2f7c22b6957a0ef65db82f6264151dc54b9a036f5ee05d9ff21c8ea894ef83ee

Analysis

max time kernel
483s
max time network
459s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Zorara2.3.zip
Size

25.9MB
MD5

3042ed272e625ed8a2117cc9f5d5b786
SHA1

35b5b18c57cdb08af82000ed3fdd5ddff1f2d7dd
SHA256

2f7c22b6957a0ef65db82f6264151dc54b9a036f5ee05d9ff21c8ea894ef83ee
SHA512

df9317f7bf536d722db54661e773919d0587b21ce0020953d66d5f09efe740c276648ab257538661a74cac3e90db0e0930796011959b486c6a3cc3da93d0fda9
SSDEEP

786432:aHmMXb9teNgZs/1LH7en4LNNeLoVvv4u7ry0:aHmXv/dKnSXeLk34u7rv

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 15 IoCs

pid	Process
1472	MicrosoftEdgeWebview2Setup.exe
1776	MicrosoftEdgeUpdate.exe
4292	MicrosoftEdgeUpdate.exe
2312	MicrosoftEdgeUpdate.exe
4368	MicrosoftEdgeUpdateComRegisterShell64.exe
3432	MicrosoftEdgeUpdateComRegisterShell64.exe
760	MicrosoftEdgeUpdateComRegisterShell64.exe
4340	MicrosoftEdgeUpdate.exe
208	MicrosoftEdgeUpdate.exe
4212	MicrosoftEdgeUpdate.exe
1548	MicrosoftEdgeUpdate.exe
4352	MicrosoftEdge_X64_128.0.2739.67.exe
2708	setup.exe
4960	setup.exe
2928	MicrosoftEdgeUpdate.exe

Loads dropped DLL 18 IoCs

pid	Process
1776	MicrosoftEdgeUpdate.exe
4292	MicrosoftEdgeUpdate.exe
2312	MicrosoftEdgeUpdate.exe
4368	MicrosoftEdgeUpdateComRegisterShell64.exe
2312	MicrosoftEdgeUpdate.exe
3432	MicrosoftEdgeUpdateComRegisterShell64.exe
2312	MicrosoftEdgeUpdate.exe
760	MicrosoftEdgeUpdateComRegisterShell64.exe
2312	MicrosoftEdgeUpdate.exe
4340	MicrosoftEdgeUpdate.exe
208	MicrosoftEdgeUpdate.exe
4212	MicrosoftEdgeUpdate.exe
4212	MicrosoftEdgeUpdate.exe
208	MicrosoftEdgeUpdate.exe
1548	MicrosoftEdgeUpdate.exe
2928	MicrosoftEdgeUpdate.exe
2564	ZoraraUI.exe
4008	ZoraraUI.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 10 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\edge_feedback\camera_mf_trace.wprp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\identity_proxy\dev.identity_helper.exe.manifest	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\identity_proxy\win11\identity_helper.Sparse.Canary.msix	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.67\Locales\ga.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\wdag.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\VisualElements\SmallLogoCanary.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\Locales\gl.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\Locales\sv.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\MEIPreload\manifest.json	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\MEIPreload\preloaded_data.pb	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_sv.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\Locales\nb.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\identity_proxy\internal.identity_helper.exe.manifest	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_ms.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{894A9615-B088-4D10-89CA-76D68F1DC252}\EDGEMITMP_BEDD7.tmp\setup.exe	MicrosoftEdge_X64_128.0.2739.67.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\Locales\is.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\EdgeWebView.dat	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.67\Locales\sl.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\Locales\fr-CA.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\Locales\kn.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\Trust Protection Lists\Mu\Advertising	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_is.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\Locales\tt.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\vcruntime140_1.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\Trust Protection Lists\Mu\Content	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.67\Locales\et.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_lo.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_nn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\PrivacySandboxAttestationsPreloaded\privacy-sandbox-attestations.dat	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\identity_helper.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.67\Trust Protection Lists\Sigma\Cryptomining	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\psuser_arm64.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\VisualElements\LogoBeta.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\Locales\ta.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.67\EdgeWebView.dat	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.67\Trust Protection Lists\Mu\Cryptomining	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_sr-Cyrl-BA.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\cookie_exporter.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\identity_proxy\stable.identity_helper.exe.manifest	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\Locales\he.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\WidevineCdm\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\VisualElements\LogoDev.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.67\Trust Protection Lists\Sigma\LICENSE	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.67\Trust Protection Lists\Mu\Entities	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.67\Trust Protection Lists\Mu\LICENSE	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.67\Locales\as.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\oneauth.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\VisualElements\Logo.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\Trust Protection Lists\Mu\Fingerprinting	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_pl.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_ca-Es-VALENCIA.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\libEGL.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\Locales\as.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\identity_proxy\stable.identity_helper.exe.manifest	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\BHO\ie_to_edge_bho.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\Trust Protection Lists\Mu\TransparentAdvertisers	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\Trust Protection Lists\Mu\LICENSE	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\identity_proxy\resources.pri	setup.exe
File opened for modification	C:\Program Files\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\Locales\ca.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\vccorlib140.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.67\Locales\hu.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\dual_engine_adapter_x64.dll	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4340	MicrosoftEdgeUpdate.exe
1548	MicrosoftEdgeUpdate.exe
2928	MicrosoftEdgeUpdate.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 43 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133702789023894533"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0B4C1840-3931-4AA5-A64F-95339D05E614}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\Enabled = "1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CLSID\ = "{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\PROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0B4C1840-3931-4AA5-A64F-95339D05E614}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.19\\psmachine.dll"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0B4C1840-3931-4AA5-A64F-95339D05E614}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0\CLSID\ = "{77857D02-7A25-4B67-9266-3E122A8F39E4}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID\ = "{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ELEVATION	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{31FB561A-CD57-4AF0-AE52-5652A86256B1}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1540	ZoraraUI.exe
1540	ZoraraUI.exe
1540	ZoraraUI.exe
1540	ZoraraUI.exe
1276	chrome.exe
1276	chrome.exe
872	ZoraraUI.exe
872	ZoraraUI.exe
872	ZoraraUI.exe
872	ZoraraUI.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
1776	MicrosoftEdgeUpdate.exe
1776	MicrosoftEdgeUpdate.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1776	MicrosoftEdgeUpdate.exe
1776	MicrosoftEdgeUpdate.exe
1776	MicrosoftEdgeUpdate.exe
1776	MicrosoftEdgeUpdate.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
2564	ZoraraUI.exe
2564	ZoraraUI.exe
1972	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeCreatePagefilePrivilege	1276	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe
1972	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 3332	1276	chrome.exe	107
PID 1276 wrote to memory of 3332	1276	chrome.exe	107
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 1828	1276	chrome.exe	108
PID 1276 wrote to memory of 2120	1276	chrome.exe	109
PID 1276 wrote to memory of 2120	1276	chrome.exe	109
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110
PID 1276 wrote to memory of 4384	1276	chrome.exe	110

