1e330e09e1bfa8f62ab41fd98762

SHA512
68bdf8154a0626f7f833c4bdc47bd3d9815d3fa90b8d70b9cdd45004e58a512085f15ce16065538a4be6a7ab172a72be70b4d44686b9aaa23b761c3c29668f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e6742505c79459c_0

Filesize
3KB

MD5
150016adf1b16726eb09003ec4d617ee

SHA1
3392d936a339794227ab23e1bce4f63d186772ea

SHA256
870236079ea9ec9425a96e3676cb29c7f92c6486c4f96cae9cba0b401b21fa7a

SHA512
98cbdec76290e6cac7bfd69c936592793694c120ac0f3d9ceb0524624ae385085f1bb519a0ab6484c7379a7b4410ceeb5afc9bdd6a797793cb2e69d64ffd35b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
3KB

MD5
16ee9efaf9e9e2b4e0dc0badcfca97b5

SHA1
e9755370f2ba1871a608f922b3ccafbc0e874a24

SHA256
7085534a07fae7aaae276b87ef4ea23dcf2fc7eedb69e7787dc82f735c111f6d

SHA512
e4f071a7590e5081471544dde482a6bcceb699255211cefa2776bd0458835c32452a528e220cca8d81cd2aac3147203c2c463d2fbf7675c04ec2d054f8c7eb1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5901cd6815f5b8c7_0

Filesize
19KB

MD5
19502c020b3961e659ceca4b59fc4cd0

SHA1
dcc849ee690a67e2fac591b6f0e6ddc7e718e36e

SHA256
80893a5d98a00b27fc20f3410a044b273aeb3e8c5f8e13c20ac4084f2ee1810a

SHA512
71fc8f87283eb4afdfd832d1f6d307d8c36d7b81dba2ada083f7ed3c9ffc930843f535b3c8cb5461275f7cf4f2988ce45cfc8cd5970e4926326ba46f2b37f05b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5ebae3eea1f01edc_0

Filesize
2KB

MD5
d23a1f8044de47a5f1fd393ee4dd7d2f

SHA1
07cc7cf1fbf010e0b2d027b07cc3601aed453cae

SHA256
78c20180e7d594888d7a9e1b65e10325d963114e56cbfde6761fac8159781e77

SHA512
8f9725a1267eb88f3e164f93c2c9e5df3c49ee07fd9176c2a31cf0983684cdf4c8347f1b8704b813c34d83ff0868d087b22839b248455c7f98b9c45d3d0c1d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63c6995fb9eb98a2_0

Filesize
2KB

MD5
6be00f68e03f28e2e1491b9673ef2f4d

SHA1
2d77f931c1df9152728e61217e9139128ca71e6c

SHA256
977131d1e8a54274e5a80ac2ef1e50777ccef69d9a7a97e92767feccc46c1d47

SHA512
a78a9ae93cef54ea205727b02e5ca824eda3c67f478d5c74ed790a09b5db9c1044d44d97e40e6f26acfbed25e5e0b5bf5ef0d329fcc8319f3e008d9ec3d73d51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

Filesize
13KB

MD5
f6756ebf3eb5cd4043c691b10373dace

SHA1
6ecc06f1cfec0148cac56939258beccc8590fd67

SHA256
516d77d1ffc802c2d7b212dd555a55c88edbaabfb8a4f19d24130eb39150671c

SHA512
1ce43e6f88f41a807accfd84000a27ad81d5aeac9da2c1664c827f957ea7c277d2bf630c3cdccef4f775d36beee60943b09181d2bd031a095bcac56b7e8ba744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
9436eea3cf91ef4db5e35ff4517299b2

SHA1
13d7611b4482e3142ee0382b7dd0eddce55f975a

SHA256
62a3a724a71ba2bb5d13d9bad38754af6d90fa5a2e2f71802d5ee517eec7ac48

SHA512
cbfe8b846f79631c25d8a5f060fea9a8a0dd0a1371596b59cd50c01b4c0f1e963d3c8b8207af178c19b7384c6ade6cf80bb141a9b700b800afaae02639688d60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d77fe8fe13223e4_0

Filesize
307KB

MD5
881e8489c1bfe729d510604b9ac1bceb

SHA1
496cf813d5f39cd9b068803b9e3a54a9e70a6297

SHA256
1e15faa084cc770b59489ac1a9ad41cbd70a7b8162d4551dd021158e9ea72144

SHA512
3f30e4b40eeb1e6e25bfa3795c919a58e9dfcb550d324a3bfeab126864e50ac8dc21ae2ebe5252129b1fba382594211d9fe89ebe12e6c52dab13ded3e3c77e82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\733a2ebc15407e86_0

Filesize
22KB

MD5
de0b4699ba29e3017d78be45b887179a

SHA1
afd491c0784f5ce1972c09c857edfcc563c4c4c1

SHA256
400b56e54e81674f98731ad15a1d6a6306323ad1e2ed1da3b2c96d66cfd539ac

SHA512
a2b976df02ceb6ad639de00f947741fb610ed3a44322e96560be97914c5507f9b61cb5fa2bbe406de8a0b55276a1b98fa17185e8d84ac7c4873ffe987d5c6ff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
2KB

MD5
4d8e4187bbb7ab1d13ae378337c06926

SHA1
e7526f49f2b049f187bf6452b21bb4f2f914b5c5

SHA256
293a1a373a59e5b6d610c80ef65846583d5420efec5ad1ea5d6b382d23800e2a

SHA512
cc9795ba3a1fcfdab06d49675dfce10d53e797f8ea3bd26c4a1feb11622b2a4b377b989929674eaebda3ce0f7e3b322bb5db8b3fb051439fbec232cef76d298e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\794417c96d8ffeee_0

Filesize
5KB

MD5
4dc3d442a89a3ac2354e77de46325dac

SHA1
29d4b35ae309389cc2026f91b9fcb504850ef573

SHA256
206cdc306434581c1cdbb24f02ce2b73a226bef2e4abd13db17adfeefedc3b06

SHA512
9779078c19a5309808ac30bbe1a09972182ccfb7ad49998ce233f467ca17b93dab9fe0629b35e7d0567ceb044870e7a8d9287632a48a9eae6c8f145dd273ff45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

Filesize
12KB

MD5
ce9deb9db0df6588f7fb7de00778eae8

SHA1
ab3251d496c17f5e9afd19ea62e0612b42168415

SHA256
2715a62cd590e0469aa568610f0949066c46339b447bc789d8a40af3567e7226

SHA512
985681a4e07bd92e6388b71fedcb15f79596c6034138cd7285419efa609a1283dbac4da95c3bc016f5b126334b18b61d21567f6ee98521165506e9e63d6e281b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8998db662a5f28b9_0

Filesize
26KB

MD5
890eaf940992e074504deb93b9e2a1b4

SHA1
ae6673f325c181db26beaa757e1e70a0c617e0b2

SHA256
bbf8baf936f2dffee979cce3ce023e8826e5e53cf3d5ec5470681546421bd7b2

SHA512
1f65906a9bcf861c91044d1b60fd2858e5d2291d8dee8f8e96d21adddb40892337153c9c537a7ac9cbfa24ea936a26522f38b1b7bb80883b77dc1490617bdfff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
2KB

MD5
8f128f31ce57dc87ba83f4dd469a3716

SHA1
662f86cd539d9abe18610b898973b0af9f0536a8

SHA256
504e26d555b7bd44f155b858bbcbb2b211ad0cbb3008fe4b6a39f6c12c4e89d2

SHA512
4cef2108c05faec6b67d8a50d8f716b18814bff851ef4aa32c03c072be681e1691c96476ca4f995c687490f26ef6478512d427169353a99a8848ed13533f3d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

Filesize
21KB

MD5
f0c734b4a2e405d7371dc0914a1123e3

SHA1
e90e8800d40c778d7a4571bb0056752bfb7a53ed

SHA256
c3cbcb3a20390e4d3002a5d2281c6e25cc17b17b71931b5ded91b0630eb8a4c8

SHA512
4349f04892590cb40476b1318dd70de3658b7ab5a46d6bd4057ace7ede0bd718e6263aa37be9404b0bb972f8ee76c072006b31b680d60afd621dbfbd55650494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9eb49b832d016644_0

Filesize
262B

MD5
cef5926fc2dab5650ea51ed6abbc33b3

SHA1
87e82a992a70297a4f18ea9430a8328e6d551e60

SHA256
a496dee78d62c0fd3a9dee950a1ac39b503204bc827953e41607e471a74aec2e

SHA512
35082d208d8e1940e8c2461cd3ee81ae8c0439ea10bdbf1dd8ec9543da15781bff9a07c7b3df887b3a7094280f2e53f573dffd1753e7ad4ca8c9f9cdf9963f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

Filesize
47KB

MD5
f958b56e4935a4fe5c3bfa30fda856e0

SHA1
d8fd470e747278b500dd364e7db52d24e0444461

SHA256
927700d8bf85acef8ded70369d8b49281e7a793511a86e89a9ed604dd0a3cb65

SHA512
696db756804c8f379ca81156f1386e5be2efdf48dbf3815314e4ecee1a0edaa7d2eb1e0e4dfa06eded6db77163332c2ed3ea41edd1d3a136cf25e0792ef58158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a385cca6b2e89c1a_0

