dce31792fe101a00f0d1a84f33f6bd15cd5c7d0d08d77c6dded73bc336e10573

Analysis

max time kernel
259s
max time network
272s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 06:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

s.txt
Size

39B
MD5

a3ce2e687075623270e9cdf2d168ddc0
SHA1

4f7f87d8cd0d0620d9d4a6eed24cbd42d45b40a2
SHA256

dce31792fe101a00f0d1a84f33f6bd15cd5c7d0d08d77c6dded73bc336e10573
SHA512

0c4a78ba83edde020d05cf6c8cd5a57878a4444452f0952be591ce30d1f4845872db6453f89f6c8c5e8570f4da25803511877a69029da7318ad5225a91f1b6c8

Score

8^/10

discovery execution persistence privilege_escalation

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 12 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
3852	powershell.exe
5736	powershell.exe
924	powershell.exe
2908	powershell.exe
3300	powershell.exe
5516	powershell.exe
5516	powershell.exe
3852	powershell.exe
5736	powershell.exe
924	powershell.exe
2908	powershell.exe
3300	powershell.exe

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 9 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 39 IoCs

pid	Process
4716	MicrosoftEdgeWebview2Setup.exe
1008	MicrosoftEdgeUpdate.exe
2376	MicrosoftEdgeUpdate.exe
2192	MicrosoftEdgeUpdate.exe
1884	MicrosoftEdgeUpdateComRegisterShell64.exe
3740	MicrosoftEdgeUpdateComRegisterShell64.exe
596	MicrosoftEdgeUpdateComRegisterShell64.exe
3236	MicrosoftEdgeUpdate.exe
3796	MicrosoftEdgeUpdate.exe
2604	MicrosoftEdgeUpdate.exe
1380	MicrosoftEdgeUpdate.exe
5716	MicrosoftEdge_X64_128.0.2739.79.exe
5760	setup.exe
5780	setup.exe
6020	MicrosoftEdgeUpdate.exe
6124	msedgewebview2.exe
1320	msedgewebview2.exe
3884	msedgewebview2.exe
5296	msedgewebview2.exe
5076	msedgewebview2.exe
3648	msedgewebview2.exe
1932	msedgewebview2.exe
6040	msedgewebview2.exe
6052	msedgewebview2.exe
5004	msedgewebview2.exe
180	msedgewebview2.exe
4300	msedgewebview2.exe
3004	msedgewebview2.exe
5828	msedgewebview2.exe
3992	msedgewebview2.exe
4616	msedgewebview2.exe
4232	msedgewebview2.exe
6136	msedgewebview2.exe
2760	msedgewebview2.exe
5176	msedgewebview2.exe
4324	msedgewebview2.exe
4260	msedgewebview2.exe
5584	msedgewebview2.exe
2084	msedgewebview2.exe

Loads dropped DLL 64 IoCs

pid	Process
1008	MicrosoftEdgeUpdate.exe
2376	MicrosoftEdgeUpdate.exe
2192	MicrosoftEdgeUpdate.exe
1884	MicrosoftEdgeUpdateComRegisterShell64.exe
2192	MicrosoftEdgeUpdate.exe
3740	MicrosoftEdgeUpdateComRegisterShell64.exe
2192	MicrosoftEdgeUpdate.exe
596	MicrosoftEdgeUpdateComRegisterShell64.exe
2192	MicrosoftEdgeUpdate.exe
3236	MicrosoftEdgeUpdate.exe
3796	MicrosoftEdgeUpdate.exe
2604	MicrosoftEdgeUpdate.exe
2604	MicrosoftEdgeUpdate.exe
3796	MicrosoftEdgeUpdate.exe
1380	MicrosoftEdgeUpdate.exe
6020	MicrosoftEdgeUpdate.exe
1788	myproject.exe
6124	msedgewebview2.exe
1320	msedgewebview2.exe
6124	msedgewebview2.exe
6124	msedgewebview2.exe
6124	msedgewebview2.exe
3884	msedgewebview2.exe
5296	msedgewebview2.exe
3884	msedgewebview2.exe
5076	msedgewebview2.exe
5296	msedgewebview2.exe
5076	msedgewebview2.exe
3884	msedgewebview2.exe
3884	msedgewebview2.exe
3884	msedgewebview2.exe
3884	msedgewebview2.exe
3648	msedgewebview2.exe
3648	msedgewebview2.exe
3648	msedgewebview2.exe
6124	msedgewebview2.exe
348	myproject.exe
1932	msedgewebview2.exe
6052	msedgewebview2.exe
6052	msedgewebview2.exe
6052	msedgewebview2.exe
3180	myproject.exe
5004	msedgewebview2.exe
5004	msedgewebview2.exe
180	msedgewebview2.exe
5004	msedgewebview2.exe
5004	msedgewebview2.exe
4300	msedgewebview2.exe
3004	msedgewebview2.exe
5828	msedgewebview2.exe
3004	msedgewebview2.exe
5828	msedgewebview2.exe
4300	msedgewebview2.exe
4300	msedgewebview2.exe
4300	msedgewebview2.exe
4300	msedgewebview2.exe
4300	msedgewebview2.exe
3992	msedgewebview2.exe
3992	msedgewebview2.exe
3992	msedgewebview2.exe
5004	msedgewebview2.exe
4836	myproject.exe
4616	msedgewebview2.exe
4616	msedgewebview2.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Maps connected drives based on registry 3 TTPs 6 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	myproject.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	myproject.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	myproject.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	myproject.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	myproject.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	myproject.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Checks system information in the registry 2 TTPs 16 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	msedgewebview2.exe

