Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    1794s
  • max time network
    1462s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07/08/2024, 08:37

General

  • Target

    BootstrapperV1.15.exe

  • Size

    796KB

  • MD5

    653c07b9b5f1b22c84f72c03b0083d18

  • SHA1

    54c25b876736011d016dc0ea06a1533365555cc4

  • SHA256

    c9d04a3a87fee318ba65f837f40bd2dd2428f25e78bf271207f8b2b02aaa8a06

  • SHA512

    b605773fc4fa244f354bb8f51621225e6482751d19bddf747f03f624581bc7ae896ca0e40be91b667aea7a7978a291497a362f9bd65449682e1948938af684f8

  • SSDEEP

    12288:wuHbakEAdS7SdsgtNaFoGQ4jEr+xpS1nmkFmZ2ojKU:/HbTHSINooGQ4jESxpS1nmkkK

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Executes dropped EXE 46 IoCs
  • Loads dropped DLL 49 IoCs
  • Blocklisted process makes network request 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
  • Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
  • Checks system information in the registry 2 TTPs 22 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 24 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 6 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 37 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 4 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.15.exe
    "C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.15.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3232
  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:904
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3004
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9e1263cb8,0x7ff9e1263cc8,0x7ff9e1263cd8
      2⤵
        PID:4200
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2
        2⤵
          PID:2348
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4868
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
          2⤵
            PID:2352
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
            2⤵
              PID:1180
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
              2⤵
                PID:2232
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
                2⤵
                  PID:4312
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
                  2⤵
                    PID:908
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4288
                  • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3864 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1664
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
                    2⤵
                      PID:2436
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
                      2⤵
                        PID:3204
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
                        2⤵
                          PID:5012
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
                          2⤵
                            PID:2876
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
                            2⤵
                              PID:4276
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
                              2⤵
                                PID:2844
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
                                2⤵
                                  PID:2300
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
                                  2⤵
                                    PID:2436
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
                                    2⤵
                                      PID:4540
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
                                      2⤵
                                        PID:2308
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
                                        2⤵
                                          PID:4944
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
                                          2⤵
                                            PID:3016
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
                                            2⤵
                                              PID:4408
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
                                              2⤵
                                                PID:344
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
                                                2⤵
                                                  PID:2572
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
                                                  2⤵
                                                    PID:1340
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
                                                    2⤵
                                                      PID:1844
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
                                                      2⤵
                                                        PID:1384
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
                                                        2⤵
                                                          PID:2676
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
                                                          2⤵
                                                            PID:880
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1
                                                            2⤵
                                                              PID:1432
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
                                                              2⤵
                                                                PID:236
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
                                                                2⤵
                                                                  PID:2300
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1
                                                                  2⤵
                                                                    PID:2076
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
                                                                    2⤵
                                                                      PID:4752
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7440 /prefetch:8
                                                                      2⤵
                                                                        PID:4288
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
                                                                        2⤵
                                                                          PID:2444
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7792 /prefetch:8
                                                                          2⤵
                                                                          • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                          • NTFS ADS
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:2768
                                                                        • C:\Users\Admin\Downloads\BootstrapperV1.15.exe
                                                                          "C:\Users\Admin\Downloads\BootstrapperV1.15.exe"
                                                                          2⤵
                                                                          • Executes dropped EXE
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:732
                                                                        • C:\Users\Admin\Downloads\BootstrapperV1.15.exe
                                                                          "C:\Users\Admin\Downloads\BootstrapperV1.15.exe"
                                                                          2⤵
                                                                          • Executes dropped EXE
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:5320
                                                                          • C:\Windows\System32\msiexec.exe
                                                                            "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
                                                                            3⤵
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:5528
                                                                          • C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /silent /install
                                                                            3⤵
                                                                            • Executes dropped EXE
                                                                            • Drops file in Program Files directory
                                                                            • System Location Discovery: System Language Discovery
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:5460
                                                                            • C:\Program Files (x86)\Microsoft\Temp\EUE7E2.tmp\MicrosoftEdgeUpdate.exe
                                                                              "C:\Program Files (x86)\Microsoft\Temp\EUE7E2.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                                                              4⤵
                                                                              • Event Triggered Execution: Image File Execution Options Injection
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • Checks system information in the registry
                                                                              • System Location Discovery: System Language Discovery
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              • Suspicious use of SetWindowsHookEx
                                                                              PID:4676
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                                5⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • System Location Discovery: System Language Discovery
                                                                                • Modifies registry class
                                                                                • Suspicious use of SetWindowsHookEx
                                                                                PID:6064
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                                5⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • System Location Discovery: System Language Discovery
                                                                                • Modifies registry class
                                                                                • Suspicious use of SetWindowsHookEx
                                                                                PID:6124
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                  6⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • Modifies registry class
                                                                                  PID:6040
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                  6⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • Modifies registry class
                                                                                  PID:6052
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                  6⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • Modifies registry class
                                                                                  PID:6136
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjU0ODE3NDYtRUNEQS00QTIwLTgyMTAtNUQ4MDgxQzZFQjJGfSIgdXNlcmlkPSJ7QjkxRENEN0UtMDNBRC00QkI0LTg3MEEtMjExQjA4ODZDMzE1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswNUZBNjc0RS04ODNDLTQxODgtOUI5MC1DRDJGMTA4MTU4NTR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xOTUuMTUiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg5MTYyMjI4NTEiIGluc3RhbGxfdGltZV9tcz0iNjU2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                5⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Checks system information in the registry
                                                                                • System Location Discovery: System Language Discovery
                                                                                • System Network Configuration Discovery: Internet Connection Discovery
                                                                                • Suspicious use of SetWindowsHookEx
                                                                                PID:5180
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{25481746-ECDA-4A20-8210-5D8081C6EB2F}" /silent
                                                                                5⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • System Location Discovery: System Language Discovery
                                                                                • Suspicious use of SetWindowsHookEx
                                                                                PID:5268
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5328 /prefetch:2
                                                                          2⤵
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:1208
                                                                        • C:\Users\Admin\Downloads\BootstrapperV1.15.exe
                                                                          "C:\Users\Admin\Downloads\BootstrapperV1.15.exe"
                                                                          2⤵
                                                                          • Executes dropped EXE
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:5844
                                                                          • C:\Windows\System32\msiexec.exe
                                                                            "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
                                                                            3⤵
                                                                              PID:4636
                                                                            • C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
                                                                              "C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /silent /install
                                                                              3⤵
                                                                              • Executes dropped EXE
                                                                              • Drops file in Program Files directory
                                                                              • System Location Discovery: System Language Discovery
                                                                              • Suspicious use of SetWindowsHookEx