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Zorara2.3.zip
1⤵
PID:224

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:212

C:\Users\Admin\Documents\Zorara2.3\ZoraraUI.exe
"C:\Users\Admin\Documents\Zorara2.3\ZoraraUI.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa0f97cc40,0x7ffa0f97cc4c,0x7ffa0f97cc58
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,4012319184877062119,8687682079070270950,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,4012319184877062119,8687682079070270950,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,4012319184877062119,8687682079070270950,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,4012319184877062119,8687682079070270950,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3260,i,4012319184877062119,8687682079070270950,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3732,i,4012319184877062119,8687682079070270950,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4912,i,4012319184877062119,8687682079070270950,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4560,i,4012319184877062119,8687682079070270950,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4740,i,4012319184877062119,8687682079070270950,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3244,i,4012319184877062119,8687682079070270950,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=860,i,4012319184877062119,8687682079070270950,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5176,i,4012319184877062119,8687682079070270950,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3044,i,4012319184877062119,8687682079070270950,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2492 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5084,i,4012319184877062119,8687682079070270950,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3464,i,4012319184877062119,8687682079070270950,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5408,i,4012319184877062119,8687682079070270950,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3484,i,4012319184877062119,8687682079070270950,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:3320
- C:\Users\Admin\Downloads\MicrosoftEdgeWebview2Setup.exe
  "C:\Users\Admin\Downloads\MicrosoftEdgeWebview2Setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1472
- - C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1776
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:4292
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2312
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4368
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3432
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:760
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzVCMkZCNjUtMDAxRi00OEFDLTk2RjAtRDcyQUU3MTQyNzVBfSIgdXNlcmlkPSJ7RTU3MTcyMDktMzZGNC00ODgyLTgyMzAtRDFFNjZGNUIzQUQ4fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezQ2RjI0MjQwLTM2MzItNENEQy1CNTNELURCREIwRkVCMkMyMX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTQ3LjM3IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4xOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzMwNDYzODc5OCIgaW5zdGFsbF90aW1lX21zPSI2NTUiLz48L2FwcD48L3JlcXVlc3Q-
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4340
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{C5B2FB65-001F-48AC-96F0-D72AE714275A}"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:208

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4288

C:\Users\Admin\Documents\Zorara2.3\ZoraraUI.exe
"C:\Users\Admin\Documents\Zorara2.3\ZoraraUI.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:872

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:4212
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzVCMkZCNjUtMDAxRi00OEFDLTk2RjAtRDcyQUU3MTQyNzVBfSIgdXNlcmlkPSJ7RTU3MTcyMDktMzZGNC00ODgyLTgyMzAtRDFFNjZGNUIzQUQ4fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RDgwMEFBOEQtRTY4My00RDE1LTkyODMtQTI5NkUwODQ1OTcwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIzNyIgaW5zdGFsbGRhdGV0aW1lPSIxNzIyNjAyNzI2IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNjcwNzUyNzgzMzc5MTI1Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjExNDMyNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzMxMTMyNDc2NCIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1548
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{894A9615-B088-4D10-89CA-76D68F1DC252}\MicrosoftEdge_X64_128.0.2739.67.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{894A9615-B088-4D10-89CA-76D68F1DC252}\MicrosoftEdge_X64_128.0.2739.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4352
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{894A9615-B088-4D10-89CA-76D68F1DC252}\EDGEMITMP_BEDD7.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{894A9615-B088-4D10-89CA-76D68F1DC252}\EDGEMITMP_BEDD7.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{894A9615-B088-4D10-89CA-76D68F1DC252}\MicrosoftEdge_X64_128.0.2739.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:2708
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{894A9615-B088-4D10-89CA-76D68F1DC252}\EDGEMITMP_BEDD7.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{894A9615-B088-4D10-89CA-76D68F1DC252}\EDGEMITMP_BEDD7.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.120 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{894A9615-B088-4D10-89CA-76D68F1DC252}\EDGEMITMP_BEDD7.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.67 --initial-client-data=0x230,0x234,0x238,0x208,0x23c,0x7ff6c07d16d8,0x7ff6c07d16e4,0x7ff6c07d16f0
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:4960
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzVCMkZCNjUtMDAxRi00OEFDLTk2RjAtRDcyQUU3MTQyNzVBfSIgdXNlcmlkPSJ7RTU3MTcyMDktMzZGNC00ODgyLTgyMzAtRDFFNjZGNUIzQUQ4fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezc2QzBBRDI4LTI1RDctNDc1Ny04NkVELUVEQ0Q1NzA3MTZGRX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtKN1ZpWmpiTnl4MUdWckhXK1JkL1BnVml6bkYrdHF4aVV0V1hvRnRJaGZVPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjguMC4yNzM5LjY3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MzUyODc5NTU4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzM1Mjg3OTU1OCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg2MzY5NjI2OTIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2VjYjM1MWY4LTVkMzQtNGVjOC1hZmFiLThhM2U1ODA3MjJkMz9QMT0xNzI2NDEwMjg5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUt4VkFLOW11VzBRMHhWb0NoZURRZ0dRTDYzWGU2d2hjRGllWHBWM3ZFaGNQZ0lMcmtYeGRXa2FDaHZ2c3hxMG1XVzhwRXF0aXVCbHQ4ZSUyZlhiRWNkWFElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzM3NTY1MTIiIHRvdGFsPSIxNzM3NTY1MTIiIGRvd25sb2FkX3RpbWVfbXM9IjEyMTg3NyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg2MzcxMTg5ODAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NjUxMjU0NDQzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MTAxODc5MzM0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iODQ0IiBkb3dubG9hZF90aW1lX21zPSIxMjgzOTIiIGRvd25sb2FkZWQ9IjE3Mzc1NjUxMiIgdG90YWw9IjE3Mzc1NjUxMiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDUwNjIiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2928

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:1972

C:\Users\Admin\Documents\Zorara2.3\ZoraraUI.exe
"C:\Users\Admin\Documents\Zorara2.3\ZoraraUI.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2564

C:\Users\Admin\Documents\Zorara2.3\ZoraraUI.exe
"C:\Users\Admin\Documents\Zorara2.3\ZoraraUI.exe"
1⤵
- Loads dropped DLL
PID:4008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.67\Installer\setup.exe

Filesize
6.6MB

MD5
16dd69461337762007690317e733734d

SHA1
235528177001b7b413ae7f1af448d9867b4045ae

SHA256
e3a007015a353cea188804336cec71c961c7dbd3c89cd588818114ba66c806e3

SHA512
ed60676bdda50480d655cb1cb7edcf7d25355b9d40ec3b3906995d53a9860b259c77974d6f12e49e01e95997cc8d7ffdb4b441f4dab1992de11ee269f262f701

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
182KB

MD5
3a6b04122205ec351f8fbef3e20f65c4

SHA1
ba2e989a1f1963652405b632f5020e972da76a8c

SHA256
7ba65317643fbc0d03195bdeeba318732823a91ef27f62483d5fc0ed3fea4912

SHA512
2a0dbc91e79c42bf934ce7ab41ff6ed900322706bb71ffa1f3ade4ad85e0e1de2fa31540e1f1e0e979ad749c84343563ebe341585965f2f3a62debd6b4ab0cb0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
b0d94ffd264b31a419e84a9b027d926b

SHA1
4c36217abe4aebe9844256bf6b0354bb2c1ba739

SHA256
f471d9ff608fe58da68a49af83a7fd9a3d6bf5a5757d340f7b8224b6cd8bddf6

SHA512
d68737f1d87b9aa410d13b494c1817d5391e8f098d1cdf7b672f57713b289268a2d1e532f2fc7fec44339444205affb996e32b23c3162e2a539984be05bb20c4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
215KB

MD5
1d35f02c24d817cd9ae2b9bd75a4c135

SHA1
8e9a8fe8ca927f2b40f751f2f2b1e206f1d0905f

SHA256
0abf4f0fe0033a56ebdaff875b63cc083fd9c8628d2fb2ab5826d3c0c687b262

SHA512
17d8582c96b22372a6e1a925ccc75531f9bab75ebe651a513774a02021801d38e8f49b4e9679a9dfc53ccc29193fed18ab2e2935b9b7423605e63501028240e9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
262KB