Filesize
950B

MD5
e217b9760b1ac68f821d837030379c98

SHA1
656b3eb58abea719fbefbff6b6926c028005ed41

SHA256
2987aa9376548e98c7d5cd89da2eff779e34dccd1de2976dd988dd077f1762a9

SHA512
4a29ebbc879c5ad21a6d1917161b536cb70a7682fedee4a7ca9c02978ae9fe2121a6f3611d30df8302b65e1a64e4492ec819ee29afcbffb3742508dc2c4d35e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa20128e294763fb_0

Filesize
262B

MD5
08f3e8138c15f65f63eb9177ddd08c34

SHA1
7259e89656f0efe46ff5b266aca932a530b09e2a

SHA256
413c392bacbc5885263bb44cd4853dd50f67ea21322353cdc09b6132ee7da6af

SHA512
9cd067b86a11670f1af6a93b1b1927953e763a346f26e170dcda9dc61ff42706f9b168ae624ae99857913cb2da4cf013c92c1e3266e49b7e0a39deb9001f2578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\abb6378a9591e2f4_0

Filesize
433KB

MD5
0e53f8c145186c29d019e678c6b66ae1

SHA1
5928527cf898bd44d0b63d8f31eaa6e9581ab796

SHA256
fbbca3f490124cc8c403ffbe148d7782f931c5e891d8b0ceac3c5e522625d466

SHA512
795a9440cedc68f77ef3f92dc2c2ec80b475345ecb0ff582107a4aa3205742cb7128db228e6630c519733b7e824c91b604310c0c62e65c4f151a2d876fe717a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

Filesize
1KB

MD5
34e080dd8fd09cf4b62f053ef04694c7

SHA1
932ead6e063fd2488036670bc6af9160de3c74a1

SHA256
6c800b8aeef041c8c58bcff1a657a1f0cfa55e799be06e5423cdfeb6534c01cb

SHA512
716fd894910e2662d8c17d6d2a95d740cdc30a6269d6555beb89ac8b9f18027cd7bc31d8144c575b82c81a85fbbabbd31449e48d3bc3b08ec3ca3b3658e41b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af48edbd3578ee3b_0

Filesize
5KB

MD5
33b12b9a3e03e95c83027fb25fd849fe

SHA1
801ca58cb02a24c3a723975d9e3340d34d9933a4

SHA256
e2bb690bfce88c9e4c460e8fdea44ad026815f1ee25a993a6c9cd8e0a3721a86

SHA512
06ca61e72a02ae9678a17d0abb66c73e4288c4a06dd6d0712c3edfa3c280b0e4454fc92b014fcca8fcb1187e0ca666c0b81e6ef0540f5a2772a77d1ed6d0464c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c37dfb5671a046f1_0

Filesize
2KB

MD5
26d7fcd654cf2fd4d3146967ccbfd86d

SHA1
d49f1a7877957307a5bb0a7d98c2e5c214db8720

SHA256
3833dd2227e4671417e8574a0497dd8f5a72ecf28484bf21fb1df64be20d5d52

SHA512
dfd72db256eb06c0634672707e7f8ed4e071d1e7b5b16812b9b6283c3ae88ce8e33294744febf41ff943364b45bb4a48402b3b3354ac38c0a13cdaa0f5af6e7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c6e860d208c8f654_0

Filesize
13KB

MD5
ea813b2e4be9ce67136a9ff4024ac44b

SHA1
23429a8cb344841ecedbf1807bffd2cf252ea413

SHA256
a9bbfcff853f99e9f8a379a9a01eb913924ff5f63eb1707cbc066ef322412159

SHA512
4df7ca0b1ce8a9e984aa23d1a7cdaef2881581622ecba422a7c681df7b9c93dc20d8c67c703301f42daf57dbfedc6f43e7d5cd1349e8db1b36cd5cdea26e01c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cc2f0fedd3e9608a_0

Filesize
3KB

MD5
9e6e226a10b23d670a7e245c9ddd85aa

SHA1
db13859c4d4a9dfd3f2acb7f6de86fb670497813

SHA256
4c138cabb50cbc8d6fe883af8c94d6ba487d00b728d5d62811a5ca7dd4750745

SHA512
183df10caa9f6ce93beac28b1ecc973133195eec9e9dcf1fa80617bec6d49da99a07307fe2b06ec5a64237f7660a60fcf8f6133e978a407bc7d53b73301caaa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cca6dff0f171f457_0

Filesize
34KB

MD5
ad89d22a7f810b2a0a14f5b4823b5709

SHA1
33a386e9e6c6dc7c183d104878769d8c9b5fac7b

SHA256
b52a2c1ae1cdbd1bf3642a9748d0815409d050132b9815e15e1652dc11fc5e09

SHA512
c42a03126533079f78d3e91fd48566697fd4c2341cbf7223761982ceeb4c108b8539163fc6284949dfd8c930b80a0b80d45c69b2ea3f81addd363b5730cdc77d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

Filesize
262B

MD5
1e1348db905ab7b37c381dd6645e84f4

SHA1
fe82d1c3e7e74d3e094a63e206270dd3556730b4

SHA256
0ebf93e649e0196f13c737e4d417da09b492ef747678f17c5e324c2287a860ba

SHA512
6496bf197189a33d763b8ad4580029ec739565a9e3fdae11d49a4631943eb2c472a63786ce48bdee401d80d5b3bdcdee45ab657611a8020d44647808a4dea083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

Filesize
262B

MD5
8f9b463ae68908af9873664993aabbe7

SHA1
64c3140ffff8d1bf9a01c1952f9a4d70181e52f3

SHA256
eb1b8c4ec760e8bfea6a64565bac8c2db73a621d5e1eef25837ca1b3d0fd3778

SHA512
7fe5ed3b3ed38d9397268a6d8f6db39432ff5a157523702091285ad2e789d42eb4e61d554597a20a6563eb7c22d0900a8857857616e19424a0ccbfac74e62da9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d86829ee97a8a592_0

Filesize
7KB

MD5
aa2a755aceacfa4cdf48edbe66e4e144

SHA1
1b9b92aa0dcf9facee4b2ccf511e3b5cb9fa5135

SHA256
ee1fa6633a393bafd62d9baad35d9456d16ad53ea9418c2babb6ab164b4e8da5

SHA512
65d4e03a65c87d1afb7f790fcf725a72fa51474ec55f0bc9a25e1c30880403dc4987fb2d7c3e9e21d265b3a88cbf81ede26a90501c5e364b725c6a32c035a413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

Filesize
3KB

MD5
1feb98bfdbcaf48eaa479c414945f7be

SHA1
a55c02de187e4f801b151105029d1042c518a0d9

SHA256
7f7be6f5abf76b56f12a0803b9cecabc7c5444cc4eda224f77b31fa08809cda6

SHA512
6eefd179e2899692b00e27bb519143db672ad0cae03b68f0cdb4d8367ddf324bd99ffabfdb22704a4bdbb506f120b6c7682a8577337346c0578ec36d8593cac9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e02149d135769858_0

Filesize
3KB

MD5
394443b351730f60aa03bffa4daacf6a

SHA1
bb1c7b17c6961c489a11ce0d722aa355f90cf522

SHA256
e15ba67b8496bc97d3fe5ce7bddff583632ab1f2d507b7e2cff8c0083b2bf365

SHA512
a7424e198134c3bfb6ac087588e9781938082564d5f49644745e1ee5cd2d8d7585600e468235d8412a423594c3f04de92e1ac0546cc1cadb2e97115e2ad983e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e52ae3fb759a78f0_0

Filesize
262B

MD5
7fd2bc5b4b363e2d1c166688601a28d3

SHA1
0208cebd3c6d86d1356cad15fdb53bbebf1f7af6

SHA256
4371ea902d35f15521b24b60af1a12e0ffabfa92cde06437c0d2eca0f72be8f3

SHA512
4d6d43dd351b84372100c2cdfb696fdfb7e8f86b6f4fb3f6c4f02bb2a7f2a9713ec90c229da785d33d5e433409389bb5fdb19a070630162e98e03a740e3c30d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
0f101cfdb00bf51b733365d2d8888200

SHA1
0130f1689eca2c7b6ee1a03e6c3e5a81393d76c8

SHA256
c1f2f45fd3ce6c45fd0cb5e928a123c520d923d3b3b7c5700f310edf75b64a9f

SHA512
f3c95366f9e1fc3fab9bfb5865a8ffeb2c17d715b88bff3fbcb00f1b388923e16cc2509ea7450ffd6ec1408331863969d7a3bb63500a7c316c13492a37a6636a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eba480d51478bcc8_0

Filesize
8KB

MD5
cb2d5493039c708d7ec2b5c6ba0eb60a

SHA1
b8ad62d519512cdb01eaadf4e9598f642c6a3fc7

SHA256
96b856b1381c7362d012febec0113b8f9ad2c1932dc65aa5f7332122a254786b

SHA512
e9327f782c3e1abb4be4d3672b622db89e4b0fcbfb0efad97ed273bbf725a839bf29f84aa1190ea6ef6a755ae83ddbb0f7125138ba695e2ae8fca9bf060f342b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

