7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c

Analysis

max time kernel
151s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Size

3.0MB
MD5

122fda5a9401ae7329c87d447fce3eb0
SHA1

d7b8fa31e2b78f996136cfff686a8f3d3bd973d5
SHA256

7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c
SHA512

daa78ee4ed316968e9dbf34c11cb885e471dfbe255f16ac129de5df74e2f84bf9ff2dd9c18dfe9eeaa905d7eb6edd294b7f24503129441015f1db2a58ad65ea1
SSDEEP

49152:vZnCRw3438x0TVDKNxOafuUYUc9no2IWkAyf1CQ+v5XxCv6Pxn:vARw3UJKHOa/Xffs0S5n

Score

7^/10

evasion trojan upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2148-0-0x00000000001A0000-0x0000000000B65000-memory.dmp	upx
behavioral2/memory/2148-147-0x00000000001A0000-0x0000000000B65000-memory.dmp	upx
behavioral2/memory/2148-359-0x00000000001A0000-0x0000000000B65000-memory.dmp	upx
behavioral2/memory/2148-447-0x00000000001A0000-0x0000000000B65000-memory.dmp	upx
behavioral2/memory/2148-469-0x00000000001A0000-0x0000000000B65000-memory.dmp	upx
behavioral2/memory/2148-709-0x00000000001A0000-0x0000000000B65000-memory.dmp	upx

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe

Drops file in Program Files directory 64 IoCs

Processes:

msedgewebview2.exemsedgewebview2.exe

description	ioc	process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-kn.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-hu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-nb.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_1051130289\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_943097754\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_849533986\kp_pinslist.pb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-hr.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-mn-cyrl.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-pt.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_1051130289\crl-set	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-pa.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-eu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_849533986\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-cy.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-de-1901.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-de-ch-1901.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-te.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_943097754\protocols.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5108_60289054\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_1745388681\_metadata\verified_contents.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_1745388681\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-gu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-ta.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-tk.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_1051130289\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_1745388681\metadata.pb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5108_1268808202\Microsoft.CognitiveServices.Speech.core.dll	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-mr.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5108_1146134834\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5108_1146134834\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_1989481904\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-be.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-ml.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_943097754\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-et.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-und-ethi.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-cu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_1989481904\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-da.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-hy.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_849533986\crs.pb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_1745388681\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5108_1268808202\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-es.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-hi.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_849533986\ct_config.pb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-sl.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-or.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5108_1268808202\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-en-us.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-nn.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5108_60289054\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\_metadata\verified_contents.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5108_1146134834\crl-set	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_849533986\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-as.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-bg.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-en-gb.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-ga.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-la.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5108_60289054\protocols.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-de-1996.hyb	msedgewebview2.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe

Enumerates system info in registry 2 TTPs 10 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedgewebview2.exemsedgewebview2.exe7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe = "11001"	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe

Modifies system certificate store 2 TTPs 12 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\85E2C5B0D9CFF505363FA62A5E8B8C1D76A60B46	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\85E2C5B0D9CFF505363FA62A5E8B8C1D76A60B46\Blob = 03000000010000001400000085e2c5b0d9cff505363fa62a5e8b8c1d76a60b462000000001000000bc050000308205b8308203a0a003020102020426c66cd0300d06092a864886f70d01010d0500308185310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f6779311b301906035504030c1241646f626520526f6f742043412031302d333020170d3138303831373137333831395a180f32303638303830343137333831395a30818e310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793124302206035504030c1b41646f626520496e7465726d6564696174652043412031302d313930820222300d06092a864886f70d01010105000382020f003082020a0282020100b533b875034a0e7563110700e026d838b4ed1369ee54d6db09ebf764a4778ef8a7dc7dfba9386a78e61be8ff8722d2ca1535cc02c111f9fae54fdc09698d22d9d936b3133aab757b596a1c093cf3559f351d3f10dc44fb0f9787e1f685e83dc775c74d0e563f1509071a1d4bcd919d0b9ebaf925867a85e7e5b9b13040760dfbe2a9bd70e028963dd69631e9cf2f5ca3a6634ac8bfe2dae5cde9df35e935b4f88a17fc78786052badf6e5a378e34a16d16ec7eeb69bf0917fd7210ae129ae2b5f3473e28ea73e25e81176229f0ad99b74069cf6c30413ab85d86f7fec519e01806a928cf2e5ea9c9aae9f57a60401e76313fd017bbe23541b455da6c7d49e39f6b451a67ea2160056781067c489526d297410ac05e87fbeca66d75bda1eaeec9652891598957f4c19fb53ec491b1d600d1ad75d7c164d613ba6ce275682f44399515c247d11d72dc440fd800225a13ae8d16494eaa9f1f82120d2f51243683d2aa62cdcf5be075720b7d566eadb5e46ee3299b43296a49bf3fbe2e672e72e42e7918e608466028de4f215cd362cfd921200ff946168717d09af99095950812f5a4de4073e2c5697a318b9eb51a585a36e74dbd8fb7277c8aeb7ddd42ffbeb32c181f9edaddc1480b95f16e7ea37d0dab3f2f5009d570aa4624b66a7017c75f1caa7c544e15def0c6e6cf6a4f26312b68f633b7a5a4203c97e77a32141e7cf4970203010001a3233021300e0603551d0f0101ff040403020204300f0603551d130101ff040530030101ff300d06092a864886f70d01010d050003820201005bd66c82ca184490136b886ef3b5f5b6866768c8cfd13f701025aeb8dc8b7b4539c071032663327f1b55d773e062ea01551038bc12895b4a760a23ec0ef1e24c1d25649b12dad880b576a952ba1f9d1ed0c5bdf45e8a9f9465c091e22ff7165912fba642b3e2979897339ab2ae511615d3e20b27e3e60e13fe188c7c7119f14029ccfaf1e9fef5c7e53ce1c0d1cfcb8507131c446af5b7f67b701e1ee4151cadd14048737cf0ec86f8964d75b8509bf07a984441641622568d5ea1b9124101db76c578bee86acdb651a90b5c3abdab541f3a41e82cbfc0d30319e1975924540a71e8d1a3603caade3cefcf0b362b62fa09efe97827276b0b79f58553136c89aa72a9f3f7fdaa87e5789978abe6af28c04f7d673954594329ace012159c5ee6b2cb43b55f507e0e0f68233e8a3c6fe13a2cb23b4f38ddecaeae21e99bd6e152793ad59b8286256ede041654cb8a7c069d773868f8bddea44fccdcfc4c0cfec6f9357093024d88519a40bdb3b77b0988051418fcba0a67c5caabc66f21d094e5d612dd7f951291892a4f8ef35efdb2c9d940fcbddfdb75d19b1b215a36dec147c9d716bb4a06047e90d0d0fad64a56f24a6b650843d5cdd2aba7e8894b4693d775aebc8d65063d1813b0be5c9c6357c43be7aea9b3b6021935acc2b8f38746aeab5eaa06f447be0cfff20b38811e273023cd035f14ad3a7babee646909282cc3ef	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\A5C8D928986EC17FCC7D5F2353885D1709B73A29	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\A5C8D928986EC17FCC7D5F2353885D1709B73A29\Blob = 030000000100000014000000a5c8d928986ec17fcc7d5f2353885d1709b73a292000000001000000bc050000308205b8308203a0a00302010202047ce3bf47300d06092a864886f70d01010d0500308185310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f6779311b301906035504030c1241646f626520526f6f742043412031302d333020170d3138303831373137333831355a180f32303638303830343137333831355a30818e310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793124302206035504030c1b41646f626520496e7465726d6564696174652043412031302d313530820222300d06092a864886f70d01010105000382020f003082020a0282020100a0e7345276469020a420dfb0569684d7adf0f493a0a0a53742c25e1bf39a91a481ae07efcf40586a5b42a776dad12710078884bfcb2c3af2bdd70b4301490e58de99cb28b1dc5befd617dadfc34c653d9ef643ff6fd9069cb2ad740ebf1abc42c9fabb8a65cd0d76e9b0b64c77ec0e9350da1ba5f3aabbad9e076e2aebb3af34809dd50bb29cb26577536791a0c672c843fd11a60ce5aa99e0ac5ff81819ab8d4306e790040b6d9d4eb9e37b88d9bdfd8271ee8ba557aff9ec66da32c1f483cc84e0e9af352f5fd083e0933047a13529568e22491266b576b50af641676031593285135758d3f86467159b00ff3662b885dc7a331a1b658c42ae8e76101a67abf22002b4ccf330b966d05f63a91870ef56916ff131a0b8737e111413bc3620c593d5c1452012ec77d77b99240ab972c2fd0d20474bb9c63f1053cfded7de55d57e2d735ac280e1faa8f8af095fb29d5b03b7e45ff8c6d1a7c052e0854418d27c9adb3e40032000e988fd8f6f556bd956e85eed4e7c4d1916c4fc090c27e6b1a3bdaadf8eda48c81b212feee1f1b97ebe4b2ed98b49662c101efdb212720d73a7a432af6d816c7997a5485dae77209f060718e50c524d089750a51bfab47e04fccbf04017762c3597fa5b52b2394b7159053034065e17c184c25736ac793c6e2b25e04d59dc1fe74f9e338c719573d6d6b4b29ea7adbc259e5d4fb4d0fa89a92b0203010001a3233021300e0603551d0f0101ff040403020204300f0603551d130101ff040530030101ff300d06092a864886f70d01010d05000382020100501c3b74f2e4857d8171cffe355895c8241c0590b0f5a81321aad9b328916dc68479ed41c47396336cae923db8c14276504c81f99ee5d961fae32ea75fa707717fe6d3a0cdea05bd40c1d69f21a619b09209f09be929c02125020d7eb9e94670ef57bc02080be6718832fd9f5e7fbfd1bd75c278665582452f66a282d7bcb7936bc336ff64ab06a4a5f12f4a4592dd13ac944fc5a2dd8b084fa429d2eecc10fd7e9a5be17b8c235a12c3e48e0df101837bcd4563cac3e02d7b93e172847881db7ed7e3c01e5e426fe51ee67262154daba09ea358bd10e8d10a9028e6dded33fa8c0b5e5e88d751a73bc68cbd30ebed017024affcc1a3942010531a398ea8120158d78c214e813d6023ec021e80967de3131284f80d0650b1a068d7c5e2bf7f8e019c70db26ee5f0d1719240c7a06c66344d95749b73aff74d6471d97297a248370f30b76d15d576e24fc4f2ac5960eb03d44d9fd145415eb99960802ff81c17439d9594187ffeb98e6e6f1ec11b44fb24eaadfcc1e9107e03eafb42bc717d3a0db4a73c66f0a22c7924a400b02742ea8609051927fac69131dba15df08d152e226764f30438bdb422a895c7d0e60b1da26370806914e4cc1dac1777385d470c81292d597def9c7bbdbca6ed5d8a36cbd97c159590fd075b93c32a22e2405fad8c239b66cdc016e3ffe13c191065ecfefcabdaac7164846611cf24ac9506e7af7	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\SystemCertificates\AdobeCertStore	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\686DF0A4A89F7CB6BFB4D33C6A48E2EE5FB6C4FB	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\CTLs	