MD5
e468fe744cbaebc00b08578f6c71fbc0

SHA1
2ae65aadb9ab82d190bdcb080e00ff9414e3c933

SHA256
7c75c35f4222e83088de98ba25595eb76013450fc959d7feefcab592d1c9839f

SHA512
184a6f2378463c3ccc0f491f4a12d6cac38b10a916c8525a27acd91f681eb8fb0be956fc4bdb99e5a6c7b76f871069f939c996e93a68ff0a6c305195a6049276

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdate.dll

Filesize
2.1MB

MD5
b0da0a3975239134c6454035e5c3ed79

SHA1
fbea5c89ef828564f3d3640d38b8a9662c5260e6

SHA256
c590d1af571d75d85cfe6cb3d1aa0808c702bcefd1b74b93ea423676859fb8ba

SHA512
5fbfa431a855d634bcbef4c54e5cc62b6435629305efee11559f66473c427ad0775c09364d37aaa7a4a8a963800886f6547a52ae680a1ff2c4dcc52c87d994bb

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_af.dll

Filesize
29KB

MD5
c54dfe1257b6b4e1c6b65dabf464c9fa

SHA1
aef273340160af0470321e36e9c89e1a858e9d39

SHA256
0c426d4d48efff328a0da5497af24e83892a2ed1d6397a6dc42f9548a24dbff5

SHA512
58ae24dfc6045ce1f8ed782a03cb3d02c10b99a2992b9326711fb8700c8e7d05cfbca21e9b47cb4b1f4f806a9bb7667672026c715aad2f175febb6ba2b5f95db

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
ccdf8ae84e25f2df4df2c9dd61b94461

SHA1
64cd90b95a17d9ecf2a44afc0d83730b263ba5fe

SHA256
816c64b37e4c42cd418d05bc34a64e9c4acb4ce08b2a18ac5484374ca7b76e76

SHA512
242a8a93326d3a5ea1fd367ef6cc2b343f08f4ff68d88d91044d0ad7fce490f47524a6e57940991ff0893a590459e96c588944f2b115cee703413ca594046f7f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
3374d9bc4467dbdeaf50bbd5a26edcfa

SHA1
6d7bd73ad27148bad7488959d7ebea22b6805436

SHA256
5c8a8755cc0b1213fb0d5b57e10a53702f2091479d3c058d0c756134e548c685

SHA512
c0c02e54d7e0060b6ffa5bedf8d79cf4b40f77711680d2161b5186c5a8a10e521169dfa7ab6b8e4816c98e4aefd136f209a40c78104cb618c21105e095537719

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_as.dll

Filesize
29KB

MD5
87e596d8f0ac9fbe2d3176665eeb68f3

SHA1
1c9364d55b4844cd250504abe30dcff9792ee576

SHA256
c39669e004facfb0c500788747a4427fe26dcdb50ae695562e6e417f4eb190cd

SHA512
ef3708632e19332ddf460e081f8444ff8b4ec483c6b3e57f386df66d5f62d222b1d3f9f3728928701a6e48720133133c43619858853585a7d70b7bd5d8cf847e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
ace0925ded0a4507d82e6d32a77c50df

SHA1
c760ff52c71de3080631120c6992dcd0ac4e37bd

SHA256
8e3c517bfc5986310c35f30b9681d9c919a7d62e299014410132ddc2b41f00b3

SHA512
8adec80e179f205d0571625c1a63a0188e6533adefd48691f2fc287a546c12249c2126e6958d1732fa8847492a8287723a0196fbc0f2b9af3c54e1ab418cc3e6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
aeb3a05ce4eecdef3d23dbc0094fe21f

SHA1
e2a5c49b4d0fddcad28649bd09d0cc7af4c0b2c8

SHA256
6c874a312ae57b8b0deac8457a200fcfc90aceaaa252628701c92aa8b9a823e8

SHA512
4a7fe6cf8300b394d7471d9a2d759ebed59690ce925270d6ceaa4e14ee06f01b67f8219559e9ec917477f4c5aae03329ae2c6e231f3fd41c645d02d26b29f367

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
afa21b2feee2831c5478e113ed814b76

SHA1
9e883c990a31b8cd0ed2f80f732f404386cc55d9

SHA256
183bcae9e143b78d04c2ed83ab6cac8cbd82f1d2bcf7bbb2506886a3925ac556

SHA512
294838c67f6d87fc3b4975c73d24e1c38173c8ad4a14c215945e9910ddc306e9deb0168f38661c85b5c77929fcbf56093f632a35c1b39181203fbd662d71f7f8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
8e0ff856270ca13f8c07825e39ae3613

SHA1
b351f8ae0cc13d97d201a268990b75fc9e6cd422

SHA256
18cd8ed69df17e1bcb517285caa88c8a73e093984fecbea2587e7144a8812a73

SHA512
25f3821c20aa222a28143951c9f370d3feceaf41e449f718640dce9af0e88e518bc40d2d02f5e64148d8909feedcfa6a8caf65a87ad12637a8bc13c848b1f178

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_bs.dll

Filesize
29KB

MD5
9f4c9469ef1930ec3ca02ea3b305e963

SHA1
e588ffdf150b55bb4ba38e2aaf175aaf6e1826d0

SHA256
fef14de38a4501cf538c89ca2d1ec389031124f69df9090df94fb4461e54ad58

SHA512
c166189ad76cb395a2aeea724f2088f42dd4d361518856166fb92b3335b8fc670e99eb7b1c4c9ac2c872c8283826cc2c88009bd975e690efbcc3d99289557e96

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
30KB

MD5
2e9132ee071ca5653baf90b9b1ea382e

SHA1
8a0c1e5a0df6432c50539d68caf697b8adaf1556

SHA256
adf6e6542f1422c431ef92a209886224fbb53b5c67e68ac070d5c8a4c6ee569a

SHA512
0b021758117109e4414c7ef37356106a96b68536ade8d3f1d1fb3dfce7c1132ab6fe02f7292ed225c09814a9c57124f731fd35069d220760678eab565f320976

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
917c18cfa84c8b8e83d8321f03be093b

SHA1
c0a4a743f4059183724fc8c26e84b5a80bb2f7f0

SHA256
6c56355b232c3bd35f397f99648c020733ea2d57db1cd4beafffcd962b896ae4

SHA512
03359c6104e9f0cb2d66b6f1bf5598b2bb00d9e7a62fbd0c5475ca67b5194e96c2e6053a2a1c22323ba0002c614caab0477597fd34b57dd1f5acdb19f70c0854

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
8b49a989a56d4a5aabd0a03f179ed92e

SHA1
ca2f84217c867eb853830e95c7717ce35bd997f9

SHA256
849e23c2f53d06462bd0f38e9d7c98e9389486f526a90c461c04c0aa1db7b7be

SHA512
f4861ab9200db234550cd2e355ce200b7746c614e9c326287c0509d152f29d41d7a056e4fd27e3150cb433cd0234c4ae1cbc0c3a8b5892ecb3e8d4632a985aa7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
1146f59b139b9d810996a1bae978f214

SHA1
cc9d54e6e3ce1efc4ef851eba35222547b996937

SHA256
7b5ce6c7fa03e69a93694fa59c61be88b3eb8cd8951790f3bdd7cba2d99e6b83

SHA512
0c94943646b0a08662eda2d236b7c88ecec0745faff5b9c6097f68e73a20059f8d2de47a9c00e58c6d2083331a34a0fa19b0964f3c62a6b8cfa02bc1e283e75a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_da.dll

Filesize
29KB

MD5
08fb61cf492ccd1236907af7a6b1bd4b

SHA1
9f6e0f7610d42f8a402d3adb7b66374f4d0f3cb5

SHA256
d6261d4bd9ce4011caee1e0efefb5685a5bb5e29130ad8639e4578fc90027631

SHA512
747982680ebc9e3c0993a69923c94382df6bfc113ebb76d31f65f9d824abef1a051a4e351f0f42296fd84e7663fc3bcc784da51dbce0554c3a880ac2258aa16c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_de.dll