Enumerates processes with tasklist 1 TTPs 3 IoCs

discovery

Process Discovery

T1057

pid	Process
452	tasklist.exe
3748	tasklist.exe
4936	tasklist.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\Locales\is.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\tr.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\microsoft_shell_integration.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\libGLESv2.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\pt-BR.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Trust Protection Lists\Mu\Other	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\sr.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\te.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\MEIPreload\preloaded_data.pb	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_da.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\az.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\bg.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\hi.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\Locales\gu.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Trust Protection Lists\Mu\TransparentAdvertisers	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\hr.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\Locales\am.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdate.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_gu.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_ms.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\vk_swiftshader.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\Locales\sv.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\km.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\128.0.2739.79.manifest	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\v8_context_snapshot.bin	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\Locales\ur.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\nn.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\uk.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\ca.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\nb.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_tr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_eu.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\as.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\mi.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\identity_proxy\win11\identity_helper.Sparse.Internal.msix	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\identity_proxy\win10\identity_helper.Sparse.Canary.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\concrt140.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\gd.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\Locales\bg.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\fa.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\he.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedge.exe.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\ka.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_pl.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\identity_proxy\beta.identity_helper.exe.manifest	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\identity_proxy\win11\identity_helper.Sparse.Stable.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Trust Protection Lists\Mu\Cryptomining	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\PrivacySandboxAttestationsPreloaded\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\ms.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\SetupMetrics\5760_13371200744437717_5760.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_pt-PT.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files\7315aa50-2174-40af-b92d-cf600ad48bba.tmp	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\VisualElements\SmallLogoBeta.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\onnxruntime.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\dxil.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\sq.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\tt.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\Edge.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_nn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\identity_proxy\win11\identity_helper.Sparse.Internal.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Locales\pt-PT.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Installer\setup.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\Locales\fr.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\vk_swiftshader_icd.json	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3236	MicrosoftEdgeUpdate.exe
1380	MicrosoftEdgeUpdate.exe
6020	MicrosoftEdgeUpdate.exe

Detects videocard installed 1 TTPs 3 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
4112	wmic.exe
5328	wmic.exe
3800	wmic.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe

GoLang User-Agent 6 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

description	flow	ioc
HTTP User-Agent header	134	Go-http-client/1.1
HTTP User-Agent header	144	Go-http-client/1.1
HTTP User-Agent header	160	Go-http-client/1.1
HTTP User-Agent header	161	Go-http-client/1.1
HTTP User-Agent header	126	Go-http-client/1.1
HTTP User-Agent header	128	Go-http-client/1.1