Filesize
2KB

MD5
a8f6d7da0dbc46823003808f45467078

SHA1
865bff7db4c19625fb639b3df5180f2139ea62fc

SHA256
8ef4c8d189700af35dc2ae4cf0dc69713b9dd5ee4be152cb81f802c7b7b39dab

SHA512
ff8c3ffa96a67f6de7da079e6c8c72310a353c2545acbaf6e93e005f54983c52ae9d7e4df50bc251b972175f6e7de4b5c69ae3e1a03da6e9ecf861d6ab4c7a28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f5cc9838615956ec_0

Filesize
4.8MB

MD5
fb0752f439d36d5701b81f8a669e0e55

SHA1
f16bef6fea99df51df7f5f723677dfe5b4025eaf

SHA256
cafa1bd16134351968c4aab25329acf72d2045998cab233f1a68309062a92089

SHA512
071190aeade776d339b7228c9477a5c7fa332a68fbe0308659bebabe9dc14e80e435c8f7a61756ef63a02caefa28e02bf0e2a0b9140c1033a863c47b7c639058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
e4f16958cc85fb0c40527847e318589a

SHA1
7f923ff94249449a8520e07bc0b78311d402f5ad

SHA256
bc9d92ec1b869cf9afd458efeef4927188d82964d9abd34dd43fd97ed1b6f16b

SHA512
a576b688a33a388e3dc695ef202d252660e1b9b8c0bd5740565e7583810c9b56e345ef671d08e05af44caaf1f4f335c63c10c868d16bd6720ef17102b5931b00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
05492a371e59bc5664c153e05725b494

SHA1
119235ff514a83b73132f151100a4d8cec4003ad

SHA256
45b832fd83c79dfe5e703d844e050ea59fb2fc0f87fb50e729fe5347b106e919

SHA512
9dbc8e1056de219ee1c44eed5f82825e955de6b5d86cd8d729ecb4c39d64c721fc88fac9365e906f400e749edeba1f59905914326ae068f7afa35c48becaf1ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e2ad10b3604edb238ebe82a5eac4146a

SHA1
04c2133dbf4d9f36362160919b481bb9db17d1db

SHA256
e9ea6faaded302906d058404fec0ac2c4f8d82ed516f4786c5d6c17b851d2af9

SHA512
d76db5472e57f4448d4f6bb4dfbb79992d7d49b8eecad8544af4d71365ad8d37ce0bb039fb85b2caabbd6c5953161fbdfc7f3c56bb0956fe54010650e2adf16f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
e3a3cf578cebe6a6f40d0be35eacc162

SHA1
8229dea23e0344e712447282ed84d08e4ac642d0

SHA256
a746e2d5c2e2876caf791d975346b09c234d46dee079df2cd68072934dee1876

SHA512
fae1843cc6915d2a6f2431fe77e427fe91f4b0ee21bd762dd7c6ad83412c4db9500242b5bc6c27c2ff69ec3a10f1e1d31db21af8260af4a5c7513a3991177956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
45c429ce207043a7d69b0eb37e41a3aa

SHA1
e39091a86e8eef5e18ed5319e9926d2562c0db17

SHA256
4ca11516a373242be9a13ef926304d3b58c9c921d1d763ca1c9cb3811c3dfa58

SHA512
d8b3a4fa1ab76df00ea6b712d0d470198752b0dbf315146cf4a719a2a82308e77213d7a2c126101d62d75efb3a01e68cc778d5d754024f4f11716d5eb1d25854

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
06cc9535f141dfb5d14b615877a8fd94

SHA1
b34ec56da5cd375cb0c34e7f952ea64ec935f616

SHA256
f025fc71210b20577f1e54ea36bd0e4b696c86fa4459ba159562f3b5a9714632

SHA512
d4187abf3101f0d239179d6c7818b0dcb72b9d87a9a9e1b596ee3cab002a9e0a2a3c21f7ff4fb501302da888b5185cc708dfc1d8bbb1fbf14dd878bae5ec9db0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
f399f4350f527803b2a50d61500844d9

SHA1
6de29d738f7b2a30ae875856c2dedc38efdbdd07

SHA256
f53080dc6a6e3320307ec208ff2cee0c198b6dd3371b7d09e495812cd9012922

SHA512
92bdafb144c20fff31743af6860bfc93099445bc83f8be1a09867cddc1a48b00e1f4f106244b74468213cd3cda224bd462f1bf12e9e64fe87e6ef6320d94994a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
cd7719f984285943117c56758f64dd8a

SHA1
8e01c723a6598bfc1d17600477b59b7db3233625

SHA256
7c030f321aaaf23162d71c8868cd47a34b8aab7a64185958f9e982c8facb68a4

SHA512
600b185a82027357137c237f3e580a8fd6dbf5ae80af53578df46af655a3f4484adea2c37cee0d46cfcbaf74fa7975fe61568e0e160ae1a789c77a54095fcb6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c56d7a1a2ed52c3b9038ce720ce27bab

SHA1
312998d0176850517b1fd4ecb628ad9bbb793a97

SHA256
73021f21c96f488dbc5d772f0cf6eaa4e93dd276d168a04b88a34547378e2e62

SHA512
4eb4ddee474312d9e746f43fecb597db1586408ece4ce6c485b790b5dbafc4e39397470b763ba1caebd972589f826fef847c49a0dd74f7874fe7f48eb563b588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
30d7861f237e680aa9975c9683dcd82f

SHA1
ddee7dfcb722c84a6c081ac192277f495cb0c9fb

SHA256
6c10a90c13b760d2d301d03fcd15cb297cf3719824e2d70533fdf7ce1f5b2251

SHA512
acc9a93aed3db8b56b8a808955e0b2bd564412359aa17dbda3e50ec876d4ab00946b5fbda3fb6ece12d9bf8cb82398113e1b1968fa67ce74fa728e4b467e1de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.timesofisrael.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
afe4bed23838e2f681f780b9fe4dd9bc

SHA1
aacbf7baa4e717c12c9819d9a1ccec8bdefc4f6b

SHA256
50a3a67edad898042f796f663a51f64ce427f8b643c23dff57b8dd9d3d6a9057

SHA512
87d453d42bcc451d4f8c7887ce7eec18583b10079c23c984cfb370d258cffbe0c3cc62a4f1ac9496488874755315215631a67d3376c42f0bce0dd9de2e16b2a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
e420f0d3280f6be67d1fe3675b3c34c7

SHA1
968c8a758cf4f0d9a62feb8a4a1427329ef75601

SHA256
e4ca45589dd855939dd39051251d9436a1d428f5dc634f7a27127982bb7a0848

SHA512
42ffc1199815a3022b7cce6a4d74d0efcd9e7c646ccaf66ba934a8035585ee6ca895ec0bd4329a4455d41f534e70a6f91f27ae2e3306ed4bebb9f4c300e5c09a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4f87097d42eecf54ff35d976c764fb2e

SHA1
9ee5cf2642f6172e4025c5db041b7f75aacae3a2

SHA256
46b98b797657f7cc502b5765fbbea6c2db119768145f3f95e43471ca39eec68b

SHA512
7ac896c5d8cf6ea8b70c7544ee1c18d0ff3d11741cc9fe2f0aa23c1251834572f14eaab3dc8f6b2f5396f64f85126dc055da0652a169dfff17ba46a81ee34a08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
6bb63a04244d20f842bde1fa9f6af368

SHA1
7bfab3c6d4bce3f1de45ff2f52e8755d65031ed2

SHA256
b57c0fd79ea6951fa68d0c872e8f7925f6681e2561b7d8743641436fdd87a4c3

SHA512
621dced762cfa4acf31ab868888188e9ea93a4899074f296af8ea9f1acb5dc0892f86065387079c478dbbe735b305d6d49091420a77f1f0901a6cc19e3874d6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
25KB

MD5
bae08b525c7735b3f542ea0536f453e8

SHA1
5092b6809a2d0ca78124c6c3fd41ea77b6df0192

SHA256
c4c9ff694ed8f9e8feef0a9a500e9e11288c9fe20ee0a79b5595187d0fbeb39b

SHA512
0c2accd2f28d2248729f31aa522d1a8b917a14979755f854f47f00149ac92b1d842d1d9e2628814a6ef26de1b0235d450f05b763565e27651fecbdca38831023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
936B

MD5
ec5b36593c8447e273a66c9ecc994bf5

SHA1
0413e6891dd8829d23caaa9455542032f69bc7d8

SHA256
8d6fc7bcd2c9dde56318e3f292cf72452e1cd29b31e9250064ad9ac9e29a2ad9

SHA512
4cf5ccdf11a2b8735caf8afb0f90a3b25df0689fe90157fbfaf59a6a7fd607329996568e06af2c59d64c231a6e8b6bea33fd1587e00f11b0ca4fc90f84c06e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
fc8fad23f8ea75ec26d9847c98f8a552

SHA1
324ff556786325c9e9c2c6cc5a8ea80d18ce6398

SHA256
f9fc65fbc0eb989adbd9e2ef9c726e04f40be60242a6933d945a40975f0b2b51

SHA512
1c0c11397b16617ba0a2976e5845a306bac296995d349accc3c5248f6bcf4a90d65a213b7d7aa6dc3d8ad41dc897664e065a1cb1d260b309c091792dddc3c84c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
687fc5479537c7a9ec7bcd3919b38d53