Filesize
31KB

MD5
970e46bfaca8f697e490e8c98a6f4174

SHA1
2bc396e8f49324dee9eb8cc49cdb61f5313130d9

SHA256
eeff2c2487c6456e6a3ed43fe5fbb9d3b72e301d3e23867b5d64f5941eb36dcb

SHA512
789f29ee2c34d86da5c69225bb8b2fd96273c20146126c28d3d36a880bbda5b16ace479ce59aafdf645328255105133f489278023e63e04e9fa1fb34cc1f3ae1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_el.dll

Filesize
31KB

MD5
3d22a75afd81e507e133fe2d97388f2e

SHA1
f7f68cb6867d8c6386438d5a6e26539be493505b

SHA256
823fe6edc1fb0ebdfb8ebbaa2d36f6dc0424c8f26b6594a390ae0eaafd319ab0

SHA512
34a62ebe8d057a6f6e6f6b2672ebb95d4d7c49e739f4beee4bbfb5e917b7176aba4d70b0e84bd727c967d0885c08264dfb42371fe0d3fe4f8f12dbb1e26ca69a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
fe685e8edec8a3b3c16e7954b787e118

SHA1
ac71544158bf86d357d78d003f5ff2b4b5fd4ef3

SHA256
4b60ce6e3c8f725ad8e88cd0d0a3f0155a7145915670a532fe1143fb2dfbf49e

SHA512
e30d12a607d1c6fd2060ab38f443af680f8c8655900b0a21f3f0b488033f9300915667bdfa59ff4fd3488f58ac52c7f5598ff5078bf849bd177d1d8c10533f04

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
be845ba29484bdc95909f5253192c774

SHA1
70e17729024ab1e13328ac9821d495de1ac7d752

SHA256
28414cd85efe921a07537f8c84c0a98a2a85fdbd5dfa3141e722ed7b433d0a96

SHA512
2800ec29ece429151c4cd463c5042492ac24e82b4999a323607d142a6e1a08cb69258190a6722afbbcfb3c9cdc6eebdedf89ee6549e0f420f6fbae3aa0501fd4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
dc8fcfbcd75867bae9dc28246afc9597

SHA1
8fd9361636303543044b2918811dbdab8c55866c

SHA256
3deb382ffdfbd2d96ff344ec4339f13703074f533241f98f0ccd8d3f8c98f4bd

SHA512
ac8fbf033677a6862f3d02cf93bf1838c24f006b40fd44336ae13ecc2287ae4c733cc3d601e39556586131e8a9e2d930814399ac68165a26458a6cbf51b11d32

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_es.dll

Filesize
29KB

MD5
9c0ef804e605832ba0728540b73558a7

SHA1
a305f6b43a3226120d3010ca8c77441f6a769131

SHA256
626835e07c1fc4ab670127682f3e5225881a2d4ddea873c5271e9032668fa641

SHA512
c27a4b24600bdd33a4f9430e8d4d8f7f3718efcaf2d1ec36023e34b996817af79b5a9baeea1506f97d2716c9b2b5509bbc1bf4d7cab779554eebadaa8c942dfe

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
111118683f6e8ed7ceb11166378aebb0

SHA1
fd3e1cf198885ab5d9082d540d58f983d8a0f5ff

SHA256
5cc4930c50716138e25987baacb9a9aed7d30ff5c0ac927e35f7fc006f5179c4

SHA512
cc3480f05d8d59d3d705204e15ff6453a6d9c77bdb1011d069bb1f83b3d4e14204f19caa7e7ecbb6e3ed92d429ac46940791903440fbfeca2f7e7e12b9a47f6c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_eu.dll

Filesize
29KB

MD5
c0da1ad8854f64b7988d70c9db199d5f

SHA1
b184335283bf0026615f2a4a120fda87961c774b

SHA256
73190820d59e5bfe769b82ada48b0c9ed353524bd5cab303f5175d7d9bbb74ee

SHA512
424ef2d0ceaba76b64c3349ec1ff5088cb8aff9103fb38da238c80e6452a967f3dca09860b2b8fe9c01e20bebadc539960a5bc241a91bab98bfedf29c2f777ea

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_fa.dll

Filesize
28KB

MD5
c4cb44ee190c5aa8dd7749659437e5cc

SHA1
667f4aa01a4262fff2e01838f94330c0ebc285a2

SHA256
dc184d54d00d51d2f8de623c0c4b07e9408f7b02e1f1085107edaf14dcbee136

SHA512
0330d733e89811c4a89deb202ec517de3128ad266483f37bd8d91eb6e45336febf7297da4f3465c683ed1b6e08114d6a3f52ff74484276509b9816ae7dccbb10

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
a9b037f7bc8f5b382bf6c69b993dbeb1

SHA1
7beb733f3561ac3083a3dfca3b7644c5154e1330

SHA256
b498d1b38a81199b62a98a0e36aa9e955e1c0143436908538314089c0e59d128

SHA512
a63c1e1a4d8d2e5043e0cdc420d1c545b0adbcdaa1a65f09454d47cc9642c1ffcb16e76454e90c75fd88f29917024b11418a606acbd560a98b79cd8631186332

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
6b2319c3634103272f39fc71d7f95426

SHA1
a1d692a68c5cbb70d29a197ec32c9529c15a0473

SHA256
28c610ba7f8332be050c30e296acaee423bc0a7a9cacc7b3d60618e284ff9cfa

SHA512
51738dd14b410c689ed56530ac555824c773bcb163f4dbaddc86e684e04c1f06271001f0b2bef7d6231f17231b2e3e35f9aba2974c48eff6d1a8ab877e5a6031

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
8e1793233c6e05eeaf4fe3b0f0a4f67c

SHA1
97697fe9ba6b3cb5cfe87bb94587c724ed879c3b

SHA256
b9caaa668b71964316ee15e6e49f8ae81e5ed167fdb69fc31bc6df834ab4e7a5

SHA512
3d2fbf5e05e7b9e21c85ad7f59db9556046e4c1755f0b138d6de38eeadd3480e772e35798f9339aa7daffbf92afbc385f9c0bb4e4f5c65292dff3b280f52bd6f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
5e63ac4b5abe6c84f305898a0f9ba0bb

SHA1
e70baf6f175c297a9b491272ce8f131ba781553c

SHA256
711b5968d2116d7e97aa5852ec864db35d3c186f341fb024cd1ef4525256131a

SHA512
c383e4df4337bf9a66f684dabd2faa95cb49abb424c76d0603f91af7b7260be5b2877246da293d5df83fdb59d291d63a7d73303c34682a50ea84a8fcd7d6e874

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_ga.dll

Filesize
29KB

MD5
f7b123f6dd6c8d8832a8bb8b7831e42c

SHA1
7e9524b79036568b2b4446ee00c76460fb791c6d

SHA256
119b9e288832f2a4d47d63b693bb195a72f27e9c0aa014b2c3ccd5d185f7afc7

SHA512
6bd457d1e3f943a4ca5a1d36907fe526a4f2965a8411280a2988ef1d264203af0797365c1306e7ce103cabec2ead17d194f20848b4c665e986705c3ed6e291c9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
6de337fa9f131077042f7ce421a9fa42