                                                                              PID:3860
                                                                              • C:\Program Files (x86)\Microsoft\Temp\EU7940.tmp\MicrosoftEdgeUpdate.exe
                                                                                "C:\Program Files (x86)\Microsoft\Temp\EU7940.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                                                                4⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Checks system information in the registry
                                                                                • System Location Discovery: System Language Discovery
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                • Suspicious use of SetWindowsHookEx
                                                                                PID:5500
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /healthcheck
                                                                                  5⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:3572
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDI1Njc2M0ItM0YwNC00RkFCLUE1MkUtMjExRTUxOTk3NEUzfSIgdXNlcmlkPSJ7QjkxRENEN0UtMDNBRC00QkI0LTg3MEEtMjExQjA4ODZDMzE1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGRTgxRTdBNS0yMTEyLTRGNTYtOTAwRS1EMUU2MkE0NUU2NDR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtoVmZEak1kRkc2RmdLczBOejZlbXJZQ1NnNlRRdkRQb21vbFJheVFYQks0PSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjE1IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4xNSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTkzNjE5OTkyNiIgaW5zdGFsbF90aW1lX21zPSI0NyIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                  5⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • Checks system information in the registry
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • System Network Configuration Discovery: Internet Connection Discovery
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:5544
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{D256763B-3F04-4FAB-A52E-211E519974E3}" /silent
                                                                                  5⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:780
                                                                            • C:\ProgramData\Solara\Solara.exe
                                                                              "C:\ProgramData\Solara\Solara.exe"
                                                                              3⤵
                                                                              • Executes dropped EXE
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              PID:2604
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,6427023894205991760,9637207226724797705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1
                                                                            2⤵
                                                                              PID:2500
                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                            1⤵
                                                                              PID:3028
                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                              1⤵
                                                                                PID:2240
                                                                              • C:\Windows\system32\msiexec.exe
                                                                                C:\Windows\system32\msiexec.exe /V
                                                                                1⤵
                                                                                • Blocklisted process makes network request
                                                                                • Enumerates connected drives
                                                                                • Drops file in Program Files directory
                                                                                • Drops file in Windows directory
                                                                                • Modifies data under HKEY_USERS
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                PID:5564
                                                                                • C:\Windows\System32\MsiExec.exe
                                                                                  C:\Windows\System32\MsiExec.exe -Embedding 633292D0910867D13E8545B48902D40C
                                                                                  2⤵
                                                                                  • Loads dropped DLL
                                                                                  PID:5728
                                                                                • C:\Windows\syswow64\MsiExec.exe
                                                                                  C:\Windows\syswow64\MsiExec.exe -Embedding 2EDE44401251206321E4FE791FD62E59
                                                                                  2⤵
                                                                                  • Loads dropped DLL
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  PID:5808
                                                                                • C:\Windows\syswow64\MsiExec.exe
                                                                                  C:\Windows\syswow64\MsiExec.exe -Embedding 7FB54FB3FA1EAF4181E97016ED9B0183 E Global\MSI0000
                                                                                  2⤵
                                                                                  • Loads dropped DLL
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  PID:5940
                                                                                  • C:\Windows\SysWOW64\wevtutil.exe
                                                                                    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
                                                                                    3⤵
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                    PID:6048
                                                                                    • C:\Windows\System32\wevtutil.exe
                                                                                      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
                                                                                      4⤵
                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                      PID:6068
                                                                                • C:\Windows\System32\MsiExec.exe
                                                                                  C:\Windows\System32\MsiExec.exe -Embedding DFFAE53BF6AA3CB1C2670EF29A071C8B
                                                                                  2⤵
                                                                                  • Loads dropped DLL
                                                                                  PID:5948
                                                                                • C:\Windows\syswow64\MsiExec.exe
                                                                                  C:\Windows\syswow64\MsiExec.exe -Embedding 71928EEDB972753ADC3226A3C9724599
                                                                                  2⤵
                                                                                  • Loads dropped DLL
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  PID:3008
                                                                                • C:\Windows\syswow64\MsiExec.exe
                                                                                  C:\Windows\syswow64\MsiExec.exe -Embedding A5979C737FBBCCEB8A5D6EDDDD6C8B37 E Global\MSI0000
                                                                                  2⤵
                                                                                  • Loads dropped DLL
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  PID:5172
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                1⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Checks system information in the registry
                                                                                • System Location Discovery: System Language Discovery
                                                                                • Modifies data under HKEY_USERS
                                                                                PID:5132
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjU0ODE3NDYtRUNEQS00QTIwLTgyMTAtNUQ4MDgxQzZFQjJGfSIgdXNlcmlkPSJ7QjkxRENEN0UtMDNBRC00QkI0LTg3MEEtMjExQjA4ODZDMzE1fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7Nzg1RDJGRUEtOTQ5OS00RjQ0LTkyNzAtMEE3RDA4OEQ2OUI5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI0IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MjI2MTM1MzMiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM2NzA4NjA0MTY3NzAzODEiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MzI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4OTIxMTU0MDI3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                  2⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • Checks system information in the registry
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • System Network Configuration Discovery: Internet Connection Discovery
                                                                                  • Modifies data under HKEY_USERS
                                                                                  PID:1836
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{038FBFAB-4060-45DB-8449-31DBFBA10860}\MicrosoftEdge_X64_127.0.2651.86.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{038FBFAB-4060-45DB-8449-31DBFBA10860}\MicrosoftEdge_X64_127.0.2651.86.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                  2⤵
                                                                                  • Executes dropped EXE
                                                                                  • Drops file in Program Files directory
                                                                                  PID:5328
                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{038FBFAB-4060-45DB-8449-31DBFBA10860}\EDGEMITMP_6C7C9.tmp\setup.exe
                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{038FBFAB-4060-45DB-8449-31DBFBA10860}\EDGEMITMP_6C7C9.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{038FBFAB-4060-45DB-8449-31DBFBA10860}\MicrosoftEdge_X64_127.0.2651.86.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                    3⤵
                                                                                    • Executes dropped EXE
                                                                                    • Drops file in Program Files directory
                                                                                    • Drops file in Windows directory
                                                                                    PID:5708
                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{038FBFAB-4060-45DB-8449-31DBFBA10860}\EDGEMITMP_6C7C9.tmp\setup.exe
                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{038FBFAB-4060-45DB-8449-31DBFBA10860}\EDGEMITMP_6C7C9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{038FBFAB-4060-45DB-8449-31DBFBA10860}\EDGEMITMP_6C7C9.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6e9c9b7d0,0x7ff6e9c9b7dc,0x7ff6e9c9b7e8
                                                                                      4⤵
                                                                                      • Executes dropped EXE
                                                                                      • Drops file in Windows directory
                                                                                      PID:5776
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjU0ODE3NDYtRUNEQS00QTIwLTgyMTAtNUQ4MDgxQzZFQjJGfSIgdXNlcmlkPSJ7QjkxRENEN0UtMDNBRC00QkI0LTg3MEEtMjExQjA4ODZDMzE1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGNjUxOTQzMS00QjFCLTRCQjQtQUQwNC0yMDMzQzM2QzQ1NEZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtoVmZEak1kRkc2RmdLczBOejZlbXJZQ1NnNlRRdkRQb21vbFJheVFYQks0PSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjcuMC4yNjUxLjg2IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4OTczNTA5MTYyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODk3MzY2NDg3NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkyMzMzNTkyNzUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2IyMzVmYzNhLTg2YmYtNDIwZi1iMWJjLTZjNjdhM2E5NTg4OT9QMT0xNzIzNjI1Mjk0JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUh3eE8zYmNNQWlnQTBkUzVoTEZJQnBLYVZ2RGdFUUczenQ1amNySzU4R2NTMHpJcFdHOVdoR1RNVFpoTmJ0Qmp6V3FiMU5aeSUyZk9vVDVIZUhxckVLdVElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzI1NjcxMDQiIHRvdGFsPSIxNzI1NjcxMDQiIGRvd25sb2FkX3RpbWVfbXM9IjE5NTc5Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTIzMzM1OTI3NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkyNDc0MjE5ODYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk2ODc3MzQyMjUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxOTg0IiBkb3dubG9hZF90aW1lX21zPSIyNTkyMyIgZG93bmxvYWRlZD0iMTcyNTY3MTA0IiB0b3RhbD0iMTcyNTY3MTA0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0NDAzMSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                  2⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • Checks system information in the registry
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • System Network Configuration Discovery: Internet Connection Discovery
                                                                                  PID:2436
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                1⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Checks system information in the registry
                                                                                • System Location Discovery: System Language Discovery
                                                                                PID:6052
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A431C00D-2E0B-40E7-9CE3-DCD481AA9117}\MicrosoftEdge_X64_127.0.2651.86.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A431C00D-2E0B-40E7-9CE3-DCD481AA9117}\MicrosoftEdge_X64_127.0.2651.86.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                  2⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:4900
                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A431C00D-2E0B-40E7-9CE3-DCD481AA9117}\EDGEMITMP_E5E34.tmp\setup.exe