Modifies data under HKEY_USERS 46 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133712006125558895"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\ = "Microsoft Edge Update Process Launcher Class"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{31FB561A-CD57-4AF0-AE52-5652A86256B1}\ = "PSFactoryBuffer"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass.1\CLSID\ = "{8F09CD6C-5964-4573-82E3-EBFF7702865B}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\APPID\{A6B716CB-028B-404D-B72C-50E153DD68DA}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\ = "Microsoft Edge Update Update3Web"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ = "Microsoft Edge Update Core Class"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CoreMachineClass"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ProgID\ = "MicrosoftEdgeUpdate.CoreMachineClass.1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass\CurVer\ = "MicrosoftEdgeUpdate.CoreClass.1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0B4C1840-3931-4AA5-A64F-95339D05E614}\InprocHandler32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\ = "Microsoft Edge Update Process Launcher Class"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0B4C1840-3931-4AA5-A64F-95339D05E614}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.19\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CLSID\ = "{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
232	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 31 IoCs

pid	Process
2868	chrome.exe
2868	chrome.exe
1788	myproject.exe
1008	MicrosoftEdgeUpdate.exe
1008	MicrosoftEdgeUpdate.exe
1008	MicrosoftEdgeUpdate.exe
1008	MicrosoftEdgeUpdate.exe
1008	MicrosoftEdgeUpdate.exe
1008	MicrosoftEdgeUpdate.exe
3852	powershell.exe
3852	powershell.exe
3852	powershell.exe
5736	powershell.exe
5736	powershell.exe
5736	powershell.exe
348	myproject.exe
3180	myproject.exe
924	powershell.exe
924	powershell.exe
924	powershell.exe
2908	powershell.exe
2908	powershell.exe
2908	powershell.exe
4836	myproject.exe
3300	powershell.exe
3300	powershell.exe
3300	powershell.exe
5516	powershell.exe
5516	powershell.exe
5516	powershell.exe
5028	myproject.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
6124	msedgewebview2.exe
6124	msedgewebview2.exe
5004	msedgewebview2.exe
4616	msedgewebview2.exe
4616	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeCreatePagefilePrivilege	2868	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
4836	myproject.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2384	2868	chrome.exe	91
PID 2868 wrote to memory of 2384	2868	chrome.exe	91
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3448	2868	chrome.exe	93
PID 2868 wrote to memory of 3040	2868	chrome.exe	94
PID 2868 wrote to memory of 3040	2868	chrome.exe	94
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95
PID 2868 wrote to memory of 4664	2868	chrome.exe	95

System policy modification 1 TTPs 3 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection	msedgewebview2.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection	msedgewebview2.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection	msedgewebview2.exe

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\s.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf8,0x124,0x7ffbee97cc40,0x7ffbee97cc4c,0x7ffbee97cc58
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,16747473644019350405,6260042051113136637,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,16747473644019350405,6260042051113136637,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,16747473644019350405,6260042051113136637,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,16747473644019350405,6260042051113136637,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3424,i,16747473644019350405,6260042051113136637,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3692,i,16747473644019350405,6260042051113136637,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4816,i,16747473644019350405,6260042051113136637,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,16747473644019350405,6260042051113136637,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5116,i,16747473644019350405,6260042051113136637,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3200,i,16747473644019350405,6260042051113136637,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5260,i,16747473644019350405,6260042051113136637,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3216 /prefetch:8
  2⤵
  PID:3852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3840,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=1048 /prefetch:8
1⤵
PID:2960