SHA1
29a95ebed967ee81146839b4240d433e1d33e88d

SHA256
6ecb44f355c2467550161b13c64e0491c05c0647d3d2e86a7bf1612414e18808

SHA512
a43bea25b079717d4d62c6ed49c0836d278bbd45b7f9dd63c93575b07b8dff09932daccc2358d2759542f9672e087d815af8845eac119676d091bd7bac8396c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
49b1c7a5bd671e441f2ba80550cbf062

SHA1
0d28e1d5ec3e21c61b380cdb32993535a2374eca

SHA256
5111ac7ed3ea72c63788ebd171f1a2d09f1aa8749b53a8b53818614dd0067c13

SHA512
521ba3c2c9052bfb6cc444fe3625c0af4c99261fa64a74bc06597c7f213996a06b2db13f0bd28d1226f3e294446473c95ca320ae070bac987cff4684fc6c8f58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
bc7916956a42a44753d754718e69cfb4

SHA1
c6fd1785a4e12a81167e6158f36c3e5a62afc5d4

SHA256
8f5dd596db13c0fc6abd237af58eb8bac1f435fc86570febb450447274d4e7a6

SHA512
06a2c62d33f731851247dc8acc6eb8d96e127ba7405ebf6b5b153c111c17a7a439ad8023682be97809dae5440f8dab69aa6f14abe3540219de00a87d0a461576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a22c02e3dc6cb8a676acb0fea6675c98

SHA1
d5d32a0a9373d21d56d60de65923c5c8d50533c3

SHA256
6fd27d0605cfc7db30b46dea99243af333eb76ec0e2d9b70f979d0b5de9c974b

SHA512
659c232fdaeacb7ab70752a61834a0128fc4f3438d0fb35402e3de2b214c3833b9fbcd875f755dc18b7266216d4472f8cd97cf36efb3c23f59d4a081b60506f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b869fa90c2634893ed55284efc4ae8da

SHA1
ff2d8606a6b19cc659fd27dd60fb780a5d57f6f1

SHA256
287f0e78c1d1e144f6557a66de62dcc60549d32b909b83363fa1faf27202e888

SHA512
db0ad40089551ca055667328420ca5191d6a9afcf4fa7302e26ce071cabe516d17b724f0626e38ab7754be855213271f8f101f952b530de9192bf7a2ce721338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1f1e848c9c9dcaa5c73c6af24693f2f3

SHA1
46d93fc736e4cb26b40f00ccfafc97a7c57723b2

SHA256
e55e01d49996fefb72705c10eba48e6231f3153a788a0c7872475113022ad3f2

SHA512
6c467d4d1c67bc1b66d013c5830de1d8bd491679aa98268dbae46053ea76b7acb850627c89c42f28590c08cd1f955c8f75431a17dea171c8d970433dfc44ecf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
57fe3c4e7d6aafadeb1ab9438ded57fc

SHA1
5096eba84892386510d7b6eac39c7c26bca8b72b

SHA256
e699f470490efbbc52d661fb85536bab2a46fc2cfc0373961fd6306d3c17efe2

SHA512
92deb9b70bdc642a029595210e258aef1677efd5051954b19c21519df34b9b9e1e7df871672cce0ca9dc1f3227e430eda22b94fbfca2df0ef85e4d7098532924

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
5c7239db435ececf4e1b9d1d3c5a5b3b

SHA1
0e5a65795220cfd8547f75b4fc4c7789108087e6

SHA256
c6ae09444d16ab9ad6a34aa2ba51eb5cf8639c5d2781a94425744739b4924cf7

SHA512
6362f0d3434973ad8921d1f7953449255d2867aa5aa77bc6b07ccee97be6961c2ccc276c34d6f849f4b4c563bee85e520717b30967c215668417fb40a260750f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
785a0a2e52b17642303ab52d75dccec3

SHA1
dcfe1b20f0035533149a51014d88b733f449b602

SHA256
db53b6ebf26d082297a990a33103039e843214d05052a3b77bfa41c9ad023749

SHA512
5bdef106f7ac8227bb1b6267beddbafc15d37ff587aa0c56c7db22c1d6437a143a39d9dad4a408fbff7a2f640df475462498276f456fee80b36ec6d9ca539007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b0f2e0c15ec956e5df5d0c1430e49a20

SHA1
7ae6d3d1529dabc3f709cb4c75abc5f3d91fb563

SHA256
c39f163983d5258f444afed6ce28cbda7a0eaf230eafac4c16f7e0d4e117e363

SHA512
71ac54d96bfe80ac01c42a62a1142eee1877969be755324ecf7ae4aad17e556d686e974a3926a3afa4f5576d4204b2ec323cf629cecd2f0bb8642d2c2a90a4b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b49ff67cc379206e9471f175191c9160

SHA1
a4d3383c3c7d9fc61f7f7267d361814d9ee7201f

SHA256
23be3bd68db60a48bba7e789678e54b46a3930b1008d763a75953d8b741fe860

SHA512
56376170333aaa89f3f35d9467dd45ab0eb8611859ebb0b3f9543b81fa3b128ef093af80c214eb08b1fe56d39c9368b71b298ee4e6a454d464d1a5c9169eabe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f5d00a894bfbceec2fab8c322a679fdf

SHA1
719076a4673820141dd4b096dd2ea542bcb5c3e1

SHA256
74da0e1fbab25dcc1fb0ae6d56f90226a601039895688d023241f4780123d7b6

SHA512
94d6e5cfaa4195d2ae14865e7203f83aa15b042f56d021c01f98241be7a4f0ff9ca38bee9cdb259df8d6fe23c9e557269868fbb94ef52f6cd599b0e50d6de76a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
28KB

MD5
b604b1ed8dd9af605a81e3ad9f650177

SHA1
50b005a5b087c232e159c7981c56c8e4326be0a5

SHA256
bc30c5022e1de5ae72ed809f27ff2e99caa86af98e84ec9c962a2dc5fe25da56

SHA512
5e0fb45e4f5fbce910c00747706c9791de0caafcc451520b9af91b95357125c395e5dfbad320ca68d403ec61d230c7e85c5e9bf2704edc5ceb23c1d2e0834e79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
9abcebc25837753f7f9f092324705b39

SHA1
4c48657acda8c59cf77f375ef56a83724ae9e0f1

SHA256
bc2e98b35de2fecfce7dcd5124f526f8fa26a535bf1ce97fe9176bc74b8d7f2b

SHA512
04f7ad3a01debe93b27504bc05547f517f66f872da290c694a6b237349cddd46ab7732f7c94ff7532a9e5e1e548f179a20b944c9b9ec5976a74dbfcb6f128b92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bec82e318bddc469fdf0ba4e74ebbb2e

SHA1
2621e9769af0debbe8ae12e23f6fbd1228b5d6bf

SHA256
a6c547719365ff9a5d5ed98348718224e504dacbeafd50d8b4f54c616b652980

SHA512
072cf742987c7ba32e51b0bf1d0a420500c067876132a1bbdcfa50340756f6b4ef0a9ef6ea850eeadbdb8c6921868938ddbd4cc3377059ad113f529e68ed68cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
59ce2ad60ebc5bf09d4f60b3a64591c3

SHA1
0f631ccc7f0b95bc5e7016b97b86fd555f710bb0

SHA256
86060cca957c6b2915a2504cd64cd63ca3ac8d8e66b385e49101e321e6ca2bcf

SHA512
996862d2882972867af54aebdf28760147dc82158cccec9199df34a3e462c543bdd3eafff3fae75fd82c3d1db696492a9811cc7277be22f5021f5eb52f0e6239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
9113f58e60823b6e1679c3e73749ef00

SHA1
0e42c3377a07639a8d013d42ed1f480828ca3140

SHA256
71af1974fa5fb07a185d96e3a351b4227eaf67d94c211e3bb3443ed677db50a1

SHA512
9f3bee0844c07ac245eda8a3bd4dfacac3965e6e02eeabce87457553bcfce0a792166c4d14c04a2fefad6dc0811e434941b30b37414b33e860dc64729c036546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
01b2334db6f13c05d6315c631b908db3

SHA1
044c4105bec3aab55a0035e5684acf6e9472031b

SHA256
f0a4e86031506000ea405d3063fe854c73c88038f6b950b2b74add7a512ad0f9

SHA512
0e36090a0f131acce1139c0f5f9be02fac061e14b92a5444991b95b289f7c6ab017f0b08620be0c1cf01b6c914fc4e768469023147cdf972f594267f531f4ed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
89f6d6b80a58f2dd67778e9a93a5fe7e

SHA1
168b6f172acf00d503317928c47606e7225be46f

SHA256
6ecf912688e7055c05828a4d990c1b1f53a713fdf55575ed7d19c797c48e2ce7

SHA512
56479c118825302dbf34e5385e637294cd153dd209833fcc2176b9486968bbb80e7628878fabe6e31a301fa18e0b00c71fb5061912cd896627b610fc415fc026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3b69b35cf93f579747157420fdb6e69b33a13cb7\b55376e8-9058-46f7-9f13-8db1f6e05099\index-dir\the-real-index