                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A431C00D-2E0B-40E7-9CE3-DCD481AA9117}\EDGEMITMP_E5E34.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A431C00D-2E0B-40E7-9CE3-DCD481AA9117}\MicrosoftEdge_X64_127.0.2651.86.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                    3⤵
                                                                                    • Executes dropped EXE
                                                                                    • Drops file in Program Files directory
                                                                                    • Drops file in Windows directory
                                                                                    PID:112
                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A431C00D-2E0B-40E7-9CE3-DCD481AA9117}\EDGEMITMP_E5E34.tmp\setup.exe
                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A431C00D-2E0B-40E7-9CE3-DCD481AA9117}\EDGEMITMP_E5E34.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A431C00D-2E0B-40E7-9CE3-DCD481AA9117}\EDGEMITMP_E5E34.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7752cb7d0,0x7ff7752cb7dc,0x7ff7752cb7e8
                                                                                      4⤵
                                                                                      • Executes dropped EXE
                                                                                      • Drops file in Windows directory
                                                                                      PID:2824
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDI1Njc2M0ItM0YwNC00RkFCLUE1MkUtMjExRTUxOTk3NEUzfSIgdXNlcmlkPSJ7QjkxRENEN0UtMDNBRC00QkI0LTg3MEEtMjExQjA4ODZDMzE1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4RjI4MkQ3MS04RDY4LTRBODYtQTI0RS1DNzQwQkE1NkE5NkN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtoVmZEak1kRkc2RmdLczBOejZlbXJZQ1NnNlRRdkRQb21vbFJheVFYQks0PSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjcuMC4yNjUxLjg2IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5OTQ0NDgxNDQwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTk0NDQ4MTQ0MCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk5NTc5MTg2NDkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5OTczODU2MzY0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDMzNDIyOTA4MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjQzNyIgZG93bmxvYWRlZD0iMTcyNTY3MTA0IiB0b3RhbD0iMTcyNTY3MTA0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMSIgaW5zdGFsbF90aW1lX21zPSIzNjAyMiIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                  2⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • Checks system information in the registry
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • System Network Configuration Discovery: Internet Connection Discovery
                                                                                  • Modifies data under HKEY_USERS
                                                                                  PID:4340
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                                1⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • System Location Discovery: System Language Discovery
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:3960
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                1⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Checks system information in the registry
                                                                                • System Location Discovery: System Language Discovery
                                                                                • Modifies data under HKEY_USERS
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:5944
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{74E9ECFA-EAC7-4B24-A79D-AFD049361664}\MicrosoftEdge_X64_127.0.2651.86.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{74E9ECFA-EAC7-4B24-A79D-AFD049361664}\MicrosoftEdge_X64_127.0.2651.86.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                                                  2⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:5032
                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{74E9ECFA-EAC7-4B24-A79D-AFD049361664}\EDGEMITMP_4C366.tmp\setup.exe
                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{74E9ECFA-EAC7-4B24-A79D-AFD049361664}\EDGEMITMP_4C366.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{74E9ECFA-EAC7-4B24-A79D-AFD049361664}\MicrosoftEdge_X64_127.0.2651.86.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                                                    3⤵
                                                                                    • Boot or Logon Autostart Execution: Active Setup
                                                                                    • Executes dropped EXE
                                                                                    • Installs/modifies Browser Helper Object
                                                                                    • Drops file in Program Files directory
                                                                                    • Drops file in Windows directory
                                                                                    • Modifies Internet Explorer settings
                                                                                    • Modifies data under HKEY_USERS
                                                                                    • Modifies registry class
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    • System policy modification
                                                                                    PID:5248
                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{74E9ECFA-EAC7-4B24-A79D-AFD049361664}\EDGEMITMP_4C366.tmp\setup.exe
                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{74E9ECFA-EAC7-4B24-A79D-AFD049361664}\EDGEMITMP_4C366.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{74E9ECFA-EAC7-4B24-A79D-AFD049361664}\EDGEMITMP_4C366.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6e4d7b7d0,0x7ff6e4d7b7dc,0x7ff6e4d7b7e8
                                                                                      4⤵
                                                                                      • Executes dropped EXE
                                                                                      • Drops file in Windows directory
                                                                                      PID:3384
                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{74E9ECFA-EAC7-4B24-A79D-AFD049361664}\EDGEMITMP_4C366.tmp\setup.exe
                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{74E9ECFA-EAC7-4B24-A79D-AFD049361664}\EDGEMITMP_4C366.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
                                                                                      4⤵
                                                                                      • Executes dropped EXE
                                                                                      • Drops file in System32 directory
                                                                                      • Drops file in Windows directory
                                                                                      • Modifies data under HKEY_USERS
                                                                                      PID:5892
                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{74E9ECFA-EAC7-4B24-A79D-AFD049361664}\EDGEMITMP_4C366.tmp\setup.exe
                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{74E9ECFA-EAC7-4B24-A79D-AFD049361664}\EDGEMITMP_4C366.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{74E9ECFA-EAC7-4B24-A79D-AFD049361664}\EDGEMITMP_4C366.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6e4d7b7d0,0x7ff6e4d7b7dc,0x7ff6e4d7b7e8
                                                                                        5⤵
                                                                                        • Executes dropped EXE
                                                                                        • Drops file in Windows directory
                                                                                        PID:5160
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\setup.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
                                                                                      4⤵
                                                                                      • Executes dropped EXE
                                                                                      • Drops file in Windows directory
                                                                                      PID:5432
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\setup.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff65bdfb7d0,0x7ff65bdfb7dc,0x7ff65bdfb7e8
                                                                                        5⤵
                                                                                        • Executes dropped EXE
                                                                                        • Drops file in Windows directory
                                                                                        PID:5024
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTQyREEzMTUtRkM3MC00Q0VBLUI1NEUtMDE1OEIzRENBOUFBfSIgdXNlcmlkPSJ7QjkxRENEN0UtMDNBRC00QkI0LTg3MEEtMjExQjA4ODZDMzE1fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InswRTIzOUU3Ri01MkU4LTQ1RUYtQjI4NS0wMzczNjkzMUM1OUV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtoVmZEak1kRkc2RmdLczBOejZlbXJZQ1NnNlRRdkRQb21vbFJheVFYQks0PSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjE1IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0lNUIlMjItdGFyZ2V0X2RldiUyMiU1RCIgaW5zdGFsbGFnZT0iMCIgY29ob3J0PSJycmZAMC44NSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iMTI3LjAuMjY1MS44NiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNjc0OTM5OTY4MjUzMzIwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjUwODQyMDg1NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjUwODczMzMyNyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjUzNjA3NjgzNiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjU1MDEzOTc5NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI4OTkyMDI1OTciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI0NzUwIiBkb3dubG9hZGVkPSIxNzI1NjcxMDQiIHRvdGFsPSIxNzI1NjcxMDQiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIyIiBpbnN0YWxsX3RpbWVfbXM9IjM0OTA2Ii8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyNy4wLjI2NTEuODYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBjb2hvcnQ9InJyZkAxLjAwIiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9Ins5QzE0RTU4RC02N0YwLTQzQzctQUVDMC03RUU5Nzk5NUYzOEF9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                  2⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • Checks system information in the registry
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • System Network Configuration Discovery: Internet Connection Discovery
                                                                                  PID:776
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
                                                                                1⤵
                                                                                • Executes dropped EXE
                                                                                PID:720
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\setup.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\setup.exe" --rename-msedge-exe --system-level --verbose-logging --msedge --channel=stable
                                                                                  2⤵
                                                                                  • Executes dropped EXE
                                                                                  • Drops file in Windows directory
                                                                                  PID:4264
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\setup.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff65bdfb7d0,0x7ff65bdfb7dc,0x7ff65bdfb7e8
                                                                                    3⤵
                                                                                    • Executes dropped EXE
                                                                                    • Drops file in Windows directory
                                                                                    PID:5976
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\setup.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\setup.exe" --msedge --channel=stable --delete-old-versions --system-level --verbose-logging
                                                                                    3⤵
                                                                                    • Executes dropped EXE
                                                                                    • Drops file in Windows directory
                                                                                    • Modifies data under HKEY_USERS
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    PID:5028
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\setup.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff65bdfb7d0,0x7ff65bdfb7dc,0x7ff65bdfb7e8
                                                                                      4⤵
                                                                                      • Executes dropped EXE
                                                                                      • Drops file in Windows directory
                                                                                      PID:3308
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\setup.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
                                                                                    3⤵
                                                                                    • Executes dropped EXE
                                                                                    • Drops file in Program Files directory
                                                                                    • Drops file in Windows directory
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    PID:5844
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\setup.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff65bdfb7d0,0x7ff65bdfb7dc,0x7ff65bdfb7e8
                                                                                      4⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:1244