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\686DF0A4A89F7CB6BFB4D33C6A48E2EE5FB6C4FB\Blob = 030000000100000014000000686df0a4a89f7cb6bfb4d33c6a48e2ee5fb6c4fb2000000001000000c3050000308205bf308203a7a003020102020401cfbd1c300d06092a864886f70d01010d050030818e310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793124302206035504030c1b41646f626520496e7465726d6564696174652043412031302d3139301e170d3233303830373135313132375a170d3330303830353135313132355a308191310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793127302506035504030c1e41646f626520436f6e74656e742043657274696669636174652031302d3830820222300d06092a864886f70d01010105000382020f003082020a0282020100d119f9b8d2d41d892abf9f1f3cd1f947141b9867e9be6d96e479c74c87e42f61f5b927bccb7caebe27b26465b8e2f1118c2041980b88d7f559b8f9d041110e19f29ce5033fe9b8184d47982257e97d1b62744521bc329a7861a2376eeb8f3248eb031a7b43b1f22174fcc3c642033770137cad8329b240970127edd3030d9a69af242fc7405b5867d0f5950bb0b79f702e84180ee43ca21f46adce07ad014f5cfd7be25e735eb0431889bcce40a4e94791fca5a65da24838d189b85218c9961eb1bce8db4cb2ffc7a2c3419788e68098350cacc6aa61dfb3d8476454927f9ab767037a84ed4e39862b3f386a065b169403259617150679e34af188035d8bebd9f4f22544cbf81f0d0516799d39a17a56c12e5c151945d65084367647c6f6a78ade46f7bcc0b8aca7d8abfe3eb34ab2d1fb7800a98da86c8da956b267e309634d55ff7f6570f9b926bd602d4a94e77c662d1479c576b972d87bb35ea634b5f676774d40e04a0a908948c269c7dc71778ed5d15d9b8f4519ee858bc273a49afc7a206afd97286716b832e64154a074305d7bbcb7f2205017d1ed5ca6e42edc6d35fabc88dd188028b15e5aa5296e12c03486a80a6e3cb0c001e4742b1edf02fa70c2ebdcbec606480054fc467729e99d1eb80bee04b36fb17c722068079146fde54b06c3ec5c4bafaf113d2000ef36aebe8454560e81d0cf982a798bae3c39cd430203010001a320301e300e0603551d0f0101ff040403020780300c0603551d130101ff04023000300d06092a864886f70d01010d050003820201006bf0137ee63d74f0df4ee19376625ac33574898a025b764e9bd69f8c7d9fa1c7f9b58f0355f206cab84927d626275a8fd0d1c6a3b9a7811b361a68523ad86199ec1188922ce525246bfef1b4dd23eb5b8ee0894d4495ceb1c0f27bca3812c7c02432f9a693c7a331c53162a76c687c0ff60b31389a0e11f9da1fd8ceae91ff671222083643e0a7c0b97f170ab051856ab58c8b3278d16753cfaac05cec9a08c0fcc2e993aaea79225d70e9ec8bfb53c93be8915b2026a35bf05d3c9e5e417fabc5648d9fd8f153e8787f1e3cdd637fe2abd8c8a5d1c9171c342e588a77ff2739dc6b88c79dc933dedf535c496ba652a184b6b65b831aa7706251494108d58f8565624e37a343696f2e42c029333dab8b1a9e34bda64b58546906e9bd3f0d67f3cb830e8b6bf3b01f653c938da93b53a6878a14fe75550b546d580fa40f0e6e6fac25113513f48c9fc79b27689b906afd59d11abbdf4fde466d2a93431606db3938d9e9f7505d1a0cd91e4f116a2f3e1837ba0c1ab0cc74724916a65d9b2c09b00eef96bda7156f789449923371b5aac2a6728b0b3e71ac656ebc820bad65977cebaf56611c8d322c78af95c5dc1c2e56d95eca6efb5664010860dd6c82faf60a9cd493eecc6b013449633928d96bb0d38f28f838564db989958ecfd5325fa51f8ec4148545c5a94705beb7200b427f978959cc7a031fe58f7e2f42ad48e3bb82	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\4C7C2E87F0BC79A039D39B05F899A1CC521FDE99	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates\4C7C2E87F0BC79A039D39B05F899A1CC521FDE99\Blob = 0300000001000000140000004c7c2e87f0bc79a039d39b05f899a1cc521fde992000000001000000c3050000308205bf308203a7a00302010202046e271780300d06092a864886f70d01010d050030818e310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793124302206035504030c1b41646f626520496e7465726d6564696174652043412031302d3135301e170d3233303830373133343834335a170d3330303830353133343834315a308191310b30090603550406130255533113301106035504080c0a43616c69666f726e69613111300f06035504070c0853616e204a6f736531163014060355040a0c0d41646f62652053797374656d7331193017060355040b0c10436c6f756420546563686e6f6c6f67793127302506035504030c1e41646f626520436f6e74656e742043657274696669636174652031302d3730820222300d06092a864886f70d01010105000382020f003082020a0282020100ad280d5cfb35f4129a580996209e83cd117cab917f7f8b85e353c39899fa07bc7050077db622fe4b43c477c0abb8325a1ee90f76416e2af5cb76ed9ccec153694c6add14358e1c5c45d32db721654781ba134e981ae3b21d56fe739afd397db8101fa65554ad67d9b808d45487d9913bd7cf30e094a948546da75f51395ab7b0f122244976683d87ce6797aaea3d5ee468553fc658b2b9530e33e2aa418950458d4147270f8773e3d93da7df6a1e8f58e439218236d110a658bf5037260d3f596e1f06b9e963f758eca3f99faa454640628e3bc66c16e914aad9bea5a47f954ca0ff73cf4237e8545e5e82f66795493508a6852f4564ef44dbb31b23c27d6dcc54e749094bb404073ed05ab6bf54afadec8ea7b58ce2d935c4b0ec8a054bef86cebfd63faab8fae41104e8bdaf1f3f2474d78e050c8f33510c80abba83c0da198107e47b40cd119b71827a510ae65e9b97d5e617b397cf517cfecbc47a890bbc350c5b631a50f254151d4d84cd512e0f57241e10b1bd1569287a900d4bf4a23532556266bc1c8b1014972f126b20a2e2e7db73774eb822669fc2bcf56d817ee3f5d20f9b029ec62d377d5328000ce5d921c965337c500416a6c3e828ed27ad8ed370f8b9035c322ce75ed6de25002e363475f95e24ad6e30b9350eb2934a431bf09c8b4df073213fd6393192d796022b4275a73e5b4a2bf3b226d6a537e96c450203010001a320301e300e0603551d0f0101ff040403020780300c0603551d130101ff04023000300d06092a864886f70d01010d05000382020100315188a437cb6a526ab679d888ef1051ea301191b36ff818d3e7e1b8cbc8e1c078fc058e0d7bd61b11fd8efef27b411c3f494f6734c286008ffb39d2eecf012929913628c5b160f6ca24fab63068fc48cb91293fc302f3d16f5de8dbdfe3a57abca9a081c4cfa82fa3e06f36a318251a351c5e08fe4f4a286d1ebb4bf87278f7e54faf53e1b37148f19f210136c5f3b5981a89a3aaf8351490555d001aee6c9ab2bd27cc13d162ef6314c47fce2c668e16ed641d2b6871ef3b0afbc8e5e2b93d775049061496057a361c2cd1ed7cbdadd143a0f114e9d5066c6e2f2bfd771b44c8979cf0f094d2d89e104c935ef362eabcccda4559bb33e640b3c1920cf314688fdc639665e8e81f6b9312516d937a6db751fd39e044271432d0e83bfcb5e8df5cbe2a7c15e272e09aa96f939ac7b6655fcfe91e59474b3a4cecf12490cb1f3aa2a80ae53cbe867ccaeff9ca84d487bf438f4213b253148ff8be54caee1e4aa157353f707a966f946e89a8fc8964849eb948bd54b2b2e6d1dd85ba7df45208206472a5aa93860c5ee8f6460739ea3231ec590f09602ff29f09ecedbdbd635cb42670c8288b3f051dd6c393240d0a668b9a2c20bd70f182ce58d152089385ab717c7c624826ec39424050ad45048927d2e771be6f6693055589f3612df47c206d6ae8600f9d60f7aebc5567458d8a423b76d6082ab213fff88584909e76b458ab	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\Certificates	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\SystemCertificates\AdobeCertStore\CRLs	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exemsedgewebview2.exemsedgewebview2.exe