Filesize
72B

MD5
af8cafe1753114301c133dbdf10e20d2

SHA1
1b874c0e718bd22ca093068231d8fe446a245985

SHA256
e649b8cc2cffce94806417219f7bab05b9b4b3b9c9da89ed9cf29ad2af497b44

SHA512
7d0a7f217b31d3a3b5dc66dba0f341ed7f676c511fb648bb8a1b9acbda526dfb8f11a922f1d3dfecb3e32eac11b082cfe2be9b884c7488cd52d3334b56db27fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3b69b35cf93f579747157420fdb6e69b33a13cb7\b55376e8-9058-46f7-9f13-8db1f6e05099\index-dir\the-real-index~RFe606dc2.TMP

Filesize
48B

MD5
55db1ab59d7edb3806b497e98513d7d5

SHA1
20e3e6cf318d1cee58b65d9386faeb19f7fb4146

SHA256
5c3d37033e6b166c9b8e1b98e0fc570550abf84cbf9e7a6acdb92c6553a144da

SHA512
ade387d858c7c01a325a13dcd1f2642d1c2588eeb741007ac40d7ed9f6c0c555e01126cae8a39bd0e8006e56d73eeef2cd425e50edeaa1a261a97a995b9fb8c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3b69b35cf93f579747157420fdb6e69b33a13cb7\index.txt

Filesize
131B

MD5
9d672d574a820194e452af334af322a5

SHA1
c6e2b1c5f035789b216a435e69c0a24a28fef88e

SHA256
fbf934656edad910e05f5eb2d8625cc459fde4b319e4d3a178c0a1b8a6b2b2fd

SHA512
03c52d0540424fd9a363516149ea7ebae0de732719e9e4752e5d4af9286be8373f170869378c486d4708e045734d08110d7b226e47fda31c45e74a4fa9d99d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3b69b35cf93f579747157420fdb6e69b33a13cb7\index.txt

Filesize
126B

MD5
277d7b195117b2490c0022428140b9b8

SHA1
f2cc278eee4f8b64cf0da7fa59dd7bb0df7eff51

SHA256
bb58dca81fc2655f64d46ab9225d78f8017eaca9f44af686a1a786442d2b0991

SHA512
266e132cb62210de1d08dbf30e10b9fcb13d4f3d14aec30707a79729f41b67948a0d410c66030463c4a0118e4a4fa404c25f90559a8f53ac0062975f9c4aba77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
192B

MD5
4938a9ee43b84a89d7be871731faf6e9

SHA1
ff9e03530faca604584beee2df9df07b69228a36

SHA256
c306998554a547a535cad24fcda4b7aa6312a3f5088e9dbd96394f7697bbbb11

SHA512
4411f4d04b7462866580b238418a46f862bdcb43ac78178639a106c4aff5cf3b5d74ecb9da5b9c1826e47d025ad243d5c8772ea89f7a5cb269410b39d881fff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
06f72bc89fab01bf3ee0aff88febb968

SHA1
f3f16989f25fb9f60cc0996d2af7194936b585e6

SHA256
8daf6aed22d7ac811f2ea37802d659e343425c6e6c953d968eb0b335ae165c93

SHA512
a5d15224186da846c852f3816257804c78b1aac47470ff94ce26108e76e93900a808982f7fdaddf5fca627fb72aa4c78cf13a9dbf6a9a2d137b97a7f533eee6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe606c4b.TMP

Filesize
48B

MD5
934d522d3d81258095aaba443034f83a

SHA1
3a22604042575f436cfaebe10a237dc0f12b93cd

SHA256
890e199d3892b8fe55c8aac3d44460a1e0028e72021ffa9a504cf966188f881b

SHA512
7ee1837548b1e34b77ce0b06c3eb0301618af742115ff00d3d70db25aa4554b16844a66b0d8fa37f7cc3fd03bf5182326f94673d3c2967e224f4e139e592dbfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
fa9e3c60e693acc16f52ff961ac505b7

SHA1
101d6a092c4b7104dbf108c612f158b6c54dc8f1

SHA256
318be94de17e995a0c838b69fd40c3409e525cffba38124fbcdc76f91f37f51c

SHA512
0f2a714fbbcac8578349ed4b9b2ac0553b6d5127c8a2ea14080620c500efa7c861555880233b0c43e24c72dfc03229e644ab4847c17a3651baa3d67778dc6e70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
09b1051f4217bd09961b321ade3e8a1e

SHA1
9c5dd04d40547ae0ef55cc213f23d48cb4f8d81a

SHA256
77ccef847f418dcc5800de2a147dd4fce844ac5ff5f9bdaaeb1f193098ba2784

SHA512
b3fab7e0003136626de338400b06077b269e5979d588c11c09c927267b4bf120843d5b710a63719bca8345b5c4aee9d10e8f941f3aecd7d54e06525b838f16af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
6a94883f3fd549145e9bf7a343942825

SHA1
87ec140a05194b7cf9533682b7969f94831f60f8

SHA256
99323d2ccd0bb7099497aa43341a779a0cae6cbd48cfc7a0abe41b00bc3c7e53

SHA512
9673740d21d0642bc7ce0d16be1eeed2edbd14fd3549bd944fda85c51ebf7480a036125cc06d48505f915c75e4323f7fe1d19f713700f13a985ae89b7a4ef5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
7f9b4d2261ce8eceb2f23c563b8085ff

SHA1
50d27eeaf9fcbecb08141bbf2317ff430d1ce747

SHA256
264de12e6657f39f5fc99f5ef5f427a513480a0890aac735dd30076551a674c7

SHA512
efebcd16e373081bcab20bacd9d9c48a45bd8e24f379e4809fe59bfb7455b8ba04a30187d6241d6a1ba34b2b3a5ea36d73c78e5090b1c2c7093212b6044d0878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c9421894e600e19922cecbd4bde9516a

SHA1
888dc33c22c8c56e14f33b1010174176bf35f2da

SHA256
1946828197bddf812d262b2f462d8957c7cf4e90909364efa6bcd160bd846d7a

SHA512
1cd8cb1ff6371f4b9ed774866a4935cb50d4f99f2f520ff72e55b05045f78ee46d18d8b9b5e6be904fa3366d7124c2017544180274a77fb64c5dfb8c5e8bb4f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7edf06e0f9760398193b52170350279f

SHA1
532e4dca6ed9a11e58274b8b28b9464d384108b8

SHA256
2cd67f4433088c71d9e5021afb76cb0246d2bc5f9edab6e8245c1c7dff9f3cef

SHA512
05e29020e50e3cde4b257fc833a16a83f7ca80f8cf75040733e60a3f2842be7f66cbfac5bdb2f8b942387fbe3c0a590685e945339799081c62a017cac1dfdd1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
387a78257db1871b5d0a0cb9c62d6c65

SHA1
b34400a9760d61e2414d2eaa13e9902a46878995

SHA256
e5e3a0495cfdab0908890949cbc7103eb5dc2c1b5a58ae181aa0e9b3242a8eb8

SHA512
375570f750a4eff69bc5ba0683899c2a23e43c562a2fb4735c1b1030658fbd00f4b6157666618189203c88f449c892f9f966b5b459ccc7cd6156ec2237255dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c95a66992a35351fa3b0cceaf8b3d627

SHA1
c898b83baabae944f68019b2ca707c9287dba098

SHA256
96f2b872d2b6e89a1a243dc8db97fcae39fbcb313571c493ad07c040892edef6

SHA512
e3fb25f5d6f454d4b4e59161e49c93f3a79613436b6ac800f7d6e4f5cf404987296e2863134e5b75b077ea7f14ffa77ddeb284ebeb40d253fde4e2b6398ad753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
dbfdbaaaf5171f004b80a5399dc1d675

SHA1
f7fec3a991c96efa4ee7f607ce7deed0d6f876d3

SHA256
d2fb2dde4634869dc66088e64f56902cd5e3e9c8e6f4ba5546a57b816cb1a03e

SHA512
cf53173b3d77507069ec1b5f3ba8649963be8102c69b9fac3ac5d1734d9af3c721e561079edde1b4145a0d3966212ff251d224469743ab9855a00ed954853b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
f45f2531d7cf91d30e5d609ded93e5f4

SHA1
73e41ed8ce4a86c18ce996a8061237624ccf4fa9

SHA256
8900ebeeca8f0eb76d4805ec35ecbd562fba004596cc3076737a5fd820dbc128

SHA512
67ae24454e830d0deaf3467a57fa5dd04a7c04d2d5e704800d8b88113ec24c406f70a8b1b88c562203370286753b8a777e66225f94f5ce71742289cc44669a41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
08a773927fd9b4192c6443599431c01b

SHA1
3d5babbd1948e60605e26c51652a9d7be0a4e6f4

SHA256
cee9785f915115b14dee850a6e8b6d57a6a6b93c04bcb47a4c6ad23e0ea2830d

SHA512
f4a77482529815ea2674e2a5900d888f7e3058a2cca96ec5bd83bc3a124809cc83cc4b4f69500b8be6b46bb64ae8701869892778c3267417626e10f583e85de8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
11KB

MD5
8c58af01993084221ad0f3d254117032

SHA1
d36d6d1d505eacb8cd2fea7cb60ae6affab58ca0

SHA256
b640b67c39ab2ea0c0c8ecf3b8c8daf5fc7a5e436a6db7445feb99e443947970

SHA512
3cbb7bd6f2104faf91b699784b81b413e7be72f316a257061d69d1a7db91fc4cd612e75149ed0ce84659a56bc9495afabb0b2f5cb1e6dcd0fbc47db7e42d13a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
12KB