SHA1
25e21b64cdf60a1da2f940b3c873eefd680a5fc9

SHA256
263e07308785bd7e510eda95499ab3d3d66942f0bfd0a5722258e2a87b5d0a90

SHA512
e747fc105c4ede0d4f73492e3757975a9410499caf867bc149cd43bdbf1be03d3df82fe04c7cf99e3ad6ee06fb5011fc5b069bd502c2f3b3e578f587d0362e3d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_gl.dll

Filesize
29KB

MD5
be03945025cc2f68f8edd4e1ca3c32b7

SHA1
d4b1c83f6b72796377bfd3b42c55733eed8fc5e4

SHA256
aa95c108db3582a4be98fe83519aab3fed09c8cc9b326469edb89871d6562373

SHA512
a03656acfc123f06a071f0e326ce15bf17e2efe080fa276acd50cb40e35000d74a3d0762da327c59a7564bb3f03532bf04c733ae850852f62ce71fd513e9080a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_gu.dll

Filesize
29KB

MD5
951dfd4709b3fdbe79a6e43828387592

SHA1
0c7bbf1852135456692970639869618fb616ba5e

SHA256
21c72dc48cd33291520e3f432d8d59ec103496ab6508f41fa1b081b3bdf98bb8

SHA512
b338c345db00135ceb3577a67bcbc36b37be742e39aa6a333bac93ba20ab1463df55a381be95c9e9effaed4daa0ce93203ff2994459f9a23813dc0afdff03e8d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_hi.dll

Filesize
29KB

MD5
6b97796e1746317567ed7cffe9441d3b

SHA1
dd269b22021eb37fe854ff181a09bf7f9568f7ac

SHA256
a4ce75f6b1de6a2500bfd6b0ebc1c268cb3d7080dc9e7661bedd9361f7215d42

SHA512
f1856ac881de7acb7f61f2d7c1d064458855c3621fcfa951f1d1207f3d85fd6f64b26547ea1391c4145bdeee23e6611acb2fe80b8c1258dd108085e371d34d73

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_hr.dll

Filesize
29KB

MD5
8bbd58f9644187747407b0a18c60aa0a

SHA1
82888f3f2ce1dd7b9b3f5ac26bed0a6da5601dff

SHA256
35008c4ea7f22ac78d28e72311d4b3fa28d6af24072fa94558a9b3771a4b545e

SHA512
1fa7d62692062c1d22e3fe0e5c15bfbb2def115be2991001a998fcc6bbb5983d9343b06172e8f38b245587b15762b655ef58ec508160b576779963e5889efca8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_hu.dll

Filesize
29KB

MD5
e56f98d6b32f82f391d5b087a135a7ec

SHA1
c8de62b4b22a8153cb788e03f7e04c55a5ae5396

SHA256
236252a34d2efdb4e801bd827a791935aadfe6c0a471f1b252d9bf2d291a6bae

SHA512
45b9933478505759e7217a65e3a054885841c5ae9bc58983c6cb216ea2a15c53f45ecfb6b40fee07d54c289819ddc2161a651e5183e244e0f43946176f224c8a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_id.dll

Filesize
28KB

MD5
5b5366c7779dc9ce9f3a15b6f22289ac

SHA1
d9995fee337b9696be970a2a48a845ed71bd7d2b

SHA256
da6d5c982387286396f54c043bacf106f78fc76db4a33984c8b2cb88882fc9b3

SHA512
35362a3719833449bd9e757194f9b0b28c3d68a0c62f52d224b1cd5eca5a2343e1db868668e2b30d927a1966b5db5cd0b2230d7f4576627e486eb3a86913b195

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_is.dll

Filesize
28KB

MD5
b675cc1f6f5f174c265c0887d9591915

SHA1
abb182cfbe1d5723ecc380c5fa08b24c1f421af1

SHA256
c012110ad65f8244494ef2aa70696128a949fbc5797e5139afa7d4195457df1f

SHA512
be1b23a563a2b4f6b658df3f8075d48bf3921c5951a6fbe77c24a0949997e068403f5bcaa3f93030b01d7a69b1aa74ce06f37038c30145e03a9822f4854f7c0d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU70E7.tmp\msedgeupdateres_it.dll

Filesize
30KB

MD5
b8b03be1e73e1ccc0df159c48e875038

SHA1
37d1b2216f1e90a69b1be65b2c4f0f5f35e78aef

SHA256
4ee8f48af5136fb80f5d031395f92abb2b3571fdf7c4c98ae833c2ee74c49160

SHA512
ef47c8c0f8aed7a4d912986e2a3fbc34b54fdea25b006bcb63d502a6cefc42bca717a93e16ff1c137892a91b894ea15d95a53dd3b52b850bf1a75ec9bd7b3013

Download Submit
C:\Program Files\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
40dfbb4790ac60a4a905fff87818cb19

SHA1
3e0b3738ac732d56653062c09f1c5e245cdf7ffa

SHA256
4a482713ccd9c1d5a31b7c3ba6b545cdec240d9471eebfe75bcc5673bddb9f72

SHA512
94268577192014c956a0eeb20f6f694b09c71ed5005cb1ca3630a3e5cb4d6edb35c2384b746d92268a5028699f11dce58924271e703baa2f2cf90620e15ef5de

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
60KB

MD5
9d151ddce274a61e2c241b8097de35f5

SHA1
18c1eeb6d9d99f85976149a05954d1363e29a6df

SHA256
7767b2fbeb5ac15b5b2f3f546942765f6ee4bf305c3af20d5b46d2208910cdb2

SHA512
192997d160f74138bc595b82b68e28c552467b0d323436519e75042638b6f540866e25a7d6fbb08bd55f7b63e26470d03d0bf64d95245e3db795f45ff7fe9adf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e05978543f19cb36f9f0879f3ebc387a

SHA1
01b3844a3f7946f40bb9a0045f5e3b06ea504c2f

SHA256
01b3040c0b28c9756d9f22de81738a1d193b47fd2a316d562aa475869ca4560a

SHA512
dd7aca15dced0eaf38742360916391b69629d435dd3e13037bb6c7bdbf8cebc26eb817184a4112a0b26ac57b3ded09fb76313ed9863273666cb2a6d0553b74d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
037ffc9ea5c5b1d1f745325627ea8376

SHA1
87468a8b80172810212207508f358d10878b7d1c

SHA256
288a8ee1e7718063d4f54a8801f2ef105ee116eb81a4f045e6a7b07575cb4a9d

SHA512
1acc1bf4bd879c1583ad8f53ceb3f99c7df63aa87deefb357386499a8da84b0fe24d21adc4d90de066883b06559b2672e622479b2cd0951989ab1710a3b4c25d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c31835cfa43dc99411389db898ecc211

SHA1
d4ccc1447da3aaa9843c286679b9042aa867ec03

SHA256
1cce2585933c63114f460ff03c16962ee18aa37b6a2857f25654a85dfbac6be1

SHA512
4780e75f4231516241dbbf2ce14588550bb525c44446cd05554be783b712a46ee120c79fac4b066d5023d1c053816f9325bd0d1a08e67f0c0eb7be5a1f695d6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ee9586bfa5249d0fc76fdb110fbc7f7a

SHA1
9a72ca6a6aecec9f7478c1639bcd59254d253784

SHA256
9dbd884f418857043295e0182d257e2cf9bb581912811c1f32eab9f1f62fb026

SHA512
d2cadb30e96ca3a17b968080459cf6a6a45737a9388c386db281cf7d7df606b161e0b8b560e2cc26cb9c8440270382edeef3fe51dc131b324b86fc4b200d7402

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a0065a8675c9729d8b87b12898d053db

SHA1
00b0d1f5e790680a44331d42bf472b17c7dc6189

SHA256
6004848bf598d431d365ec2ece64d59045d03ed543ad588e5c47be03d3c1ce83

SHA512
2cdeaa23c4ee574e4e6312a16cb81db5a7781dc101761a1a071b200237bd120fb55a0f3e7969d1ae53b8c23bce6a8bbbf83625f944eab35ec2d865ccccddd303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e97585670deac231ff7031c805ecfa91