pid	process
2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
5580	msedgewebview2.exe
5580	msedgewebview2.exe
5580	msedgewebview2.exe
5580	msedgewebview2.exe
5600	msedgewebview2.exe
5600	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedgewebview2.exemsedgewebview2.exe

pid process

4968 msedgewebview2.exe
5108 msedgewebview2.exe

pid	process
4968	msedgewebview2.exe
5108	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Token: SeIncreaseQuotaPrivilege	2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Token: SeIncreaseQuotaPrivilege	2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Token: SeIncreaseQuotaPrivilege	2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Token: SeIncreaseQuotaPrivilege	2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
Token: SeIncreaseQuotaPrivilege	2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exemsedgewebview2.exemsedgewebview2.exe

description	pid	process	target process
PID 2148 wrote to memory of 4968	2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe	msedgewebview2.exe
PID 2148 wrote to memory of 4968	2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe	msedgewebview2.exe
PID 2148 wrote to memory of 5108	2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe	msedgewebview2.exe
PID 2148 wrote to memory of 5108	2148	7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe	msedgewebview2.exe
PID 5108 wrote to memory of 2972	5108	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 2972	5108	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 4232	4968	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 4232	4968	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe
PID 4968 wrote to memory of 1868	4968	msedgewebview2.exe	msedgewebview2.exe
PID 5108 wrote to memory of 1148	5108	msedgewebview2.exe	msedgewebview2.exe

C:\Users\Admin\AppData\Local\Temp\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe
"C:\Users\Admin\AppData\Local\Temp\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe"
1⤵
- Checks whether UAC is enabled
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2148

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=2148.2576.10931381885868154843
2⤵
- Drops file in Program Files directory
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:4968

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x15c,0x160,0x164,0x138,0x17c,0x7ffc1a842e98,0x7ffc1a842ea4,0x7ffc1a842eb0
3⤵
PID:4232

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView" --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1756 --field-trial-handle=1760,i,14972156816436647273,7587777575046455299,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:2
3⤵
PID:1868

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView" --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=1988 --field-trial-handle=1760,i,14972156816436647273,7587777575046455299,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:3
3⤵
PID:4708

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView" --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2280 --field-trial-handle=1760,i,14972156816436647273,7587777575046455299,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
3⤵
PID:956

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView" --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3616 --field-trial-handle=1760,i,14972156816436647273,7587777575046455299,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:1
3⤵
PID:1956

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView" --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4544 --field-trial-handle=1760,i,14972156816436647273,7587777575046455299,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
3⤵
PID:5396

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView" --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4668 --field-trial-handle=1760,i,14972156816436647273,7587777575046455299,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
3⤵
PID:5576

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView" --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4660 --field-trial-handle=1760,i,14972156816436647273,7587777575046455299,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
3⤵
PID:5092

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView" --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4676 --field-trial-handle=1760,i,14972156816436647273,7587777575046455299,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
3⤵
PID:2500

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView" --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2124 --field-trial-handle=1760,i,14972156816436647273,7587777575046455299,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
3⤵
PID:5436

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView" --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4724 --field-trial-handle=1760,i,14972156816436647273,7587777575046455299,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5580

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView" --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4156 --field-trial-handle=1760,i,14972156816436647273,7587777575046455299,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
3⤵
PID:4380

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=2148.2576.4363556336540047928
2⤵
- Drops file in Program Files directory
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:5108

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x15c,0x160,0x164,0x11c,0x16c,0x7ffc1a842e98,0x7ffc1a842ea4,0x7ffc1a842eb0
3⤵
PID:2972

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView" --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1732 --field-trial-handle=1736,i,804542622074852355,5999920167891354134,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:2
3⤵
PID:1148