MD5
aef236a608f8b3d13fb78ba0db690816

SHA1
9381bfe05c5b35701addfb8714461fa342f48d76

SHA256
ccf9b9edc841888cf717ec8772957e46ca9eca45ceb6fc848013fe1edba2e3d8

SHA512
ee08981196ef9536d95de67b780888d98bddff2e5b55a5d92dfb3530e48f965fc4fbbd0e293335af33c4336492316d8e1f3bf8edbde82ed8f82bbcf3ce096fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1fd92195a5c4a7e5f4bdb5e927ec79fa

SHA1
f91c879cbac478933dcabda24c4aaae0d08ee226

SHA256
5d247d6d1fe4cc2960d032f92ef3063f616f9899e37a493f1484a575da765b84

SHA512
b8ed667f6f12c779656b3af2479a50bd38d696919f0c70a5154f596c9f46461806c2a4c4b1f5641807baea6b86ab61d4847440b34878e590e6067a5bbd2ec502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
58574eb47502a7a7ba5c6ebd32341916

SHA1
1f9914d1c5e998d69f9aaea8f37bbf493b8d9940

SHA256
86ccecdb6db4ae9d3ac7631f56ed576162e3c929313993814456d46c382a4354

SHA512
ea1512e60567cffd24ed311d7e91278bdafaf5f6364921f84b8135284290e3fcb61aef32b4d2d2f14b21a87ac875ad450dbf2f48a3c603a23112b91540662651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a87c9e2147a497fc7dd8b42e774b318c

SHA1
fdbf67b1ef18bac2d64be786d8ed15d759f82e4a

SHA256
3402463bd5372b44e1f5c0817e1a6df2320ee2098743cf4c286643c6d90e1d0f

SHA512
7f83632fc25b1c9dc93d059d15d0a556e65fe996514e0af77fd9a6dc995f42644c1add2d2924e29a9fad5a671b99b500a41caed55fbc17294a8aea809ded1852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
685462b2034c052ca28590310cdd8995

SHA1
6b84769ad078578171dd8fe2a8dc3581b83874fb

SHA256
3dde163311312f99690a7224e6eb150a2e74f6f535f9bcf5b61e5c0ece62869b

SHA512
fb65da01163daeb663adb9f71f8893213429fc531bbbb42d8d88e404f09aac6b3de56b9f9c2a36ae7120ccb930218e61591cffd1e2bc3084b4b341c9a1ef95d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b14a.TMP

Filesize
534B

MD5
27575ef9bfe201ae18724b02d7072b8b

SHA1
b28d94dbe74734f594c0d494fe05b85f7a98b0ae

SHA256
671391f67d20e36563a86f383a1cf486e96cfebd3f6d62bc250411698ffc6225

SHA512
6bd51f81601edfa68044ef3dae408ff8212cee179dba3853e3c25367fd92da1695851bcdcbbc617b85754d61924656b8a9facccc23419e3bdf1b2d0fe4e5a116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a9bbd113ca86fd05c6fe71ae12fc3f89

SHA1
e865754b4c9442c20b55c4255e1c4f7ef7917adf

SHA256
8fd7fc5651094c6a602dbc8a6fe443b78147c400052d1506135962d6ed33bd85

SHA512
091f2e1aa4b48fda9e89b1a320f23be9ca8152a0bf27417ce7d7f949763c843952facf714b7e63d47d47c44b03ff6d81c91e235e623c2fd29eeede13c14fbeb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e2b170dd62082b697bbbe9a4c012f2f3

SHA1
e0a998c1b7d333824f302f3ddda904811c5dc032

SHA256
fbb8180dbe05da7cd07b6e627527f2e73cb9e211895da3b60c4a07b42dbb8e1c

SHA512
33a4076bc7689ab7ea4def01f944e5f073b96ac14d4a49d474aab3400afd5170f299109dbb1cc65bda325e6f2ed58fff8239fec63369ea8e074791b21c7934a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
530f1fff5d4c999b2e4f602c3f6fd413

SHA1
54db4766999d6ccf94a99de9b331a56fc2c4c13d

SHA256
c44cadf0c302ee0fd3cce845872b088490f3c7ba57f86a157db75a9ad2f0a1be

SHA512
22efdc4a969ba0ca104979bdd22f3a22bea29a4ab199da540cc52a697e9761a85e7edeb72f8307e9d6e40c6b8ac819e793f8c238ae22f1bcb6d0c161b14283db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8be0e797af1e3c856f31800c44783be6

SHA1
ab09786f78e0cb749f61f164f4d510853c42f271

SHA256
c9e43ac622bb7989da03da2d29eb3204cf19ace4eae743621d12a5d061990b21

SHA512
a3bfe1244cf839477660b1b219159bf40d3308521e80cd41ede5abd692b72a60d3bd0600170d105d26300a0d829dc88ee74750f8872186a8aed35c4543784f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
53af66524deba094bad0c09143ceab39

SHA1
71036033cbc2ae34aa46424058c060796759468e

SHA256
d012f39af4931739fb42878c1fcc0674d138da2a8d0206f23a7e5a695417d110

SHA512
87ad339549cfe58f7ed9791d8a83ffc34e3edc31d199622293edee944571cc86f84f991e74723c4f38ea0aab3afee08cbf31dfe9ab0d7be25c3c6a4e94b61d0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b346f32cf41e67080461f4463e6b2cfb

SHA1
7c32d9b0ef8cb86e44248eda6dda76a06683ea25

SHA256
14d89d2581981af3a04d3d346ed1afd7a93b9c954ddbe442e2f37ebd51d1ca5d

SHA512
d9ea648ead63456cbdc1593c3b75576223fda6ebe52b348054a90f4e580909089b9eec99db020fa271e865dcad04b722f63b1c324ca7ba565c0175ac079ae2b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e47c89906d742e8186b3c2cdcb345612

SHA1
f50559c53a5ae3d2394b2cae3fccd128f2aaa93c

SHA256
610da6c2df6e5a3b3e1e7f4f9ee29f1e62e3cde50382302bf448da3cf7c7bf52

SHA512
dd172cdf1eb50edce4327c97030d12d1a3061a9cb5aa5f66c66f4f57a5ef6f15b526a89c4997340677fbd2d3bcadfaa776adf973efed97c875f6749d6e219cb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d7bfb3245b89055bd9a2cc5caaf4005c

SHA1
0ecdf582f79b4f60fdfffbf192d2a2c8c12e20e5

SHA256
e4f33e31d561f974a5c1d9524c96805bc71e3861fa8123e23cd2df309f67141c

SHA512
c736c18b116200da6447979e18731e29cf0933515599203f3d99ed9f4e48701b9f6856f8720ce32cbdbe3e7995e3ceeab3f176693b8e9b366824096a37072c0e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\50F42BDCC7D85CAC32D1F2CAA0225E3B0185E114

Filesize
207KB

MD5
d9b8b614223d4a6f464eb0aac0e26f84

SHA1
de6e1d1e702f4143a250c413a0c227b8cdde3e05

SHA256
7490d3b28726c51b66efebe907ffd73cfecfd188ae772aa98803ac10d51bb296

SHA512
64ccf879afa2330e77391279ca082ce270dd5ad2859ab3b7b2551a160455ada4f491255cb3f5a3ab399f8f7160f51e74d7dc6e3d60073a9a3dc561b6ea6c4d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
afe19b551bef3007e6c67af7a3c726ef

SHA1
4f105cd2f045a0b107a58127b75e7818b430c3ae

SHA256
0685c3054bbc59a1b1502257d0dafdf4dec22f0965ada2ea88939b4f729b795c

SHA512
3d379fdf8f7d24a0032cdc89d68f8c9f4450f19b1ad36d870708a1e70bbdca1dc18ea2fa9710e25b5bcb757e23dd535b35e0212fb3b64055183930035feff01b

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sadep3ic.gdy.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5ba71a\Load.html

Filesize
2KB

MD5
1757c2d0841f85052f85d8d3cd03a827

SHA1
801b085330505bad85e7a5af69e6d15d962a7c3a

SHA256
3cf5674efaaf74beccd16d1b9bcf3ffb35c174d6d93375bc532b46d9b4b4ed35

SHA512
4a12a55aac846f137c18849302e74d34df70ea5aaff78d57fce05b4776bedcde9e1b1032734e29650bcbac3e6932dfef75d97931443446a23e21cf5b3072dd9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5ba71a\common\js\common.js

Filesize
45KB

MD5
87daf84c22986fa441a388490e2ed220

SHA1
4eede8fb28a52e124261d8f3b10e6a40e89e5543

SHA256
787f5c13eac01bd8bbce329cc32d2f03073512e606b158e3fff07de814ea7f23

SHA512
af72a1d3757bd7731fa7dc3f820c0619e42634169643d786da5cce0c9b0d4babd4f7f57b12371180204a42fec6140a2cff0c13b37d183c9d6bbaeb8f5ce25e5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5ba71a\common\js\external.js

Filesize
36B

MD5
140918feded87fe0a5563a4080071258

SHA1
9a45488c130eba3a9279393d27d4a81080d9b96a

SHA256
25df7ab9509d4e8760f1fdc99684e0e72aac6e885cbdd3396febc405ea77e7f6

SHA512
56f5771db6f0f750ae60a1bb04e187a75fbee1210e1381831dcc2d9d0d4669ef4e58858945c1d5935e1f2d2f2e02fe4d2f08dd2ab27a14be10280b2dd4d8a7c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5ba71a\common\js\jquery-1.11.2.min.js