SHA1
6a49cfe484b9c16d543927b929b1d7a8c53935a7

SHA256
daeca6306d35457bf729b6ccf446ef5287663830bfbf370f6ab0f281c230eacd

SHA512
6e67e55c171bfdbe8e0f64f1ae5e6b3c6ca39a9d849e481f21a24b8b5979903c27ecb9e33775b68f1464e57c74edb1aa550330a7465569675c4eecd059548877

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
31113d21a99044f3dd52a60f1c400d64

SHA1
05bcd7197df220d855032f36da523f0a448120b8

SHA256
ee3e6ac1dc966586a48850c0da4847361978eb2d75acc129ab35829ef0cf6e98

SHA512
551519b0486024489c31fbb998dd36df85eb567aea34a8ed157a502e393d2632ccf6409e937101f671e927f58d64f84eb453a1cc29995424cd51613061f564c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
14a7c93cdfbd77451e36c16cd5b8a771

SHA1
a2b046443d45ebb3f3936663d1285a4da58e008d

SHA256
54f1a53219aa83b32632a9b6eacc0e911d0d28f9672db15d0d10d7bc7f274b91

SHA512
d7068cc608721984029061218782f4e5f8acd97bcf2cf52c757f73e5981f70313d080c8f8442f9d0e009454513c164db74b9490ca97952254def9342a3fc5d61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c88ea1cda0ecc4030c92083aca1122d5

SHA1
7f383244582c30ddb8f8ca6ebb1a3433e5518ce2

SHA256
1cd334993f9f34553e559c26a5bedfeca78b612d6c38ff800d5a5e556edb8a94

SHA512
b84826e74d895317ac829f239cc49bb1027c0f1096d6b054a590a5958862f503b882208899c354067183bc50693ac3c81a211cdeb190a034aa3e7d1483db785f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
edd37cf4f41eeec222e1c73dbd328298

SHA1
1010d862d5c0e04d0d5fee99aa22ec3625a97816

SHA256
61927aaed0169af7f4e2570ccea28297349526478f9d2a0f9357da264f0a057d

SHA512
7137ac0d52266ebc08f88f4b1685d5c3fc94f9eb8d58a9bf5599f5087c4090d95619d9dc9bcc1a79051bbc23d3b974c5c0bc6e388f1d88e09fb3c702eff4a05d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1f688f10a4b537b43f414b00a1dcecae

SHA1
c1941b62db7ecbd05f92172809a20c523b544a4a

SHA256
e13b830d6cec989332a1a44c3109ae8bb14c20d22d9cd1b38c5bbabeda8e2212

SHA512
b608862b74a429233e89981a6a4be40235e61ee2cd05c011bfc1c7d64c9b4cfaa58d8c1264e0f2d815521815f1cf6a11227fb2990244e6ab2731b83097793231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
3f9bdc4d5f43e3f4955a2c1c22224cb8

SHA1
e186d2e8efcd3306228ef67bc76466405a2f0486

SHA256
229397f36684772d2259ef50ec43dd146ac90b12e121810e0a81b577d0207316

SHA512
82ac726ffd01e8efebe953e734b10633ee12a67fa93089cc35d81a2ad29da036f88e4278909e6dfdc0f4cda9c61e26ce77fd223f6b39032953709514b8e91aee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5be6d6bbeafcbc9ee01db22838045d5d

SHA1
fd603ebd7fc7d7859754a1ce870554717b33dc89

SHA256
b17f4cedcdb9067f93a62fd7c41b8503d2b896453cda7292cab4c936497711d9

SHA512
6650a4851ab660c2c91a84afce010abcc80636c4903f1265576f1f85e4c4427833120b541136c0ffafdc103251a991b58fe76abb7fa2b7605ba6ec5ca526bcab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b3270fc577da10c1d55a4c2b8741aaf9

SHA1
c6b9307bc14cd13ae5f5a3eb77322e258aa09df9

SHA256
28468ceaff7afc581843b5ac1e8ce72d0f40030433d957b6af8f283aa4a52b41

SHA512
a8dd4e2ee347120dde1e764a61f9d74803cef869e829f074f9bba5b61de05c309863f07da34f69a01ab14bc7802e0da9bd79ddcb89ae1cd192acacdc0cf41830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d96c0d7e92fea7ccce50c4f9be14eff9

SHA1
ce24c7dfa6a6eba9ca37f9f5e06d8b2f01fad3da

SHA256
bb32e9dd33746e02b3fd4b9b03505d4f98448584e6af19470e73441413d5db60

SHA512
3c5a6fb321de8455d0bf3b067a67b980946c24920ce90ab437d696b09a796a9fbed375d0064541f5f659fcce804f27e3465515dc1a36350fb29c0e1d2727ef07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
317cfd1eaf0451a5cf36fca3df6b4bcd

SHA1
1a318afa19a7005fe0106500d1c81c1b2d6d1f0f

SHA256
77003e60f1b9ab7caa342bc07dccbbe809410f25bec15f4f6f8101db0bd99b7f

SHA512
62467fb2ab0ac4e17831a6829e0ea3d11157b17ac7622953ffc8d6caf6c9e3067870497a21982a1e6a6dadee90ce9f4bca7ef97a648a4cc603374bd0f79bf126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0039297c690940b1444f9bd8b9990d73

SHA1
4c36f928852813948cd044b4d0e88d2bd2c184d5

SHA256
e338acc885cf3c3b7bcc8a1fc6384c40e2689cee53c38768691bb858de6861c1

SHA512
ab165daefd6d0beaad1828dee616210a15f18b5a8b7d2124c5db8c7899ae9fd06247010f303b22cd0a983044a80e5a4624f72558d71fccd1cc56bef6b5695784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c67c780f04503aa4884d37bc58319ec7

SHA1
0ebb7e9b27e72e2301fd60f97ad176b4b614a402

SHA256
aa622bb6db0ce7776c4f367fd4ceb0b1ea02c219d6627c6a099a108f82f3667e

SHA512
fe5ae4a4447a429406001c86bd69e4a1958cf3da824924de46d5907d7723b1917fc5ded40d778ef9f63fc983a8a40d460014605e396b64099eabd55c69e89358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d26333e5496cff1023e5794a0c749b3d

SHA1
ddab43b83597bc9896adb475081375476d595b70

SHA256
b4291993d8ea358fd80f0b0f449a4bb22c2ecea3a141d1a0f8d092d676431ebd

SHA512
054c967c40ea90924b3746389356613d11576d6a4685594b4c1bd3e872f3ee1af27ef1aad019c032d06e15287a6b6da7a748067b80642726e95e684be029769e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0621539cce544e77bd2b3855111ad5be

SHA1
e425e36cb4bbf2899e64bd168f10479f24144037

SHA256
2bc72739f6bd93eec110ef58cefd1ce4dc3d5673be82154ae7195862139851b9

SHA512
da0d5e636c72b3939ee06e2aa8bec018fb1a92fb578d46baa7e4a63e010fa32d727750188f5c02ac4ad9151e410ed4273a53b91e2ebfd2d85d99f5c2c0040a5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
977ae4deef175fad88271f7b24362a90

SHA1
3b5bb099dcaa1313726e16c6ca85338589c1d419

SHA256
b7fa9d0a562bb1521c63f6da06ae0aa3c91e1bd84fde7062751f08f21881c83b

SHA512
cf235fa04a829bc6a273c092b0811f036b718969a5221358cd529d0c9d7917bf241fb07a68c0665afc764d25d3ca9570ef558089c3a9344f1d295ebab97641df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
08422de163d139fb8420acfbdfc364ec