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView" --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=1996 --field-trial-handle=1736,i,804542622074852355,5999920167891354134,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:3
3⤵
PID:3156

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView" --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2284 --field-trial-handle=1736,i,804542622074852355,5999920167891354134,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
3⤵
PID:3976

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView" --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3632 --field-trial-handle=1736,i,804542622074852355,5999920167891354134,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:1
3⤵
PID:2016

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView" --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4720 --field-trial-handle=1736,i,804542622074852355,5999920167891354134,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
3⤵
PID:5752

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView" --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=748 --field-trial-handle=1736,i,804542622074852355,5999920167891354134,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
3⤵
PID:6040

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView" --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4716 --field-trial-handle=1736,i,804542622074852355,5999920167891354134,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5600

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView" --webview-exe-name=7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=4804 --field-trial-handle=1736,i,804542622074852355,5999920167891354134,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
3⤵
PID:4924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2660 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:5660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4968_1051130289\crl-set

Filesize
21KB

MD5
d246e8dc614619ad838c649e09969503

SHA1
70b7cf937136e17d8cf325b7212f58cba5975b53

SHA256
9dd9fba7c78050b841643e8d12e58ba9cca9084c98039f1ebff13245655652e1

SHA512
736933316ee05520e7839db46da466ef94e5624ba61b414452b818b47d18dcd80d3404b750269da04912dde8f23118f6dfc9752c7bdf1afc5e07016d9c055fdb

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4968_1051130289\manifest.json

Filesize
113B

MD5
b6911958067e8d96526537faed1bb9ef

SHA1
a47b5be4fe5bc13948f891d8f92917e3a11ebb6e

SHA256
341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648

SHA512
62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4968_149545893\manifest.json

Filesize
179B

MD5
273755bb7d5cc315c91f47cab6d88db9

SHA1
c933c95cc07b91294c65016d76b5fa0fa25b323b

SHA256
0e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902

SHA512
0e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4968_1745388681\manifest.json

Filesize
108B

MD5
763e003bcbb80f3c81522cb052addfa0

SHA1
fa672c6fa9ce939d607a1526ca13ec245514b43d

SHA256
e1d24c2bfb4bc07717aa5833146ed55b67c41ef17fb61ef276eff923bb1ec20f

SHA512
41062cf02794548d6df38205fb369d1aa614ac67030cd909b66a23735473f76de1a3c0bcf0895c932bf9b5c506c1d9659745ec84ec52e361881eb474e92e3fea

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4968_1989481904\manifest.json

Filesize
43B

MD5
55cf847309615667a4165f3796268958

SHA1
097d7d123cb0658c6de187e42c653ad7d5bbf527

SHA256
54f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877

SHA512
53c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4968_849533986\manifest.json

Filesize
102B

MD5
8062e1b9705b274fd46fcd2dd53efc81

SHA1
61912082d21780e22403555a43408c9a6cafc59a

SHA256
2f0e67d8b541936adc77ac9766c15a98e9b5de67477905b38624765e447fcd35

SHA512
98609cf9b126c7c2ad29a6ec92f617659d35251d5f6e226fff78fd9f660f7984e4c188e890495ab05ae6cf3fbe9bf712c81d814fbd94d9f62cf4ff13bbd9521a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5108_1146134834\manifest.fingerprint

Filesize
66B

MD5
33fc4bf1927352bc1845acdde3a6ba63

SHA1
63ac2f004ac10198e729e9ccf55f6ac4f7f3c622

SHA256
4ed04e713c9d8f5d80e83645b62f1be84ec0516d37f339b3d443d8f792dea113

SHA512
7e38e264713750baf58dd9ad779885a7aae5a6fcb825eaa44b3cf814dd09cd0bf8f95b5ab5db600d19a64b02ec2155b4c9a3bc2a86e9b18eece8b3100e8c2ff1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5108_1268808202\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5108_60289054\manifest.fingerprint

Filesize
66B

MD5
0c9218609241dbaa26eba66d5aaf08ab

SHA1
31f1437c07241e5f075268212c11a566ceb514ec

SHA256
52493422ac4c18918dc91ef5c4d0e50c130ea3aa99915fa542b890a79ea94f2b

SHA512
5d25a1fb8d9e902647673975f13d7ca11e1f00f3c19449973d6b466d333198768e777b8cae5becef5c66c9a0c0ef320a65116b5070c66e3b9844461bb0ffa47f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5108_60289054\manifest.json

Filesize
134B

MD5
58d3ca1189df439d0538a75912496bcf

SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36

SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
8ba28d840422871b6f52f0618a3f44b7

SHA1
c7410dde54e70f5366682dcac55a24aeadb73426

SHA256
83b3eac3913b01d58a6c02e71128aa4b02176e9e0ea2a6efbee97667e7e48ece

SHA512
22dad244926e9843c0669e54605ae6ffe66b4cd832bb177a375b14b111cde852eb9e19f767e23ba463d1511877e9e0e84e7a2ffbd35e28c05e46f8cebcb7fda1

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
ce3633f6af4e7c989c1b6f3d0c5d8116

SHA1
862112f396ebc162b2e86872ce6b34eb65de81bc

SHA256
576707889730e87709eb2de26911f98ef3a434a6477b61546f2c3c4b5fa5d33a

SHA512
cbe83833eab5a1a7d1d13dec9f6212da13392fe2a8222b8dc75c68762a2f14c9a726689333d93a29fed7f2ec8648258a528c066e542b2f8b3c2a3f80c5251ea2

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView\Default\Network\Network Persistent State

Filesize
289B

MD5
c89316f480d752b773e73f336b793433

SHA1
9ee2d83d5ac87808a8521398e658f46cd5629a2f

SHA256
8516076f830e3ffaa42880d9944eb3902afdcfbe4b041221a038bbbf2b34256b

SHA512
4a87ea75b62f1a07b82211e9bd4e77dd81b7658514585ffb97910721fcbe84f8e5157b9be9adb85813c195a9243dc57cb711dbd1eba698f5a7a57b0b5f09d8f9