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3564

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1560

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3096

C:\Users\Admin\Downloads\solara\sеtuрС++\myproject.exe
"C:\Users\Admin\Downloads\solara\sеtuрС++\myproject.exe"
1⤵
- Loads dropped DLL
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
PID:1788
- C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
  C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4716
- - C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1008
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2376
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2192
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1884
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3740
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:596
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUJCODg1QkUtOEIyNy00OUM0LUEwQzgtNjQwRTY3QzNERDY3fSIgdXNlcmlkPSJ7QjgxRjJFRTUtMkFGMC00RDBELTkyMDgtMjVFRTU1MEM3MjkwfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0JFQzA5M0NFLUI0QjctNDg0NS1CMzM5LUVBQUE2OUJEQkQ2Nn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjE1IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4xOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTg2MzMyMTI0NiIgaW5zdGFsbF90aW1lX21zPSI4MjgiLz48L2FwcD48L3JlcXVlc3Q-
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:3236
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{1BB885BE-8B27-49C4-A0C8-640E67C3DD67}"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3796
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=myproject.exe --user-data-dir="C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-features=msSmartScreenProtection --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=1788.6112.13407565026130936169
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - System policy modification
  PID:6124
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.138 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=128.0.2739.79 --initial-client-data=0x178,0x17c,0x180,0x154,0x1ac,0x7ffbfa069fd8,0x7ffbfa069fe4,0x7ffbfa069ff0
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1320
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView" --webview-exe-name=myproject.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1856,i,18018259952196796066,14433074282392462943,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1848 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3884
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView" --webview-exe-name=myproject.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1920,i,18018259952196796066,14433074282392462943,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:3
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5296
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView" --webview-exe-name=myproject.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2240,i,18018259952196796066,14433074282392462943,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2392 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5076
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView" --webview-exe-name=myproject.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3784,i,18018259952196796066,14433074282392462943,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=3808 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3648
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView" --webview-exe-name=myproject.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4752,i,18018259952196796066,14433074282392462943,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4700 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6052
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath \"C:\ProgramData\";" powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Downloads\solara\sеtuрС++\myproject.exe\""
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:3852
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle hidden -Command Add-MpPreference -ExclusionPath C:\Users\Admin\Downloads\solara\sеtuрС++\myproject.exe
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:5736
- C:\Windows\System32\Wbem\wmic.exe
  wmic path win32_VideoController get name
  2⤵
  - Detects videocard installed
  PID:4112
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:452
- C:\Windows\System32\Wbem\wmic.exe
  wmic csproduct get uuid
  2⤵
  PID:5256

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2604
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUJCODg1QkUtOEIyNy00OUM0LUEwQzgtNjQwRTY3QzNERDY3fSIgdXNlcmlkPSJ7QjgxRjJFRTUtMkFGMC00RDBELTkyMDgtMjVFRTU1MEM3MjkwfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NkU0OUUwQUMtMEEyMC00NEQ0LThCOTMtMzhGRDgxMTY5MTU4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90Oy9yMjUycCs2Ylo0b2lURnM1WTF3dCt4c3BlWlgzWUNDNi9MNlo2UEl1ZWM9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI0NyIgaW5zdGFsbGRhdGV0aW1lPSIxNzIyNjAyODI1IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNjcwNzUyOTA4MjEwNTkxIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjExNDMyNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTg3MDM1MjEwNiIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1380
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9CE9C97-E97A-4401-85F7-1CE5901D6BCE}\MicrosoftEdge_X64_128.0.2739.79.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9CE9C97-E97A-4401-85F7-1CE5901D6BCE}\MicrosoftEdge_X64_128.0.2739.79.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:5716
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9CE9C97-E97A-4401-85F7-1CE5901D6BCE}\EDGEMITMP_ACD56.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9CE9C97-E97A-4401-85F7-1CE5901D6BCE}\EDGEMITMP_ACD56.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9CE9C97-E97A-4401-85F7-1CE5901D6BCE}\MicrosoftEdge_X64_128.0.2739.79.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:5760
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9CE9C97-E97A-4401-85F7-1CE5901D6BCE}\EDGEMITMP_ACD56.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9CE9C97-E97A-4401-85F7-1CE5901D6BCE}\EDGEMITMP_ACD56.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.138 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9CE9C97-E97A-4401-85F7-1CE5901D6BCE}\EDGEMITMP_ACD56.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.79 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff774d816d8,0x7ff774d816e4,0x7ff774d816f0
      4⤵
      Executes dropped EXE
      PID:5780
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUJCODg1QkUtOEIyNy00OUM0LUEwQzgtNjQwRTY3QzNERDY3fSIgdXNlcmlkPSJ7QjgxRjJFRTUtMkFGMC00RDBELTkyMDgtMjVFRTU1MEM3MjkwfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezI2QkIxRTgxLUJDNzktNDUxMS1CQUQyLUVDM0E5MzFEN0EyN30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjguMC4yNzM5Ljc5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1ODg0MjU4NTk3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTg4NDI1ODU5NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY1NTU3NDk1MDUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzNjMGRlMmJmLTY1YmYtNDlkNS1hY2IxLTM3OWJhODIxNWM2MD9QMT0xNzI3MzMxODY1JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUxXeVlWdDVOb216OGc1UEhoRjdTbEFCWDV5d0VUd1pQRzBzTG00cmR4VlpFRlpCQktDVU8wR3Q2TW5TVmlqd3hnJTJiSnJLTjdrTmY0NDhoZ2hxODRobHclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzM5MDk1ODQiIHRvdGFsPSIxNzM5MDk1ODQiIGRvd25sb2FkX3RpbWVfbXM9IjYwMDcyIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjU1NTkwNTk0NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY1Njk4MTMxMjMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjcwMTMzMDM5NTYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI4NzUiIGRvd25sb2FkX3RpbWVfbXM9IjY3MTMzIiBkb3dubG9hZGVkPSIxNzM5MDk1ODQiIHRvdGFsPSIxNzM5MDk1ODQiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQ0MzUwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6020