SHA1
589e402d45b5b39012a6ecf25e41a55ac2d14c78

SHA256
d57624f613143d57b65ac3cccf72b4b393874993c3cab489b3791cd8584757ec

SHA512
979e083a4d05d4d60fe817b5bcb2b5f59b4231d1b36b8f8d0e6f379fde2a3a447e8981bfe26efa1a079a830e19835e980f9069fe49263684afc183cbd2b0c8b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1138f14382c7dbd6b366b0a390bc08a8

SHA1
75e8feedaa0c9e54d96d71c5c4417bb365042daa

SHA256
463035d843a4ff972b0f5b6d2b0693eec490eb6ac80aa823cad544afb6762a7f

SHA512
b3991f6a86bd662233ad643b9257c31a311b0c40f0bcea0429bacb9f6ff90ae985165653e7d34b07640de80a2a26b23499522ba7a3e92e053b3595c6911b5e9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c1e1331996229e8929c29af49bd0b67d

SHA1
aaa8fd4a2f7d4bb21d21aec3db156c8f99cd300f

SHA256
02ff740fc5a0d13c68b7784ffb79c727355ca3770a22bd2717ad2ad2858f20a6

SHA512
c221b7e8b9888a3f7619545263877d130bb5e987f9e4c04b9a9e365438ae24fb1ca25a275742754c36cf6714d0efb254611d3cef28b5b22044dac8ad7eadcd35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
05239b68572f0a6016a8ed706236cea4

SHA1
5257e1e3617593a67ccb3bdcd794eec9fcf13870

SHA256
878affe681dc27573a8be20182e6c8cfff63a69d53f9a6b8c1f460c2574e3d6d

SHA512
a31f4bd2ad3d3d8e3a49e95acaca42677f66fef8f98d788c6f88d7c2be7572a8641a4e6d570c1f1cb8c4a1b2d147129ae03d433487992f551bb3a3d986b484b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7c6166b984acd1666c4e7bdb37ef478a

SHA1
92fa8c7f77ef7caa46300af8b2df1e34574b986c

SHA256
dd7286ca16961ff236eca2ba224aeb46449015147755268f1e20d49446de179d

SHA512
50bba47845b42c9937824915fe206b8642ff25166f2b315a78c014108761ea7296f58977d8621cf5eacc159c3887d157be0be5076be9ec4f075f100372b3f560

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
52eb7c8f1f327a9ba9ae9535b81a5798

SHA1
a5aace1140d3128f0e2184f8c4899c829f9b0a4f

SHA256
2a2adb2b419744d12adc1a7e66059284e5daa4bbd08694af14c50a800ad944db

SHA512
f0fa00b090bbe19761d61eea31f82c7a876757e705820d800ecbeeb0a6aa73589dca1c69f3f656bd7f644b498a553fc18b3e58f64622673794168e2ff96063a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c5f67e9cef5ef716226970bde6c48fec

SHA1
1ce7f54fa046abc7c21469d9675cd0ea9f1efd10

SHA256
35b68f71c3eae8475fc167c987a53bb3ec2d4e4d5b699d313793319612e5dcb2

SHA512
d581b77d0cb98e6c327f53556558f5fa97be420d4069bfcb9d173738e9be17539b7fed7356cc0f363e66571b671cd03a2e41100c64093e75950e6871a2eb291a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a1ef92be3b139b22c41e86a3c4bb30dd

SHA1
0ee9a056342f2e81b45f8fdb1ca32f03ad2fce16

SHA256
119aa23ba2beab70c492aa573137d0ff8746de7592fa0ac6ace6693d36d025ac

SHA512
a356f5933379b2ad56ecc909e5cc0c624c9d6ff21de3200b70ed9ff73e4e5201dde7c72638120afeb0a05392b04afd4e914585f73de1fd5e03aee623f3c0d81d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
075b5b7b7bc13003e9bfb6effb8fa347

SHA1
ce48d993f9c54ac46e85e2b6f3041733ba7cb5a8

SHA256
05e49cd4215078950308f6262ef9e0163ccd8958bd607eccd4e600dd9863f886

SHA512
ff55738ad5f38e0524920c16cf633ee17ca93f762bc7d42aa3208676e45fdbbee387cb6b2d13edfaefaa2235df3d06f2fb3fc630c28ec6f1fc10763ad056daf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eba2487f25aa467b2c5926f9c0dd65ca

SHA1
10057d128ab5abddec7c58fc99bf90d7c1050994

SHA256
c162f1cd13576e8936051a91e114bdb497cef46de5d049f8771ce1c971a28fbb

SHA512
9efd9545458c87067af646d6b4e83718e4da07fcb5c9afc7ad9ea59c295394d861bbcb39c1d2b3f2dfad3129474c7050020c9bee2643cbcb308daf97b6b2d94d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1614149798436d21f3c100e80888e37d

SHA1
dcb73a935a637bd61c2b66330946af438d7122a0

SHA256
3f5a5d2f1e48ab567e8c4fabbaea4c595b7b09b474a891b3d1c3037a07234cbd

SHA512
4a1245916132503a8b4971530b8e54273cf52db6ec51bd98e53f04b167c9e6fb323579bf843d942f92fbbe41aa8c32acb77e839aed3d9758ca8a37531b67a707

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c4111917832be178b4ba0bd34338cfdd

SHA1
fdb192975e1bb26f2700a54a607007aece6fff45

SHA256
ebefa029c64e1d990b609bcb09b79db2ca829da04ed5c9f85175b5d573a39d02

SHA512
983749901e94010e5483648dd5a0a968ee63063e3f43288a2dcd74f5c3b760a71f30a1d21bb761c4381473a31ceb8aafe4b935f3ce924d06b442778f63c6dea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2fc01a13b4a0a72c731b8a39614a6122

SHA1
6eb233822e99b8695556edb89502b45665acad83

SHA256
19e426b32c4a7fa727b4891a1a01394b058ab82a9d3ffc47affb2a8d6ecb042e

SHA512
93a8ec639ace05a0c612b41e79fa4fcbea24aa227a86071747d51e8003a2c3b4b2c474e6c2967891b8f63bc8913e2f3ba52e72b64fd4da77ab0816addd0ddb2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
77111660f55eac85ca87750815585202

SHA1
ca61076b71d4d449231f4488c56546a9c50f8370

SHA256
e1af3802c91323edf317da99b880fe48b5fd1b24da9dd009f3abd4cd4ffdae35

SHA512
76cf0372a9d073a4d07d6fbdd13fac0771e0aba7b7003f7468fddc55038d3b3ba9167a63069dfc934aa1433ed7dcf1bd0860da4d641382ca4f739331bf89640f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9b96052edd38e3c88946630ace9d585c

SHA1
77382165a8150d0ae494534cd1ad8d2107d8c4c8

SHA256
9c596ccc4ef97f9d22af534c130dbff823006ba6afb326e780976caad5256d07

SHA512
3da2e93e3b9f3106e2167643c0c1b7c65a822e80f902b1e33a9003b85c56efb6a2447e21da409975e2f2a64f13e180ee55d17b04d5134d3cdc239ca2813ef1d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
745a85bfb18f272550fa9c83b3ceba9e

SHA1
52dcad46c38f3d76a342bc6f5a24309c1879eb81

SHA256
1a3fcc2aa290f71cabbe265934d239c0f780c896bbc50485c2d45de454346a53

SHA512
33e9fdad0a2713ac2cc65062197104ed4be19ab571937261b501faa8719cb7d199f7b3a6a7d7ce8d6ca3a7dcc1fb663585253ebb2af08c01c492bebfd0848b44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ddab0c7ad099ccbf0c6171030188bb2d