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView\Default\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView\Default\Preferences

Filesize
6KB

MD5
539039309bb82d7409e56f9018e29d6c

SHA1
3fca0a7a9f0e1575f60c81fd32ba24d1c80805ca

SHA256
1d3fbf44de38bc67c94207941b14baca16172e19ca87c9a52dfd545b760ac3d6

SHA512
f6fea547e990f21baba59fa4b9aecc53095871f188c69f9d39f68972f0b2398c342fd97eb82782013f0e10a49ae5e038d887840a92781675a29ab9e29bff863c

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView\Default\Preferences

Filesize
6KB

MD5
0944b4594267f13b1e97f340d4344284

SHA1
13b517dd35b3954248a95bc29fcec102f489cae2

SHA256
7b9dc2e74a571adcd2fb91a22becb646010fb310a3e48f160a1287718b7d03c7

SHA512
521a785083f59ae5d61c8b477b60006e59ee85767a0d5ac1e05e0b055ebaaf22e9136d7481dd36c20e0bb711c15ac99c41305b1632a1f78be8d358cfadba25db

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView\Default\Preferences~RFe58a2c3.TMP

Filesize
5KB

MD5
8c0dd1f240393a39d86904df5cb4e00d

SHA1
45297f6b73a7c40861412ac6581a5f192cdcee71

SHA256
47865fe6f38164d69f6cad8f9fc377e40b20ab65c13e2033d2afa839f83070e5

SHA512
03d395a4979b1f2643002c9023137815640a647b3a946ef81ffbe236f36b6ac50c4351151d8668e0ede3673905705f43591e57d4ddfa37112a6dfdadf7b06ff6

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView\Local State

Filesize
2KB

MD5
02e950a702409a823e9c1be8513bba72

SHA1
e5cb8d6b717ca77648638878ca10ad531b835072

SHA256
feb184d84332088187bc9ba03143496add21d161f9685fb767c500f027ef340a

SHA512
a88f3fa3654c5a395cef469edc4fa3d78ec355b0772cb9c449a054d8f3dfb6d55e86adb8124364e8d133f9297b8ad93a8afc92216d1d27495fb1cc5c737566fb

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView\Local State

Filesize
3KB

MD5
05bd4ed598db23decc656e5e530adce8

SHA1
69e2d8bea2abde1251c547ca9136e8963492ee9b

SHA256
5e84fe49ad1ffa94511fe89889e8df1398057299c54a8432382dd1208854a2ba

SHA512
0b53cb99acff606f9ac675967ddcf9e8799418fcef5fab6efd6d77f06d5195068a98d891b8d4d8cc4c0bba9959e9993fff579156ef430f3f74bf6cb3de95d23c

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView\Local State

Filesize
16KB

MD5
be776f6b577633bf30c49c531ec317ea

SHA1
39b483c78a262d9a0cb95a9e891b7c622f969d46

SHA256
8994796959d76899a79e72515a07ab736e54aeb9c3b734241606918ce7effa84

SHA512
ab94c8600cd57dcb4a68ad2d3b26f56a9a8562bb0275ea3d18044d8efd286efc533148a206de326a0db3cc7dbedeeaaef84cb48e88be5de3a9ceb5c8cb5da68d

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView\Local State~RFe5802ba.TMP

Filesize
1KB

MD5
7699e76f38fd532a5e839e909f8230bf

SHA1
18b2e846f7de81f61c2fe06c67ece9f0c7290383

SHA256
3166834cd20fa3b8e8ce06be09e628559503d09d6f30479289fb05d743ef5b9f

SHA512
bfbab769ad275de240c0eeaae90c42c80fcaaee6c0429cb59fb29773af1201bcde35cb3e783e697595c22503af17f32e730e2e6cc8ccfe4bfbe03c72f35b69ee

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView\PKIMetadata\13.0.0.0\crs.pb

Filesize
278KB

MD5
981a9155cad975103b6a26acef33a866

SHA1
1965290a94d172c4def1ac7199736c26dccca33e

SHA256
971393390616fbe53c63865274a40a0b4a8e731c529664275bdc764f09a28e2d

SHA512
2d75ce25cb3a78f69f90fbd23f6e5c9f1a6ed92025f83ce0ab3e0320b64130d586fc2cd960f763e1ab2c82d35ef9650ebd7ff2a42a928a293e0e7428cc669119

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView\PKIMetadata\13.0.0.0\ct_config.pb

Filesize
7KB

MD5
df3d937079b894c891f9b0b741874928

SHA1
ed93fc386807b3a28fcc7988a88ae4741bfe1b15

SHA256
c7cbb0db6e924cbfccf4a6e8223e3fed4d93f5d78a3122c30213b6e38ee195f4

SHA512
5728bdd930283a4906e7e07acd3eadecb813a3154ffb41729738444bf13aab27dceb01e05a27c77bb13cc498c1d5c2d492ac653ddbfe4b14004b1c7a5bc54f1b

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\7ef5e7ad8a402f182acdf6472e1b1c4647fc5143bfa8a2530bca1f89fdda2b2c.exe\EBWebView\TpcdMetadata\2024.4.29.1\metadata.pb

Filesize
31KB

MD5
7b9001fd6a5786c7b7edfa104a1eca5b

SHA1
462bafeca182a3e600ba22eaa1cab15c1a70831c

SHA256
779726531d52eff63d46df72ddcd421921b2e6bb918147a18c2adc28f45e693c

SHA512
f16d79a093c55408b6c118a743c5d77057dc899f5303c55003298fd67256f58200e085d03471f421065db1d3b131393f2e3a96ca71e35c94f1ba7a0569029918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
9af15ddfdaf717dcd9acd314df65bfa0