C:\Users\Admin\Downloads\solara\sеtuрС++\myproject.exe
"C:\Users\Admin\Downloads\solara\sеtuрС++\myproject.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:348
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=myproject.exe --user-data-dir="C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-features=msSmartScreenProtection --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=348.4744.13102227755758692861
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1932
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.138 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=128.0.2739.79 --initial-client-data=0x170,0x174,0x178,0x14c,0x78,0x7ffbfa069fd8,0x7ffbfa069fe4,0x7ffbfa069ff0
    3⤵
    - Executes dropped EXE
    PID:6040

C:\Users\Admin\Downloads\solara\sеtuрС++\myproject.exe
"C:\Users\Admin\Downloads\solara\sеtuрС++\myproject.exe"
1⤵
- Loads dropped DLL
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
PID:3180
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=myproject.exe --user-data-dir="C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-features=msSmartScreenProtection --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3180.3480.17201187134405264285
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - System policy modification
  PID:5004
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.138 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=128.0.2739.79 --initial-client-data=0x160,0x164,0x168,0x13c,0x194,0x7ffbfa069fd8,0x7ffbfa069fe4,0x7ffbfa069ff0
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:180
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView" --webview-exe-name=myproject.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1820,i,3449522981542352731,15436562312104754535,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1816 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4300
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView" --webview-exe-name=myproject.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1852,i,3449522981542352731,15436562312104754535,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1896 /prefetch:3
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3004
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView" --webview-exe-name=myproject.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2232,i,3449522981542352731,15436562312104754535,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5828
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView" --webview-exe-name=myproject.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3584,i,3449522981542352731,15436562312104754535,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=3596 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3992
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath \"C:\ProgramData\";" powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Downloads\solara\sеtuрС++\myproject.exe\""
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:924
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle hidden -Command Add-MpPreference -ExclusionPath C:\Users\Admin\Downloads\solara\sеtuрС++\myproject.exe
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2908
- C:\Windows\System32\Wbem\wmic.exe
  wmic path win32_VideoController get name
  2⤵
  - Detects videocard installed
  PID:5328
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:3748
- C:\Windows\System32\Wbem\wmic.exe
  wmic csproduct get uuid
  2⤵
  PID:1884

C:\Users\Admin\Downloads\solara\sеtuрС++\myproject.exe
"C:\Users\Admin\Downloads\solara\sеtuрС++\myproject.exe"
1⤵
- Loads dropped DLL
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:4836
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=myproject.exe --user-data-dir="C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-features=msSmartScreenProtection --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=4836.1816.11309496939871900403
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - System policy modification
  PID:4616
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.138 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=128.0.2739.79 --initial-client-data=0x160,0x164,0x168,0x13c,0x194,0x7ffbfa069fd8,0x7ffbfa069fe4,0x7ffbfa069ff0
    3⤵
    - Executes dropped EXE
    PID:4232
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView" --webview-exe-name=myproject.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1800,i,10879939038929994934,9875590431750092446,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1792 /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:6136
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView" --webview-exe-name=myproject.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1812,i,10879939038929994934,9875590431750092446,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1868 /prefetch:3
    3⤵
    - Executes dropped EXE
    PID:2760
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView" --webview-exe-name=myproject.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2372,i,10879939038929994934,9875590431750092446,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2384 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:5176
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView" --webview-exe-name=myproject.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3752,i,10879939038929994934,9875590431750092446,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=3784 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:4324
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView" --webview-exe-name=myproject.exe --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4172,i,10879939038929994934,9875590431750092446,262144 --enable-features=MojoIpcz --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4180 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:2084
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath \"C:\ProgramData\";" powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Downloads\solara\sеtuрС++\myproject.exe\""
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:3300
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle hidden -Command Add-MpPreference -ExclusionPath C:\Users\Admin\Downloads\solara\sеtuрС++\myproject.exe
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:5516
- C:\Windows\System32\Wbem\wmic.exe
  wmic path win32_VideoController get name
  2⤵
  - Detects videocard installed
  PID:3800
- C:\Windows\system32\tasklist.exe
  tasklist
  2⤵
  - Enumerates processes with tasklist
  PID:4936
- C:\Windows\System32\Wbem\wmic.exe
  wmic csproduct get uuid
  2⤵
  PID:352