Filesize
93KB

MD5
5790ead7ad3ba27397aedfa3d263b867

SHA1
8130544c215fe5d1ec081d83461bf4a711e74882

SHA256
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

SHA512
781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5ba71a\config\config.js

Filesize
5KB

MD5
34f8eb4ea7d667d961dccfa7cfd8d194

SHA1
80ca002efed52a92daeed1477f40c437a6541a07

SHA256
30c3d0e8bb3620fe243a75a10f23d83436ff4b15acb65f4f016258314581b73d

SHA512
b773b49c0bbd904f9f87b0b488ed38c23fc64b0bdd51ab78375a444ea656d929b3976808e715a62962503b0d579d791f9a21c45a53038ed7ae8263bd63bc0d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5ba71a\config\installparams.js

Filesize
560B

MD5
f6e3d08315994162f59367d68fcd86d5

SHA1
7e3a572f8e906c46f1e70270a6507bd16fa7e092

SHA256
fd3dc29b3696af7c0a09fc4afedef9648fe62a7852b877bc740b0a5a2155e925

SHA512
fef0ee7aaf4379cd688096e24bd3275289638fb1fc99e4c8ee589e7034d86794f4bba1facc26ab32cac5c52f60fa718295400d19713a57470ba0d3b6761cf5a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5ba71a\config\stubparams.js

Filesize
37KB

MD5
91f6304d426d676ec9365c3e1ff249d5

SHA1
05a3456160862fbaf5b4a96aeb43c722e0a148da

SHA256
823f4f8dfe55d3ce894308122d6101fed1b8ef1eb8e93101945836655b2aed1b

SHA512
530f4fad6af5a0e600b037fcd094596652d2e3bf2f6d2ce465aae697ea90a361a0ffcc770c118102a0dd9bf12ab830ac6b459e57a268f435c88c049c127491f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5df7e0\winzip28-bing.exe:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5df89b\common\css\jquery-ui.css

Filesize
20KB

MD5
1ce4eb3e5153f4c9b93a3cfdf3ef2e77

SHA1
03b04e1e31c9c355e7caf71ba0ecb12e741d9aea

SHA256
95f4c300d84eedd0c43a30a1b6f0dfbbf7b8c47725511981e4cfe12dfaeb0e93

SHA512
75b272ef0d474be75aa19226a60a9c6d0370cfbd40276a274460391dbbe0350c17849aa21f375e46bacb7cf7cb3052be5862569f5a196e15b8ca49baa82436a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5df89b\config\installerlist.js

Filesize
2KB

MD5
f90f74ad5b513b0c863f2a5d1c381c0b

SHA1
7ef91f2c0a7383bd4e76fd38c8dd2467abb41db7

SHA256
df2f68a1db705dc49b25faf1c04d69e84e214142389898110f6abb821a980dcc

SHA512
4e95032c4d3dbd5c5531d96a0e4c4688c4205255566a775679c5187422762a17cbca3e4b0068918dbf5e9bf148fc8594f8b747930e0634d10cc710bea9e6ff5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5df89b\pages\Initialization\features.js

Filesize
506B

MD5
7e20d80564b5d02568a8c9f00868b863

SHA1
15391f96e1b003f3c790a460965ebce9fce40b8a

SHA256
cba5152c525188a27394b48761362a9e119ef3d79761358a1e42c879c2fe08cc

SHA512
74d333f518cabb97a84aab98fbc72da9ce07dd74d8aab877e749815c17c1b836db63061b7ac5928dc0bb3ffd54f9a1d14b8be7ed3a1ba7b86ee1776f82ba78e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5df89b\pages\Initialization\page.html

Filesize
2KB

MD5
b23411777957312ec2a28cf8da6bcb4a

SHA1
6dd3bdf8be0abb5cb8bf63a35de95c8304f5e7c7

SHA256
4d0bdf44125e8be91eecaba44c9b965be9b0d2cb8897f3f35e94f2a74912f074

SHA512
e520b4096949a6d7648c197a57f8ce5462adb2cc260ccac712e5b939e7d259f1eee0dfc782959f3ea689befce99cddf38b56a2cc140566870b045114e9b240dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\e5df89b\pages\Initialization\page.js

Filesize
2KB

MD5
50c3c85a9b0a5a57c534c48763f9d17e

SHA1
0455f60e056146082fd36d4aafe24fdbb61e2611

SHA256
0135163476d0eb025e0b26e9d6b673730b76b61d3fd7c8ffcd064fc2c0c0682a

SHA512
01fb800963516fd5b9f59a73e397f80daba1065c3d7186891523162b08559e93abf936f154fc84191bbadec0fa947d54b5b74c6981cebc987c8e90f83ddf22c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh6C3C.tmp\image.gif

Filesize
997B

MD5
1636218c14c357455b5c872982e2a047

SHA1
21fbd1308af7ad25352667583a8dc340b0847dbc

SHA256
9b8b6285bf65f086e08701eee04e57f2586e973a49c5a38660c9c6502a807045

SHA512
837fa6bcbe69a3728f5cb4c25c35c1d13e84b11232fc5279a91f21341892ad0e36003d86962c8ab1a056d3beeb2652c754d51d6ec7eee0e0ebfe19cd93fb5cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh6C3C.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq7535.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx6C9A.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx6C9A.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx6C9A.tmp\nsJSON.dll

Filesize
23KB

MD5
f4d89d9a2a3e2f164aea3e93864905c9

SHA1
4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

SHA256
64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

SHA512
dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
f5d794303bfbbffe003dab518c8e3050

SHA1
786e2ee96ffd3eba01f32e2a041abc01683fa2fa

SHA256
e9474169cfe12408a697739010cbe1ca251f7d6712f3500c3fa6e89e7e6b86e8

SHA512
689a4f510047d2abb058ea014607059463ec3531fde4aaa2817ec5edf483a717249cf5f2fc1b199e55e91edac4d5fdf3284ab1c17820ce2e716ea586859dc012

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\1dfccc2d-97ed-40f7-a7bc-93325eb6c89e

Filesize
746B

MD5
497ec686049dfa761ba7f1d704fd657d

SHA1
5d8b75113602d82a3f20e8b5f5a9d501e5ec6a98

SHA256
defc4377b1a1cc0386e635dba39d05de4c554ea3b5a8d16b07de764ac6aa45d0

SHA512
3e4e75a54b48c0df273908a7569cfe6851ba747a3129689ca7384d6f6351f03941cc48f3e29f4f450fcb2b9f328f52a97a1b57bf8d71641b793fb4c6cd510fce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\6f3eba4d-e072-43ff-8d2c-a794ae9189ff

Filesize
11KB

MD5
9a46ffc02047fb2afff59f52035a9702

SHA1
049f436acc492930c9b72d387a1e2cba893f1aca

SHA256
33ba2197b6009505c5879a5fbb6963074795801493ce3258e937b4c975c04120

SHA512
b2d8eebf989d922c24755d7e25b8d453e6ab7aa092c702ffdf4dd21e5774dd2ade000291af5dd669156887d9769189bf7bc3fc3e1d59fb08a4fb8279a70d3288

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs.js

Filesize
6KB

MD5
c31d879026758c87e7465fc6c362fffb

SHA1
a68b8d6e42e9f8e16a6f96f8286e6e29e5ede453

SHA256
f6e6b10f8bb13f0cbb2c1517dff8d16bc8ed9c57ff9fadd9e6333dcbdb8d21e4

SHA512
82412735aee8e418e88f03143621a87cd52dd3eb09d2840314f5b9bea975119a4b2c0f36739aeaf4d613e3fd7f95508293752a04e0c60c1fb39b1faadd944cca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs.js

Filesize
6KB

MD5
97f10eed2a1f4a048f66e224f316aa52

SHA1
f1abd62efb411a3a7d23263da2395613d99fb432

SHA256
1236aafd9b426fa5bbad4de60e36c5d700abf1f31293138464271cd5b791a3ec

SHA512
1a9e3cde876b15f7600184db8d1450efb5c29cac981a3233c6b7a9d6d9459dde31e004f3adc8dab04f0c343ca3d24d43a164a33ac251f4567467529e930f3bde

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs.js

Filesize
6KB

MD5
5f6bb362df0bbceca52232bc07586cf4

SHA1
be7ee0d3f30aa4c759c2928311af3608389d8609

SHA256
c0811603429a6907943e1e57003449a6ba7c31c25f0b9f49edb7ca5c093688b8

SHA512
e1c26e9ac098152b6328b5770f14afdcfecb1345d9981aff69173a54887d26528524357602b3f53c94d7d25a411a71e55c793f419721c33bf795c860b4c05026

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs.js

Filesize
6KB

MD5
c02f1aa0f31e92319b37e276f804d6a7

SHA1
5ef5ecb52697d7534939474f0b645475831770a2

SHA256
5fe7a460565ba743b2f9d83e52dc487c7fe8136fcc18adac1f0f94f6aa750a87

SHA512
71959c1a659eafc8d690db37dedd8321e4001d9322d03c0b59bb02cbc1e9c2e5c6a5c43ff227c7114a8f564705dc030c42a6589f2fc38f05dcece4c50dfd9d12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
40c62f0494565a65f62f223366f7fa45