SHA1
bfe19f746b9f5d6ade02304b376fd90b6b692dcb

SHA256
5132de4c28a03041889459c5eee4fd420f1e4e8db515508c15a2eb709960b34b

SHA512
9ef39ca80bf73fe75bbf364bcf6d1ff34997f8295d7cb1e03cd39660b867643155ec5e786bad15760906d04312df76a0eb3ceee7488bbd12273ea120597d9a8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\CCDInstaller.js

Filesize
1.2MB

MD5
fb970bc9889933229160723a60571dde

SHA1
b1b68348b77101b31bea510311c6e85451f833fc

SHA256
39e34fc3dfd74d25631ea2fecaca70a5d767b5f3f40f24380237dc06a80252e2

SHA512
65c4b44e42c7d94a89be9b18ef7589f16f247f47f459da2e8b59b4ffbbba25cbb07971f8484e9bc25bd8c6f953a291ab9384a154aab9ad1572375b3b30c31886

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

Filesize
3KB

MD5
6bbb18bb210b0af189f5d76a65f7ad80

SHA1
87b804075e78af64293611a637504273fadfe718

SHA256
01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

SHA512
4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
0f4a90636e76a0b960af9bc2d6838d9d

SHA1
ac66a61792c6048fec79308eb9b89c0cf467075f

SHA256
7104cf75542822cbab9900b41e0457ce07517f75914ba56d8a6797c70cf9186f

SHA512
c3b21d6af0167a18132be11ad38d6b3e2cc86a0a9034d19cfdfb6e92ee3d29fbf8aa10a671a65652b8f9302234469c5a4fc20a6e7432e39c9bc7e8db3f7e2ff5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
006dd4e96c7237e9e4b901a8f72606e2

SHA1
86d6f5978ac375d225262665c1504b462b5990c5

SHA256
e3c98f8719521b0ecb303c90265b1ed5726bc91eb9403e51b134f8528b483b46

SHA512
1d6be50764844344795651bbe48bf28b200f74b77bf01e8d75c3329df5299e35ea728b4f646247615b97723d1ecb755f135b5106efca0d7017d59d7b53a4a601

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
45ff1aee690a3aa732c7ef738c3c0119

SHA1
e7106fb0015059ee436d7e8091b9d9fe29f7a1ca

SHA256
cc7114d23b3678fb2b11fda6f615a0aa18078ced47545d0f3e2aa2f34865ff13

SHA512
f6076774450b8744eacad052c1af2a975e06fe6ae560b1d3aa9040eeb5e5af3d7ef9c830c5490ca0f118b516bb517b39a0db07840b49ba086b54933776fb9732

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe587f4d.TMP

Filesize
48B

MD5
261efaa4dbe5672b41d685d3662a40c9

SHA1
70a6dfdf924cb0db22fb19a7c5f60769e7e10fe1

SHA256
e5935f905e2c6a180f66d757d82ac16d3745052887c0ff23c053f0fbe369e1f7

SHA512
e290836b88ac02b2c67c36737f207195268c7625e0fd9affb5086c32b3f4ef13c4938125452564ecf1cdc0e83ec81d4a1ec3f1c8e54f276e3134e0cb02f4bcfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\Default\DawnCache\data_1

Filesize
8KB

MD5
259e7ed5fb3c6c90533b963da5b2fc1b

SHA1
df90eabda434ca50828abb039b4f80b7f051ec77

SHA256
35bb2f189c643dcf52ecf037603d104035ecdc490bf059b7736e58ef7d821a09

SHA512
9d401053ac21a73863b461b0361df1a17850f42fd5fc7a77763a124aa33f2e9493fad018c78cdff63ca10f6710e53255ce891ad6ec56ec77d770c4630f274933

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\Default\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\Default\Network Action Predictor

Filesize
4KB

MD5
9088df5de5b8306c52e744141a100532

SHA1
0aea85a36ef3ddc53df198227fcaf212139ae1db

SHA256
9827429749037198cb3d19a851ccff2adafad344fbade7220aa022d3c9e2fa85

SHA512
96c0c8ee90bd8aec34ea905f48e76ed7dc370d24f64efaeadf36e9b59b9ff01856ed837b5169241ef2bd4a6b8fe2ee77de443b09b9ee604e39f9ba57929859e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\Default\Network\Network Persistent State

Filesize
1KB

MD5
ae1046379f44a75eac75c9a7c3932537

SHA1
775397f41b480a355c8cca8c23100e88403b00a8

SHA256
a4f1475344eeb58befbb6b8988958aca92770398c08f2e25944d81ddb30c02a6

SHA512
9fac5ea284ca9d5978476c10d593b1bad75d5564042ab86de483cd1636af8855b2395e3fc477583f3e5c6ea1b1a32d88e3b8d8df75eb9f2650846e601fa3c142

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\Default\Preferences

Filesize
6KB

MD5
474dd8a8f4607ca5b1b2a3a7007e7e93

SHA1
467b8f8a34960d33e4eb16dd4f6153ccbeab3ff4

SHA256
ef42c61ca76e485519246bd9211bdcdb3a9b6cddf748b4144645ab4e4b9e7d60

SHA512
662ac136303e98c8f0007b1bf6de4527a14880530b035b791d02c2a2a7fa11dec2a7594cb5670f83c57d10bf559c1db31cd0b5333d49f788640c0f42d8f16f51

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\Default\Preferences

Filesize
6KB

MD5
1018e94f07ea7f6954c341357d76d777

SHA1
5e6696d32d319065e1ace9dd756fcd7a197cf930

SHA256
182d6606b7340d0b8018261fbd3a4bd59e44fdfb23eaaac462a2ffd2cc669a45

SHA512
605538a85436a74a24fb5a19644e8b337ebfe83ea42bd2bcbe7464fe0ee615c3368e46056ae1f6fe22e2cf0fba31a05bb328d20380210c8b048ec893e5b1d829

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\Default\Preferences~RFe585c44.TMP