                                                                              Network

                                                                              MITRE ATT&CK Enterprise v15

                                                                              Replay Monitor

                                                                              Loading Replay Monitor...

                                                                              Downloads

                                                                              • C:\Config.Msi\e5db2db.rbs

                                                                                Filesize

                                                                                1.0MB

                                                                                MD5

                                                                                838d99bf68f9da13faaf110bd1ca771e

                                                                                SHA1

                                                                                60decb8ba45d81806f2af06f11efb1b5d8f3efcc

                                                                                SHA256

                                                                                4dcc1dfa9376511a62a141bf63da2dcf6000f8df5c504e4dbd2c3bfe62e9060d

                                                                                SHA512

                                                                                3825c17c86795139c637ec0dd2828facfbcaf94599bbd5f90107c6a408828c95e5b17575c6d2f07a91967aa8c88e4d7454ecd18fba25c20e0b8094f2c9964b7c

                                                                              • C:\Config.Msi\e5db2df.rbs

                                                                                Filesize

                                                                                215KB

                                                                                MD5

                                                                                df47f836e9ef7580ed5edf10ad2ffe6d

                                                                                SHA1

                                                                                625b8500c4d4d5b6e1ec8d80a51723860f8ae5b7

                                                                                SHA256

                                                                                37384d3ef893b82a006f8d3fc1f1e25003096b6782deb887c657e80d0cd8e4bd

                                                                                SHA512

                                                                                fbfd0818562f10b774f8d7057957fa47b87bed58e863272d3a067985b6cf4f69a4c8c0ffb0ba16d61e424052547b2050032e1c0cdc7a64b2f78e6d989470bfc2

                                                                              • C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.86\Installer\setup.exe

                                                                                Filesize

                                                                                6.6MB

                                                                                MD5

                                                                                71bf4a76d1762959b49eda173f57656e

                                                                                SHA1

                                                                                2ead7f36b7ef2790d83d10d96b20959bf73d061d

                                                                                SHA256

                                                                                0121c1dde7daaacfd974fc8545a029e970ad7769af84646feff41b7c8c2de33e

                                                                                SHA512

                                                                                05ea34097e98e4df5358a2968e4af9c7157c1946b15787d5c3cb1c841d47db6cacda4135a0fc662c2dae0b8ad03bdcfa1015db745c39bb16068df0108bda717e

                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A431C00D-2E0B-40E7-9CE3-DCD481AA9117}\EDGEMITMP_E5E34.tmp\SETUP.EX_

                                                                                Filesize

                                                                                2.6MB

                                                                                MD5

                                                                                773e45f33cae3d7e514589b04930d7ba

                                                                                SHA1

                                                                                ca73da33a39de5309b596eaeb055f3175864c0ae

                                                                                SHA256

                                                                                16ee960dbf5a6b3c3d465ba2d77c049af4c15e5aea5c6f8b2e44ee7e5a623ed8

                                                                                SHA512

                                                                                d707474b38e991b8b015a0cc1bddc5dec29622c9f48b43e4b37d4e4d2a74dca70fd71eb792ee8d38c53af43da4e500afa018b27df3dfc9b652b5c1c0a76fff4f