SHA1
8bdff9f262702a1d77f86090431f1ff49b165f0f

SHA256
59ff506f0d73c79f316011d80bd14d968255a5974f78f5caa3d8b6ae09196cb0

SHA512
5227fedf569dc0293c3584ede1dd8e2d73218e7feaed382e0b282fa973f57e3d722a68bd359d87990c2b59feb5c955f4ef4cb572fac2d52fcf20d8309e778b9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
a660dc02cd474b9a541eba0e751ae0c1

SHA1
5c96f8207591003153c0883a2c3c168f898977de

SHA256
eb02897603e15b9243cd6e3bd816f376094d4165e34b79e34e598a7b220fa8a4

SHA512
b2bb80aae23e32031910f57749857fd48c44b63e4d49c7b1fb09c4b8709bf731ef89dcae4fc95c2480dcddbd6564d56bb924fada31705e11617341e8206f962d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
3d37af0481d6cc2b56892828a8d760f3

SHA1
25e549aae72b1d23ff0472b193f801012952003f

SHA256
6cc147fca744f62367604555e9f84e04713d17157cbc7d0f8c180069a93f60fa

SHA512
ac7a2c836fdf5ac417217f82a307c1b0231b734460b6b560cce629a5541731e2c83f5afc4cd9fb4bf3ee099241db8ac80e0a0935443787086d3f4589caff3d68

Download Submit
C:\Users\Admin\Downloads\Setup.exe

Filesize
175KB

MD5
a56b5795298c500baa7c409638e8ce08

SHA1
9a720cb630ea317f8b4d2b0dc15880d0026646f4

SHA256
baa050f8ae914df8022571017e2d7b65e7d53f0d3d4037c30ffd67780b2f5779

SHA512
b47583a1011e87a035dca78fd7b1d6de2c0b6517818f18c90aa40147239cd1e3884479db9a000c5bfdb9509cb08c46a3fc8c62ec9024f1345afb235e859030d7

Download Submit
C:\Users\Admin\Downloads\ZOD-master.zip

Filesize
41KB

MD5
ae6438a5a41352e5b7b37918259bea69

SHA1
684f4e642980875422c1e666ee349d9aee5c337f

SHA256
d53a7858a392b314ef7e63d5d8d2f7fa8b6067dc0b9cc926adf219c0c4c0b768

SHA512
28b14be2cadcc3d37afd2a501e553bb5d8df42cb376609c587348a2bfd3eab35e81b76ff2f61b1951a606739834eda607f9dc4334ea60f00bb806edb269c9784

Download Submit
C:\Users\Admin\Downloads\winzip28-bing.exe

Filesize
2.8MB

MD5
9149ff02169b61ea12112c4f43a5cb75

SHA1
07e50a05b858416e9b0ab549b4e382846749d191

SHA256
063d60b802a05586969c8b4cfb6838f20f9eecfd8c5104ac52c086d4ac98b4fb

SHA512
edf24cee0f6d2752b1ca8923e2a465a3d4750dce060122fd443f7afa2a7783fdee02416eb11ad460a5e2b63b63b7cf64997deb02d63027355f49766eceb5a3de

Download Submit
C:\Users\Admin\lll\Temp\tempPOSTResponse

Filesize
123B

MD5
a74ba6ba5b21dd9f1dc8a06462cdf2e8

SHA1
685710ace1a5dc374613675a5dcd718bcbe1d4a1

SHA256
c8d7b68b0ebbdd9999ff19ee0edda70cb2f21294b77c4554962d24b047d3a439

SHA512
beaff11bdf0c94e1e44c43cbf1fa698aea3e3de910117c3d2c6a263590731dc33bc45198b47df10606102b89c20b6a4215215e1a7775085038a3c32793a0805c

Download Submit
C:\Windows\Temp\SDIAG_e2fe3897-bb2f-436f-a71c-526918ef76d1\DiagPackage.dll

Filesize
478KB

MD5
580dc3658fa3fe42c41c99c52a9ce6b0

SHA1
3c4be12c6e3679a6c2267f88363bbd0e6e00cac5

SHA256
5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2

SHA512
68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2

Download Submit
C:\Windows\Temp\SDIAG_e2fe3897-bb2f-436f-a71c-526918ef76d1\en-US\DiagPackage.dll.mui

Filesize
17KB

MD5
44c4385447d4fa46b407fc47c8a467d0

SHA1
41e4e0e83b74943f5c41648f263b832419c05256

SHA256
8be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4

SHA512
191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005

Download Submit
memory/1056-3711-0x000001AC29840000-0x000001AC29841000-memory.dmp

Filesize
4KB

Download
memory/2404-1777-0x0000024FEFD40000-0x0000024FEFD50000-memory.dmp

Filesize
64KB

Download
memory/2404-1825-0x0000024FF8080000-0x0000024FF8081000-memory.dmp

Filesize
4KB

Download
memory/2404-1796-0x0000024FF8330000-0x0000024FF8331000-memory.dmp

Filesize
4KB

Download
memory/2404-1794-0x0000024FF8330000-0x0000024FF8331000-memory.dmp

Filesize
4KB

Download
memory/2404-1793-0x0000024FF8300000-0x0000024FF8301000-memory.dmp

Filesize
4KB

Download
memory/2404-1797-0x0000024FF8330000-0x0000024FF8331000-memory.dmp

Filesize
4KB

Download
memory/2404-1798-0x0000024FF8330000-0x0000024FF8331000-memory.dmp

Filesize
4KB

Download
memory/2404-1829-0x0000024FF81A0000-0x0000024FF81A1000-memory.dmp

Filesize
4KB

Download
memory/2404-1799-0x0000024FF8330000-0x0000024FF8331000-memory.dmp

Filesize
4KB

Download
memory/2404-1828-0x0000024FF8090000-0x0000024FF8091000-memory.dmp

Filesize
4KB

Download
memory/2404-1827-0x0000024FF8090000-0x0000024FF8091000-memory.dmp

Filesize
4KB

Download
memory/2404-1800-0x0000024FF8330000-0x0000024FF8331000-memory.dmp

Filesize
4KB

Download
memory/2404-1813-0x0000024FF7E80000-0x0000024FF7E81000-memory.dmp

Filesize
4KB

Download
memory/2404-1810-0x0000024FF7F40000-0x0000024FF7F41000-memory.dmp

Filesize
4KB

Download
memory/2404-1807-0x0000024FF7F50000-0x0000024FF7F51000-memory.dmp

Filesize
4KB

Download
memory/2404-1805-0x0000024FF7F40000-0x0000024FF7F41000-memory.dmp

Filesize
4KB

Download
memory/2404-1761-0x0000024FEFC40000-0x0000024FEFC50000-memory.dmp

Filesize
64KB

Download
memory/2404-1804-0x0000024FF7F50000-0x0000024FF7F51000-memory.dmp

Filesize
4KB

Download
memory/2404-1803-0x0000024FF8330000-0x0000024FF8331000-memory.dmp

Filesize
4KB

Download
memory/2404-1795-0x0000024FF8330000-0x0000024FF8331000-memory.dmp

Filesize
4KB

Download
memory/2404-1802-0x0000024FF8330000-0x0000024FF8331000-memory.dmp

Filesize
4KB

Download
memory/2404-1801-0x0000024FF8330000-0x0000024FF8331000-memory.dmp

Filesize
4KB

Download
memory/5672-3161-0x000001BD116A0000-0x000001BD116A1000-memory.dmp

Filesize
4KB

Download
memory/5672-3163-0x000001BD116A0000-0x000001BD116A1000-memory.dmp

Filesize
4KB

Download
memory/5672-3154-0x000001BD116A0000-0x000001BD116A1000-memory.dmp

Filesize
4KB

Download
memory/5672-3155-0x000001BD116A0000-0x000001BD116A1000-memory.dmp

Filesize
4KB

Download
memory/5672-3162-0x000001BD116A0000-0x000001BD116A1000-memory.dmp

Filesize
4KB

Download
memory/5672-3160-0x000001BD116A0000-0x000001BD116A1000-memory.dmp

Filesize
4KB

Download
memory/5672-3159-0x000001BD116A0000-0x000001BD116A1000-memory.dmp

Filesize
4KB

Download
memory/5672-3153-0x000001BD116A0000-0x000001BD116A1000-memory.dmp

Filesize
4KB

Download
memory/5672-3165-0x000001BD116A0000-0x000001BD116A1000-memory.dmp

Filesize
4KB

Download
memory/5672-3164-0x000001BD116A0000-0x000001BD116A1000-memory.dmp

Filesize
4KB

Download
memory/7784-4245-0x00007FFBFEA70000-0x00007FFBFF531000-memory.dmp

Filesize
10.8MB

Download
memory/7784-4201-0x000002AB10720000-0x000002AB10730000-memory.dmp

Filesize
64KB

Download
memory/7784-4200-0x000002AB290F0000-0x000002AB29112000-memory.dmp

Filesize
136KB

Download
memory/7784-4190-0x000002AB10720000-0x000002AB10730000-memory.dmp

Filesize
64KB

Download
memory/7784-4189-0x00007FFBFEA70000-0x00007FFBFF531000-memory.dmp

Filesize
10.8MB

Download