SHA1
a52483d6fc2ac036863dbd3f376c32e97cf0606b

SHA256
061c077bf45cd488245d6bf969b16181d1f05e485fcd92dd22428f2ea62715d6

SHA512
0b3a6c7b50119f0a2c0fc2e2abd0053292d17160276e8351fefe2002b54c52c30d0d140ca6399c43697494c46ed7c3d1435914d41c1e9fea88d16a62e5fa4543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ee2d32c7dd826487443359ccec6d8eac

SHA1
42cd7137427792a6ba51ad42224e8120615f42e9

SHA256
bc79142121c41b5e0b3fa5be01e4ecbc33647a2bf07556b5e6e6caeaecfd01f7

SHA512
69e51a00e3ab4c76db1f0e73f3b7d6636e4fb9cfe8180eac40c2ad9a9bdd6c1e0732ad4cd01fc531bf3cdfaf3113d5a3bd0f4979043bce579058a7f436c2bbc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
91d56264f3675e7d44f3f2ed40655a00

SHA1
9b69f059f43132d04cfcea02d8f2b71ae724314d

SHA256
4f15152242cd3a11d0b06f23a104c65652de1ec7b32f1d5b513b25d6dfaabe8d

SHA512
022444c8e2a975c61837ec29fe3f5e302a2af4c90bce901cb1202eecc2641c2534823495d8bd5d920a1e2d16bf196588f0a359e23070c3c36948d4136154da02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
50ccbcf484f750b617cf1ff1477fbd01

SHA1
80945deeea96efc878d5a864b85b9b1a5bb2a25d

SHA256
5740a9bc247d83b359c901d3e3c8ae9df29aa14dd3eebfe72f45299343a0ef17

SHA512
da37aaa52c5b7587047f7ed1a2a99ee544b4b028d8f8af0268a6ea6fa3144d94dd92d0bd82beec9ba337451e695ef3338a04f0cdba1317ddf492382b8b1aed80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
01baf8a6532250947d59ca3055a34daf

SHA1
977b9f6d84d53bb32098a7b988ec88f059694529

SHA256
a6204ff8e86a9abde4d13871695442a0c06d8e48a7884f03c08e5d1c2f720f64

SHA512
12013cb5854c7c2bf171a20d187119e76c29524d2fed1e35f6cb2a585299a1c253b7949ef49e319ccdcc9b60a45307c0d62118bad69120830ac8288603016283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
4071b3dba0e8ce0d462063324c07abcb

SHA1
cf51ba72c30191f2fbd0d63d14dfad40d6f56b0e

SHA256
995e427b13793ea795e236c8d78c736c149330e307154f80fa2260158eaeb33a

SHA512
5b1d624c4e1da0be63611d0910c5537e191e666b40e5e631c7af7408daf24ad02f682b322c4cd2c92b81d6b355bf6b10f730c90fafd8ed6abfd00dc98efd434a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 691708.crdownload

Filesize
1.6MB

MD5
d2ebd82a5d3fac11d44d90d8df253bb9

SHA1
ba94b456e111ea9573fe150ad4090a66540c9938

SHA256
04b65aa7b23d0c7ebbd6e022a600fbc43c0ee896ed280e48ac59e17fb0a2311d

SHA512
49e9ef8066200cd6ec079943c1fbcda95cab2d3042f635ed57949e0c0701ecdf34ea8f16324994dc77bc3ec9fc67882ea88b4d543974e90bf4e8cf69b15e073c

Download Submit
memory/872-67-0x00007FFA2C3E0000-0x00007FFA2C3E2000-memory.dmp

Filesize
8KB

Download
memory/872-65-0x00007FFA2E180000-0x00007FFA2E182000-memory.dmp

Filesize
8KB

Download
memory/872-75-0x000002D0CE2F0000-0x000002D0CE33E000-memory.dmp

Filesize
312KB

Download
memory/872-71-0x00007FF9FEB00000-0x00007FFA00393000-memory.dmp

Filesize
24.6MB

Download
memory/872-70-0x00007FFA2BF80000-0x00007FFA2BF82000-memory.dmp

Filesize
8KB

Download
memory/872-69-0x00007FFA2BF70000-0x00007FFA2BF72000-memory.dmp

Filesize
8KB

Download
memory/872-68-0x00007FFA2C3F0000-0x00007FFA2C3F2000-memory.dmp

Filesize
8KB

Download
memory/872-66-0x00007FFA2E190000-0x00007FFA2E192000-memory.dmp

Filesize
8KB

Download
memory/872-64-0x00007FFA2E170000-0x00007FFA2E172000-memory.dmp

Filesize
8KB

Download
memory/1540-6-0x00007FFA2BF80000-0x00007FFA2BF82000-memory.dmp

Filesize
8KB

Download
memory/1540-11-0x0000019C62550000-0x0000019C6259E000-memory.dmp

Filesize
312KB

Download
memory/1540-1-0x00007FFA2E180000-0x00007FFA2E182000-memory.dmp

Filesize
8KB

Download
memory/1540-7-0x00007FFA05170000-0x00007FFA06A03000-memory.dmp

Filesize
24.6MB

Download
memory/1540-2-0x00007FFA2E190000-0x00007FFA2E192000-memory.dmp

Filesize
8KB

Download
memory/1540-0-0x00007FFA2E170000-0x00007FFA2E172000-memory.dmp

Filesize
8KB

Download
memory/1540-5-0x00007FFA2BF70000-0x00007FFA2BF72000-memory.dmp

Filesize
8KB

Download
memory/1540-4-0x00007FFA2C3F0000-0x00007FFA2C3F2000-memory.dmp

Filesize
8KB

Download
memory/1540-3-0x00007FFA2C3E0000-0x00007FFA2C3E2000-memory.dmp

Filesize
8KB

Download
memory/1776-611-0x0000000000440000-0x0000000000475000-memory.dmp

Filesize
212KB

Download
memory/1776-743-0x0000000074F30000-0x0000000075155000-memory.dmp

Filesize
2.1MB

Download
memory/1776-612-0x0000000074F30000-0x0000000075155000-memory.dmp

Filesize
2.1MB

Download
memory/1776-646-0x0000000074F30000-0x0000000075155000-memory.dmp

Filesize
2.1MB

Download
memory/1972-759-0x000002CFBE0F0000-0x000002CFBE0F1000-memory.dmp

Filesize
4KB

Download
memory/1972-761-0x000002CFBE0F0000-0x000002CFBE0F1000-memory.dmp

Filesize
4KB

Download
memory/1972-763-0x000002CFBE0F0000-0x000002CFBE0F1000-memory.dmp

Filesize
4KB

Download
memory/1972-760-0x000002CFBE0F0000-0x000002CFBE0F1000-memory.dmp

Filesize
4KB

Download
memory/1972-753-0x000002CFBE0F0000-0x000002CFBE0F1000-memory.dmp

Filesize
4KB

Download
memory/1972-754-0x000002CFBE0F0000-0x000002CFBE0F1000-memory.dmp

Filesize
4KB

Download
memory/1972-755-0x000002CFBE0F0000-0x000002CFBE0F1000-memory.dmp

Filesize
4KB

Download
memory/1972-764-0x000002CFBE0F0000-0x000002CFBE0F1000-memory.dmp

Filesize
4KB

Download
memory/1972-765-0x000002CFBE0F0000-0x000002CFBE0F1000-memory.dmp

Filesize
4KB

Download
memory/1972-762-0x000002CFBE0F0000-0x000002CFBE0F1000-memory.dmp

Filesize
4KB

Download