                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

                                                                                Filesize

                                                                                201KB

                                                                                MD5

                                                                                136e8226d68856da40a4f60e70581b72

                                                                                SHA1

                                                                                6c1a09e12e3e07740feef7b209f673b06542ab62

                                                                                SHA256

                                                                                b4b8a2f87ee9c5f731189fe9f622cb9cd18fa3d55b0e8e0ae3c3a44a0833709f

                                                                                SHA512

                                                                                9a0215830e3f3a97e8b2cdcf1b98053ce266f0c6cb537942aec1f40e22627b60cb5bb499faece768481c41f7d851fcd5e10baa9534df25c419664407c6e5a399

                                                                              • C:\Program Files\nodejs\node_etw_provider.man

                                                                                Filesize

                                                                                8KB

                                                                                MD5

                                                                                a38123446847ae68c5492775de3cf471

                                                                                SHA1

                                                                                b0ee15723a65874bb29c56bc764c276ea23e0266

                                                                                SHA256

                                                                                ea0b844cd0e7207ccf6564028d421c87479899a9c8118c32415d88f2314a178f

                                                                                SHA512

                                                                                994d7b9795110044b4863cf242ddda4ecc10bdb25cbfd84605ed769574e5d99915dc3ec28fb6e80e5d5cd25c2109cd260626841b6539f5854847f0bb7f0270ea

                                                                              • C:\Program Files\nodejs\node_etw_provider.man

                                                                                Filesize

                                                                                8KB

                                                                                MD5

                                                                                d3bc164e23e694c644e0b1ce3e3f9910

                                                                                SHA1

                                                                                1849f8b1326111b5d4d93febc2bafb3856e601bb

                                                                                SHA256

                                                                                1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

                                                                                SHA512

                                                                                91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

                                                                              • C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

                                                                                Filesize

                                                                                818B

                                                                                MD5

                                                                                2916d8b51a5cc0a350d64389bc07aef6

                                                                                SHA1

                                                                                c9d5ac416c1dd7945651bee712dbed4d158d09e1

                                                                                SHA256

                                                                                733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

                                                                                SHA512

                                                                                508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

                                                                              • C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                5ad87d95c13094fa67f25442ff521efd

                                                                                SHA1

                                                                                01f1438a98e1b796e05a74131e6bb9d66c9e8542

                                                                                SHA256

                                                                                67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

                                                                                SHA512

                                                                                7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

                                                                              • C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

                                                                                Filesize

                                                                                754B

                                                                                MD5

                                                                                d2cf52aa43e18fdc87562d4c1303f46a

                                                                                SHA1

                                                                                58fb4a65fffb438630351e7cafd322579817e5e1

                                                                                SHA256

                                                                                45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

                                                                                SHA512

                                                                                54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

                                                                              • C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

                                                                                Filesize

                                                                                771B

                                                                                MD5

                                                                                e9dc66f98e5f7ff720bf603fff36ebc5

                                                                                SHA1

                                                                                f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

                                                                                SHA256

                                                                                b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

                                                                                SHA512

                                                                                8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

                                                                              • C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

                                                                                Filesize

                                                                                730B

                                                                                MD5

                                                                                072ac9ab0c4667f8f876becedfe10ee0

                                                                                SHA1

                                                                                0227492dcdc7fb8de1d14f9d3421c333230cf8fe

                                                                                SHA256

                                                                                2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

                                                                                SHA512

                                                                                f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

                                                                              • C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                d116a360376e31950428ed26eae9ffd4

                                                                                SHA1

                                                                                192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

                                                                                SHA256

                                                                                c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

                                                                                SHA512

                                                                                5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

                                                                              • C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

                                                                                Filesize

                                                                                802B

                                                                                MD5

                                                                                d7c8fab641cd22d2cd30d2999cc77040

                                                                                SHA1

                                                                                d293601583b1454ad5415260e4378217d569538e

                                                                                SHA256

                                                                                04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

                                                                                SHA512

                                                                                278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

                                                                              • C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

                                                                                Filesize

                                                                                16KB

                                                                                MD5

                                                                                bc0c0eeede037aa152345ab1f9774e92

                                                                                SHA1

                                                                                56e0f71900f0ef8294e46757ec14c0c11ed31d4e

                                                                                SHA256

                                                                                7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

                                                                                SHA512

                                                                                5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

                                                                              • C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

                                                                                Filesize

                                                                                780B

                                                                                MD5

                                                                                b020de8f88eacc104c21d6e6cacc636d

                                                                                SHA1

                                                                                20b35e641e3a5ea25f012e13d69fab37e3d68d6b

                                                                                SHA256

                                                                                3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

                                                                                SHA512

                                                                                4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

                                                                              • C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

                                                                                Filesize

                                                                                763B

                                                                                MD5

                                                                                7428aa9f83c500c4a434f8848ee23851

                                                                                SHA1

                                                                                166b3e1c1b7d7cb7b070108876492529f546219f

                                                                                SHA256

                                                                                1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

                                                                                SHA512

                                                                                c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

                                                                              • C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                f0bd53316e08991d94586331f9c11d97

                                                                                SHA1

                                                                                f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

                                                                                SHA256

                                                                                dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

                                                                                SHA512

                                                                                fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

                                                                              • C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

                                                                                Filesize

                                                                                771B

                                                                                MD5

                                                                                1d7c74bcd1904d125f6aff37749dc069

                                                                                SHA1

                                                                                21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

                                                                                SHA256

                                                                                24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

                                                                                SHA512

                                                                                b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

                                                                              • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

                                                                                Filesize

                                                                                15KB

                                                                                MD5

                                                                                eaef914654e3b24f4f3c1c137c7d0bf8

                                                                                SHA1

                                                                                e9511589e8a3806f5b061fa35dfb82cf2d7b7133

                                                                                SHA256

                                                                                882724012cd699e69b426586a5f5c376d52b684808c2a7a934411d1e0bbdeb1e

                                                                                SHA512

                                                                                1d9721dc7a82893fc3738f7175b24cbf435a66aa6bb482326ae6d654fae8edc9487bcc17dd625f15425823f4ee774140dd4b4367d408d9e506e1c92e900fc5db

                                                                              • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

                                                                                Filesize

                                                                                168B

                                                                                MD5

                                                                                db7dbbc86e432573e54dedbcc02cb4a1

                                                                                SHA1

                                                                                cff9cfb98cff2d86b35dc680b405e8036bbbda47

                                                                                SHA256

                                                                                7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

                                                                                SHA512

                                                                                8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

                                                                              • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

                                                                                Filesize

                                                                                133B

                                                                                MD5

                                                                                35b86e177ab52108bd9fed7425a9e34a

                                                                                SHA1

                                                                                76a1f47a10e3ab829f676838147875d75022c70c

                                                                                SHA256

                                                                                afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

                                                                                SHA512

                                                                                3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                Filesize

                                                                                152B

                                                                                MD5

                                                                                6fdbe80e9fe20761b59e8f32398f4b14

                                                                                SHA1

                                                                                049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f

                                                                                SHA256

                                                                                b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942

                                                                                SHA512

                                                                                cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                Filesize

                                                                                152B

                                                                                MD5

                                                                                9828ffacf3deee7f4c1300366ec22fab

                                                                                SHA1

                                                                                9aff54b57502b0fc2be1b0b4b3380256fb785602

                                                                                SHA256

                                                                                a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7

                                                                                SHA512

                                                                                2e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                3d9325313e706bf2401d50e1fe1875f6