C:\Users\Admin\Downloads\solara\sеtuрС++\myproject.exe
"C:\Users\Admin\Downloads\solara\sеtuрС++\myproject.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:5028
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=myproject.exe --user-data-dir="C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-features=msSmartScreenProtection --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=5028.5548.10215441339009922869
  2⤵
  - Executes dropped EXE
  PID:4260
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.138 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=128.0.2739.79 --initial-client-data=0x174,0x178,0x17c,0x150,0x74,0x7ffbfa069fd8,0x7ffbfa069fe4,0x7ffbfa069ff0
    3⤵
    - Executes dropped EXE
    PID:5584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.79\Installer\setup.exe

Filesize
6.6MB

MD5
337bec799cf5a4312866be547387e091

SHA1
763f4f372b7920365e8e850680b24594d4e3c45d

SHA256
d4d15e2686afd133e9870c4a8e98ab041e9db746dbab5a14373098a8e5b28281

SHA512
cdee342bf56c499e5516d9799c35fc3fd1c833de6863225b961d6d5058625f36ee93fb770f7ea1d604a829e8145caea4ddd178be34d8adf9d9853be41888e365

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
182KB

MD5
3a6b04122205ec351f8fbef3e20f65c4

SHA1
ba2e989a1f1963652405b632f5020e972da76a8c

SHA256
7ba65317643fbc0d03195bdeeba318732823a91ef27f62483d5fc0ed3fea4912

SHA512
2a0dbc91e79c42bf934ce7ab41ff6ed900322706bb71ffa1f3ade4ad85e0e1de2fa31540e1f1e0e979ad749c84343563ebe341585965f2f3a62debd6b4ab0cb0

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
b0d94ffd264b31a419e84a9b027d926b

SHA1
4c36217abe4aebe9844256bf6b0354bb2c1ba739

SHA256
f471d9ff608fe58da68a49af83a7fd9a3d6bf5a5757d340f7b8224b6cd8bddf6

SHA512
d68737f1d87b9aa410d13b494c1817d5391e8f098d1cdf7b672f57713b289268a2d1e532f2fc7fec44339444205affb996e32b23c3162e2a539984be05bb20c4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
215KB

MD5
1d35f02c24d817cd9ae2b9bd75a4c135

SHA1
8e9a8fe8ca927f2b40f751f2f2b1e206f1d0905f

SHA256
0abf4f0fe0033a56ebdaff875b63cc083fd9c8628d2fb2ab5826d3c0c687b262

SHA512
17d8582c96b22372a6e1a925ccc75531f9bab75ebe651a513774a02021801d38e8f49b4e9679a9dfc53ccc29193fed18ab2e2935b9b7423605e63501028240e9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
262KB

MD5
e468fe744cbaebc00b08578f6c71fbc0

SHA1
2ae65aadb9ab82d190bdcb080e00ff9414e3c933

SHA256
7c75c35f4222e83088de98ba25595eb76013450fc959d7feefcab592d1c9839f

SHA512
184a6f2378463c3ccc0f491f4a12d6cac38b10a916c8525a27acd91f681eb8fb0be956fc4bdb99e5a6c7b76f871069f939c996e93a68ff0a6c305195a6049276

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdate.dll

Filesize
2.1MB

MD5
b0da0a3975239134c6454035e5c3ed79

SHA1
fbea5c89ef828564f3d3640d38b8a9662c5260e6

SHA256
c590d1af571d75d85cfe6cb3d1aa0808c702bcefd1b74b93ea423676859fb8ba

SHA512
5fbfa431a855d634bcbef4c54e5cc62b6435629305efee11559f66473c427ad0775c09364d37aaa7a4a8a963800886f6547a52ae680a1ff2c4dcc52c87d994bb