Filesize
5KB

MD5
44ca87c25ae278c2bb16b1b7896b79ad

SHA1
b9a63e07eedafbb16f600e21de6810cb0fabeb87

SHA256
b39be025a855089cf90b937c26247f737e595f454a7dd58d32793b4e56978939

SHA512
35a33312c6f4526e83553649207434204c09690f1f6092cf1921538f5eed4eef9227be6e8fbf802125aa03d190280f3a7cd46921330ca3fe5d2de8f903fd1613

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\Local State

Filesize
2KB

MD5
dc0309b2462d221a171fa903a92652f0

SHA1
d1748f864a285603d4ac131177768d6ed10fcfa0

SHA256
ebb468f37e6bb028c3e4d577ce147074db16913a845cb45409292f0ee2dc1bd2

SHA512
2469803ab22c5660b8c81bf8aafb795da9d0101c5e97304cf0587bf3793f27f99a1bf017a731c5239e47192dd0619798cfb4463f7da7986446a6edda84f135a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\Local State

Filesize
3KB

MD5
d69acc5e1a84f22a356770c59d67741b

SHA1
23bbd3e3a39e0c6fc7e834862575f64d539abac9

SHA256
23ae89ae264de4cfdad53c2cef1b2eab7e9e2ad0ef6eb7ff740a2cd50d01eb2a

SHA512
a93090c70f46acf190915c43e213928a3b819ee36014b4f3fd2680f9140862ecd281f305d7d6de1de4b06ad7b15126291f58bd50a9674e41d4ec2e1ba4eb9e45

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\Local State

Filesize
3KB

MD5
280ad8d547161bef0a6b38ff5242280d

SHA1
2f1743e6717693f9d045d000bf8d687dc91512d0

SHA256
730b4505b2748dffa236a01b682ab15eb3ca6acfc6224b21607845a82a1abd29

SHA512
e7bffe6c8f04035f6c3ecd8d898afbbedc0833fa79b9972435484ceb0e8b65c352f545815e5401cde5166373a1559e02b7210316c2f1ad6044514e1094534d81

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\Local State~RFe580153.TMP

Filesize
1KB

MD5
ff7e46af3aea74f9dd56359162cc6154

SHA1
f58bd32abfdec479651f731dd7e8cb8c6dabb627

SHA256
3c66eacaddf244c10e874185154035bd39e5aecd61b60fcb172e3ad9cd49ee29

SHA512
89cfb260be5e386e6bbd61d139424c421e1b119123fa69cc4ac93aa59ae3b4af83e5713d09305aabb086ae2fc9765bb54b1c24d4df498a95f7d59ffa473fa02b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\EBWebView\SmartScreen\local\downloadCache_

Filesize
29B

MD5
47d41a980668e9bfae197488d6d56feb

SHA1
8acd8919b112d637a18e4c2f79f61fd62d2a1e6d

SHA256
87c1ba0f3a75480bef554b38abd51d7858bbe2cff07d4fd29162b4468d2b6c43

SHA512
165cf9913129bab36c22399c3636960cff235313256262439bea6a1ed78cf80d65690254cc63148e7e13bb515b513037ab6be7d20efdfb12b07985339ada36fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\index.css

Filesize
917KB

MD5
12db9598ecdd44d5f2fcf9c2eed93619

SHA1
8afe7f33f182c191657a52fab99805524f3c53b4

SHA256
22db89651ea56cd8fd6d2920c0bf7b02459989b60272522d4464cb43edd2f34f

SHA512
ae14e691c55a85e0897f8d16005f55d3eaa2e29649f6cecef54d1b78f577cff68a558a60141cb2f8e951c6cca90072232ea12e6f1776ab4c67c70f0f4a778ab4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C9219F0B-D5F2-4CE9-AE0C-3CC4620FAD08}\index.html

Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
\??\pipe\crashpad_4968_LCDIUSYFUMUNOPHJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1148-54-0x00007FFC41380000-0x00007FFC41381000-memory.dmp

Filesize
4KB

Download
memory/1956-249-0x00007FFC41380000-0x00007FFC41381000-memory.dmp

Filesize
4KB

Download
memory/1956-422-0x0000021BC93F0000-0x0000021BC945B000-memory.dmp

Filesize
428KB

Download
memory/2016-423-0x0000024A39DF0000-0x0000024A39E5B000-memory.dmp

Filesize
428KB

Download
memory/2148-709-0x00000000001A0000-0x0000000000B65000-memory.dmp

Filesize
9.8MB

Download
memory/2148-147-0x00000000001A0000-0x0000000000B65000-memory.dmp

Filesize
9.8MB

Download
memory/2148-469-0x00000000001A0000-0x0000000000B65000-memory.dmp

Filesize
9.8MB

Download
memory/2148-359-0x00000000001A0000-0x0000000000B65000-memory.dmp

Filesize
9.8MB

Download
memory/2148-0-0x00000000001A0000-0x0000000000B65000-memory.dmp

Filesize
9.8MB

Download
memory/2148-447-0x00000000001A0000-0x0000000000B65000-memory.dmp

Filesize
9.8MB

Download
memory/3976-112-0x00007FFC416A0000-0x00007FFC416A1000-memory.dmp

Filesize
4KB

Download
memory/3976-111-0x00007FFC422B0000-0x00007FFC422B1000-memory.dmp

Filesize
4KB

Download
memory/5580-762-0x000001F03AF80000-0x000001F03AF81000-memory.dmp

Filesize
4KB

Download
memory/5580-764-0x000001F03AF80000-0x000001F03AF81000-memory.dmp

Filesize
4KB

Download
memory/5580-763-0x000001F03AF80000-0x000001F03AF81000-memory.dmp

Filesize
4KB

Download
memory/5580-769-0x000001F03AF80000-0x000001F03AF81000-memory.dmp

Filesize
4KB

Download
memory/5580-771-0x000001F03AF80000-0x000001F03AF81000-memory.dmp

Filesize
4KB

Download