                                                                                SHA1

                                                                                c3818df1e9539315efc6a591a975ce2ce68685d0

                                                                                SHA256

                                                                                d6123c75ac6d742e43aa38767776bf28814d5345bec271a1466b3179afa0d57e

                                                                                SHA512

                                                                                1311dc7c26a1b0f0c30659975b165f9e90d1d417b337193ba9041db89ac2076706dd779662817ae2b47ae5354497758a0ed9264c609812c9d8006a74308de06c

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                c94e201f8b1cdf3e89402b144303858a

                                                                                SHA1

                                                                                5456614f05c9bdb5011587129ba65c05fed7946d

                                                                                SHA256

                                                                                971dcead4feb54d77eeda3b3099522fb8922bc5feb4dac3fb604fefcfd2009ed

                                                                                SHA512

                                                                                0232adad31ee790b79d940eff7f95ee1574c16faf5157af24e79a23f315dd6aa071104a742334c99e782ef9768acb57b0b31820b5469881aaf2d58d7c46b5040

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                fbcf30f5c23f717e83aa725b90e5bedb

                                                                                SHA1

                                                                                f463e39c77d473b59f00783c281c410d7222a50b

                                                                                SHA256

                                                                                de9988649805d57c4b15c24c629157559ad7786470fd1ce29f2816f4c945157b

                                                                                SHA512

                                                                                5d1aae6e89aa0db8353f1a37552e04d8741caeee0df851b69b058ada0acc06a87bf5ffc1d71ae3e33d183262eadbc5bc199492759c33f4fbdb9db2c50af0a804

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                Filesize

                                                                                10KB

                                                                                MD5

                                                                                5eb5340b96f4dfcb65c5678916bd1c26

                                                                                SHA1

                                                                                92338aa06667b3164d54159c2f207290e528fb85

                                                                                SHA256

                                                                                5dfb99f2f821c4f56395192cb5499395ac442a3c10201afd8ed2b993adf25e9b

                                                                                SHA512

                                                                                0fa72e65118936255fb44a0db2e5788e756a82b80dc624d590ec67f48911bd128ed768df97d5ca0838110b980c450e615eee4f369899fb964723cc2765212886

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                Filesize

                                                                                10KB

                                                                                MD5

                                                                                5cc1a2d41cc5c837f602ff38fd920288

                                                                                SHA1

                                                                                fdcaa80b70f12a5b2b67ad8ab4ad27e47350fcfd

                                                                                SHA256

                                                                                b7013f1d70553526b0de40cbb21302d0bfd33cb4df0cbe392e07bd5ba6badbd0

                                                                                SHA512

                                                                                c085bbdc22e0b4f7df2dfbde77e08887afed97ab88b53ee6aa05358e3aac9662127ce6c9c5d6ab4b96cb0faa08e83fcef90ce6646f6cc534d89d0abeb70e63ff

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                Filesize

                                                                                10KB

                                                                                MD5

                                                                                75bc750e7b76b5a0304d72e509fb805d

                                                                                SHA1

                                                                                b834488b645ba617a36ca96aea9c1715a2189f60

                                                                                SHA256

                                                                                0d5b81288aa67d878c512d7d607696d52e927d63c994f6b497fc4193c3d472cc

                                                                                SHA512

                                                                                e8f015687a35d9c89ff4bb3b6ef056cedf974bd8682455f2170bf2f4ef30ad6083f81b266d648cc29590fdd3916c691cea3cf8d607d6940b9ab7185be71d541c

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                Filesize

                                                                                10KB

                                                                                MD5

                                                                                8c2a8addc73fe5961606a331efe2aca4

                                                                                SHA1

                                                                                6fec600b3b8ef354271f73df58a3fd005203c2c9

                                                                                SHA256

                                                                                24f129691de024184c9987fc43a886cda9e85643bea133ec8417f6acb5b8930f

                                                                                SHA512

                                                                                0c6cfec7dd35a9b9a630e124d8d9c75d476245c65497bea2269a5895b73397b5500b0d30ab1d9e3a494be428bbb8460a2c6b824e6c75ee777df1234a4fa6a43e

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                15KB

                                                                                MD5

                                                                                2736f133853b394b708344e163b91e6b

                                                                                SHA1

                                                                                2b560ab059c5909197e1b219c396d839213c497f

                                                                                SHA256

                                                                                3b170b4fdc2826893d57bbeded14df6818317fde83b7dd0c3973aa628dee9869

                                                                                SHA512

                                                                                bc7cffa73cc8b5e942435b0a96234cda367731f2e4382acd8dcb81c7a424173c7d5f5d7f2fd26bbe3488176943ef04d4c774f2c17c4150605037fd29861b961f

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                7632d9a2aaefd506c5e950d68eca482d

                                                                                SHA1

                                                                                022a6b313a5a7a53338e7928a35f109894993112

                                                                                SHA256

                                                                                3ecf984acb73c5601f7b3e8cd5e8add20e39aa9ed7bc4feeaa465237f36a01ba

                                                                                SHA512

                                                                                b29a1169d464a3478d86a214a37458048f1d9e467a224330ab01b1acf1bcdc9071a1e9f5abb171d9f45c57b2c3ba6f96e4957298b9fd48d0d678ed93d97bfcf5

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                16KB

                                                                                MD5

                                                                                c7b36b5b9eb1e5bf1b823383b0993bbf

                                                                                SHA1

                                                                                7359ad6d03ffe2d9a7e76149711d4f4b052ef991

                                                                                SHA256

                                                                                5355017189cfcd8c2c6b86b109b094f8f290a0e9dfc8268ee97e289ba3b75d82

                                                                                SHA512

                                                                                450c01df72d309e9e997fc59f688023e9d4e12066cfb112390ef691408c93aeed220429af309deca850f7137bbd3248fea952121f80101ead2f3d3895c103677

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                16KB

                                                                                MD5

                                                                                b73a32bfb295e6b1ceed17406b21e934

                                                                                SHA1

                                                                                e700b41a0a4e3fca12b1b473211c06cd2437d888

                                                                                SHA256

                                                                                b6de92a1c7d2dc7174452e5751b012ce099a594a19510ecbed883568875c2eb0

                                                                                SHA512

                                                                                2e35c078a839b423eeabb7d1d40478048c7ad21224ad73424868609c9fffe6555be4e13e7e30583d620165b229fed45fb755dd40c9333f5f2766535f061fb1c6

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                873a4c7a2ded836abe8e2967f505fdb3

                                                                                SHA1

                                                                                9a488430282347e17c1d1d11f823895a5324843d

                                                                                SHA256

                                                                                ea97339776d71180350a6e8ddd500c6673f2243f6ec1bb17882e42589c723513

                                                                                SHA512

                                                                                90c59484c205b4b88020f6dcdac9f95c0ae67ff40b63b27f99aea7bb7836b098fdb88528932a416b097cb14443242b82811d8d094d0d4d88f9390f6d3e596323

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                Filesize

                                                                                15KB

                                                                                MD5

                                                                                e28725e57702e0a981b24bb1b46f5e43

                                                                                SHA1

                                                                                243f91657b379a097eb2e682ca80569702434958

                                                                                SHA256

                                                                                ae295000d28d0e39aa246862cde860d4d55e433162740c01d6969d31b0722936

                                                                                SHA512

                                                                                e5d41df503a561acd6adf25bf333853ef3252458a6692f284c9c67e96e134dae3fd3f5eb27932106266b477d3abab9d599adaff98af04fc3ee9beb5961939e43

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                Filesize

                                                                                3KB

                                                                                MD5

                                                                                593820d8048ede4d895cd7985288cf29

                                                                                SHA1

                                                                                dd2054612035499f1ecc9eaceb4a72b977f9dcf4

                                                                                SHA256

                                                                                d703061c8ddad958946244ccad0ee9bca13d6db2c7e8495c6ada64c95a41c19f

                                                                                SHA512

                                                                                41a9c62f0a28fe638e1a025ff764d1da850eca7fb47eae8639389d6edb5141d71743b7b7d6f560b2892d1224b92ad8524268d4a46ac8a0cded861dddb7d6e689

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                bb0b0bc8449ecdb8dfb87b629eb84f4d

                                                                                SHA1

                                                                                64b5c0eef6bf7c772acc1beab9baefd91fc4a88b

                                                                                SHA256

                                                                                623c2fd4ddc51709ddeadd087038f62e7dc03773234fac8cb0146bd1527505c1

                                                                                SHA512

                                                                                44531632b57b0985289b9663ce92904395a3d9dfd5d6545bbaa6d4f980647f97507931aa3c65c684ea6f28c26c1fffd24b609bd032fe8fe04384bbfba6b404ad

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                e4aca43701e3aaeb46ec0b53d74d908c

                                                                                SHA1

                                                                                3d944573c0c9fec31d7967051a601d50691fd217

                                                                                SHA256

                                                                                61a6ef21605f0c8f1b87618ba4d3a8026bbcd365758fde9d1deb1ad896b30c4f

                                                                                SHA512

                                                                                7c4c4de5166e400cc0107e6795f5df265bdeaecdd2b0478e36bcbe5860412bb39a00a77eba64794fca90649c643c97fa5a789dc9642300907b3e1297f213ba82

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d87b1.TMP

                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                3d2745a719151a4aecc2b17ca9d42663

                                                                                SHA1

                                                                                c0770cb40f678803541c498f9412478597d2b4a3

                                                                                SHA256

                                                                                2e36c1924ffd0ffa9f5de5bed7768b52fbff2ddd03cc239e323b87b787f04ce0

                                                                                SHA512

                                                                                30f18d1cb63dfa19623f08b10f13d57b4ba62e3acde2f5754bc5fcd7da146b0db3b589c0e0e4fa71989629505299ff8f6e0470034c1990cdb4aa6a326b8d7585

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                Filesize

                                                                                16B

                                                                                MD5

                                                                                46295cac801e5d4857d09837238a6394

                                                                                SHA1

                                                                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                SHA256

                                                                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                SHA512

                                                                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                Filesize

                                                                                16B

                                                                                MD5

                                                                                206702161f94c5cd39fadd03f4014d98

                                                                                SHA1

                                                                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                SHA256

                                                                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                SHA512

                                                                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                Filesize

                                                                                11KB

                                                                                MD5

                                                                                471f774141c5262c798024ba97dbd01f

                                                                                SHA1

                                                                                7e2f08ab937fd0480ecd0277208d64c787211be5

                                                                                SHA256

                                                                                5c14066475b963163e5768a663002b5d4943586dc71c4baad0274241cef679e4

                                                                                SHA512

                                                                                061693f68c4f68b0eb6a6969aedbe2fbffa17bc5d036f14f141fab3d1de15fd1f429397dd6ef91cc283880904469f21d3fd69af336bafc96132adb67bc60d35c

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                Filesize

                                                                                11KB

                                                                                MD5

                                                                                b2d61e6ac859d1816a2b0b73132756b2

                                                                                SHA1

                                                                                041422341d841f1350cecf309a41c5dc82836f91

                                                                                SHA256

                                                                                183ae2de0f735514fe15f2775b989c5ab0727ffd1570026e7d9d95cede4144a5

                                                                                SHA512

                                                                                798f08f65e76baaa438e792993f19fb49bb2c6056e73fafab6719f09c580780c142fc906916e1b68bc748bdf171a70c0044666ec33f90a61abe066df9db74d05

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                Filesize

                                                                                11KB

                                                                                MD5

                                                                                3215bb83da29303617c3e7ec765bb9a3

                                                                                SHA1

                                                                                5ea095fcb7cbc3a5ee3c5056fd4b025d26850a0b

                                                                                SHA256

                                                                                efe7f16f85793b56527e4a5a7c8153e24d561743f750cbeac3969a1bcb551a32

                                                                                SHA512

                                                                                2ff48ee3e89e8693b615fedef71a86c2bbae4ef5ff9f5c9da26dbd513114bce5fd4b84e4628cf945fe489bdc3cc9f65702ea775b2f2086115988c60c19c70f15

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                Filesize

                                                                                11KB

                                                                                MD5

                                                                                9c75c9781a5e91f72bfe52977031d844

                                                                                SHA1

                                                                                756853fb34bc4cd2c2fff55a3f9c7bb2fd3cc8b9

                                                                                SHA256

                                                                                b6e94038d31f0afe1639c474d9ffef422eadc42de76d124cd97b784d8a10585b

                                                                                SHA512

                                                                                277569af1d4110773199cdc6d68809d5057ba4c1fa78cdea053142eb3048f182967474788f09e396641e59cd1fc5613f60115690e4c4332502ee12fc8b0d1db2

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                Filesize

                                                                                11KB

                                                                                MD5

                                                                                5038b98a398c0ff6a986fd6c08a11cad

                                                                                SHA1

                                                                                81812a56b5ff1c7b4b8391eccb1f2bfe7c0ca117

                                                                                SHA256

                                                                                aa5d7373d4a7059bdc0cf68fe9511bfbfb904f00ca55b46c63f873aeaada0ac9

                                                                                SHA512

                                                                                8f940eed9e4b5ef7232fac1f49a40f82c0f81dd9556d2f26bc1607e8d35369a22f569838ef329eec687ced83cfa85f5d26aabb3f23849cee08afb55eee1fd31a

                                                                              • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                                                                                Filesize

                                                                                10KB

                                                                                MD5

                                                                                4d52399020a24c1f6b4254cc7252504b

                                                                                SHA1

                                                                                2afe0c8994c64898d5fe16ca68811438ef19b0ee

                                                                                SHA256

                                                                                e75a14ce8abaea1788c4361552ef9ef2b86ea02485eb4ad5f8c22c9c49ece3e7

                                                                                SHA512

                                                                                a481726d4ef1dfd67a86ae79e16abda87a0f370310758cc8a1bb2516a69557129e9612b9430c0ae11d7ddf72e1afc3375f5649a09bb53febe5cc16718ba976b4

                                                                              • C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

                                                                                Filesize

                                                                                1.6MB

                                                                                MD5

                                                                                45e5ca74b9ae3c3fc6f6a63c609783b6

                                                                                SHA1

                                                                                f36715bea96d69bb18075fac30b90502c6d2464b

                                                                                SHA256

                                                                                b4afd37b9087df7e041ae749fd0fa342926d9cce533bde9cdc4283132c3820a9

                                                                                SHA512

                                                                                014fd398d456fcb118dfd6b038b6f96008ca209d44d9707e175e85e7f14cfb3f2886deaed0d8ed25971813035e8dd7f88142c06972f3e2c9b4a534d84bec661a

                                                                              • C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

                                                                                Filesize

                                                                                30.1MB

                                                                                MD5

                                                                                0e4e9aa41d24221b29b19ba96c1a64d0

                                                                                SHA1

                                                                                231ade3d5a586c0eb4441c8dbfe9007dc26b2872

                                                                                SHA256

                                                                                5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

                                                                                SHA512

                                                                                e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

                                                                              • C:\Users\Admin\Downloads\BootstrapperV1.15.exe:Zone.Identifier

                                                                                Filesize

                                                                                26B

                                                                                MD5

                                                                                fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                SHA1

                                                                                d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                SHA256

                                                                                eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                SHA512

                                                                                aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                              • C:\Users\Admin\Downloads\Unconfirmed 893596.crdownload

                                                                                Filesize

                                                                                796KB

                                                                                MD5

                                                                                653c07b9b5f1b22c84f72c03b0083d18

                                                                                SHA1

                                                                                54c25b876736011d016dc0ea06a1533365555cc4

                                                                                SHA256

                                                                                c9d04a3a87fee318ba65f837f40bd2dd2428f25e78bf271207f8b2b02aaa8a06

                                                                                SHA512

                                                                                b605773fc4fa244f354bb8f51621225e6482751d19bddf747f03f624581bc7ae896ca0e40be91b667aea7a7978a291497a362f9bd65449682e1948938af684f8

                                                                              • C:\Windows\Installer\MSIB604.tmp

                                                                                Filesize

                                                                                122KB

                                                                                MD5

                                                                                9fe9b0ecaea0324ad99036a91db03ebb

                                                                                SHA1

                                                                                144068c64ec06fc08eadfcca0a014a44b95bb908

                                                                                SHA256

                                                                                e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

                                                                                SHA512

                                                                                906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

                                                                              • C:\Windows\Installer\MSIB626.tmp

                                                                                Filesize

                                                                                211KB

                                                                                MD5

                                                                                a3ae5d86ecf38db9427359ea37a5f646

                                                                                SHA1

                                                                                eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                                                SHA256

                                                                                c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                                                SHA512

                                                                                96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                                              • C:\Windows\Installer\MSIBED2.tmp

                                                                                Filesize

                                                                                297KB

                                                                                MD5

                                                                                7a86ce1a899262dd3c1df656bff3fb2c

                                                                                SHA1

                                                                                33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

                                                                                SHA256

                                                                                b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

                                                                                SHA512

                                                                                421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

                                                                              • C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

                                                                                Filesize

                                                                                280B

                                                                                MD5

                                                                                d6edb8e1864d97956c972f7158535eb8

                                                                                SHA1

                                                                                69fc8145119affddcd40e4e190ffff1a2415e3cf

                                                                                SHA256

                                                                                02f1971e3d9ad4aecd4db7ffb927228f4d0cc0537b25d08a2ccf07213223db91

                                                                                SHA512

                                                                                df3ae4fece50946012d752b74f0f71ccfd7d1fd32ae81c45c05c34278a19d028c494fd7651932d405cb599fecf1522cd683adffdb7e114f652874359336269ab

                                                                              • memory/2604-4484-0x0000018B206A0000-0x0000018B2075A000-memory.dmp

                                                                                Filesize

                                                                                744KB

                                                                              • memory/2604-4485-0x0000018B20760000-0x0000018B20812000-memory.dmp

                                                                                Filesize

                                                                                712KB

                                                                              • memory/2604-4483-0x0000018B20930000-0x0000018B20E6C000-memory.dmp

                                                                                Filesize

                                                                                5.2MB

                                                                              • memory/2604-4482-0x0000018B05E10000-0x0000018B05E34000-memory.dmp

                                                                                Filesize

                                                                                144KB

                                                                              • memory/3232-2-0x00007FF9CFC10000-0x00007FF9D06D2000-memory.dmp

                                                                                Filesize

                                                                                10.8MB

                                                                              • memory/3232-3-0x00007FF9CFC10000-0x00007FF9D06D2000-memory.dmp

                                                                                Filesize

                                                                                10.8MB

                                                                              • memory/3232-1-0x000002116BE30000-0x000002116BEFE000-memory.dmp

                                                                                Filesize

                                                                                824KB

                                                                              • memory/3232-0-0x00007FF9CFC13000-0x00007FF9CFC15000-memory.dmp

                                                                                Filesize

                                                                                8KB

                                                                              • memory/4676-2827-0x00000000009B0000-0x00000000009E5000-memory.dmp

                                                                                Filesize

                                                                                212KB

                                                                              • memory/4676-2828-0x0000000074170000-0x0000000074395000-memory.dmp

                                                                                Filesize

                                                                                2.1MB

                                                                              • memory/4676-2838-0x0000000074170000-0x0000000074395000-memory.dmp

                                                                                Filesize

                                                                                2.1MB

                                                                              • memory/4676-2912-0x00000000009B0000-0x00000000009E5000-memory.dmp

                                                                                Filesize

                                                                                212KB

                                                                              • memory/5320-307-0x000001A52D640000-0x000001A52D662000-memory.dmp

                                                                                Filesize

                                                                                136KB

                                                                              • memory/5320-2918-0x000001A547A00000-0x000001A547A12000-memory.dmp

                                                                                Filesize

                                                                                72KB

                                                                              • memory/5320-2913-0x000001A52EFA0000-0x000001A52EFAA000-memory.dmp

                                                                                Filesize

                                                                                40KB

                                                                              • memory/5564-4379-0x00000178AEB40000-0x00000178AF602000-memory.dmp

                                                                                Filesize

                                                                                10.8MB

                                                                              • memory/5564-2631-0x00000178AEB40000-0x00000178AF602000-memory.dmp

                                                                                Filesize

                                                                                10.8MB

                                                                              • memory/5564-3468-0x00000178AEB40000-0x00000178AF602000-memory.dmp

                                                                                Filesize

                                                                                10.8MB