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_af.dll

Filesize
29KB

MD5
c54dfe1257b6b4e1c6b65dabf464c9fa

SHA1
aef273340160af0470321e36e9c89e1a858e9d39

SHA256
0c426d4d48efff328a0da5497af24e83892a2ed1d6397a6dc42f9548a24dbff5

SHA512
58ae24dfc6045ce1f8ed782a03cb3d02c10b99a2992b9326711fb8700c8e7d05cfbca21e9b47cb4b1f4f806a9bb7667672026c715aad2f175febb6ba2b5f95db

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
ccdf8ae84e25f2df4df2c9dd61b94461

SHA1
64cd90b95a17d9ecf2a44afc0d83730b263ba5fe

SHA256
816c64b37e4c42cd418d05bc34a64e9c4acb4ce08b2a18ac5484374ca7b76e76

SHA512
242a8a93326d3a5ea1fd367ef6cc2b343f08f4ff68d88d91044d0ad7fce490f47524a6e57940991ff0893a590459e96c588944f2b115cee703413ca594046f7f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
3374d9bc4467dbdeaf50bbd5a26edcfa

SHA1
6d7bd73ad27148bad7488959d7ebea22b6805436

SHA256
5c8a8755cc0b1213fb0d5b57e10a53702f2091479d3c058d0c756134e548c685

SHA512
c0c02e54d7e0060b6ffa5bedf8d79cf4b40f77711680d2161b5186c5a8a10e521169dfa7ab6b8e4816c98e4aefd136f209a40c78104cb618c21105e095537719

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_as.dll

Filesize
29KB

MD5
87e596d8f0ac9fbe2d3176665eeb68f3

SHA1
1c9364d55b4844cd250504abe30dcff9792ee576

SHA256
c39669e004facfb0c500788747a4427fe26dcdb50ae695562e6e417f4eb190cd

SHA512
ef3708632e19332ddf460e081f8444ff8b4ec483c6b3e57f386df66d5f62d222b1d3f9f3728928701a6e48720133133c43619858853585a7d70b7bd5d8cf847e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
ace0925ded0a4507d82e6d32a77c50df

SHA1
c760ff52c71de3080631120c6992dcd0ac4e37bd

SHA256
8e3c517bfc5986310c35f30b9681d9c919a7d62e299014410132ddc2b41f00b3

SHA512
8adec80e179f205d0571625c1a63a0188e6533adefd48691f2fc287a546c12249c2126e6958d1732fa8847492a8287723a0196fbc0f2b9af3c54e1ab418cc3e6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
aeb3a05ce4eecdef3d23dbc0094fe21f

SHA1
e2a5c49b4d0fddcad28649bd09d0cc7af4c0b2c8

SHA256
6c874a312ae57b8b0deac8457a200fcfc90aceaaa252628701c92aa8b9a823e8

SHA512
4a7fe6cf8300b394d7471d9a2d759ebed59690ce925270d6ceaa4e14ee06f01b67f8219559e9ec917477f4c5aae03329ae2c6e231f3fd41c645d02d26b29f367

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
afa21b2feee2831c5478e113ed814b76

SHA1
9e883c990a31b8cd0ed2f80f732f404386cc55d9

SHA256
183bcae9e143b78d04c2ed83ab6cac8cbd82f1d2bcf7bbb2506886a3925ac556

SHA512
294838c67f6d87fc3b4975c73d24e1c38173c8ad4a14c215945e9910ddc306e9deb0168f38661c85b5c77929fcbf56093f632a35c1b39181203fbd662d71f7f8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
8e0ff856270ca13f8c07825e39ae3613

SHA1
b351f8ae0cc13d97d201a268990b75fc9e6cd422

SHA256
18cd8ed69df17e1bcb517285caa88c8a73e093984fecbea2587e7144a8812a73

SHA512
25f3821c20aa222a28143951c9f370d3feceaf41e449f718640dce9af0e88e518bc40d2d02f5e64148d8909feedcfa6a8caf65a87ad12637a8bc13c848b1f178

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_bs.dll

Filesize
29KB

MD5
9f4c9469ef1930ec3ca02ea3b305e963

SHA1
e588ffdf150b55bb4ba38e2aaf175aaf6e1826d0

SHA256
fef14de38a4501cf538c89ca2d1ec389031124f69df9090df94fb4461e54ad58

SHA512
c166189ad76cb395a2aeea724f2088f42dd4d361518856166fb92b3335b8fc670e99eb7b1c4c9ac2c872c8283826cc2c88009bd975e690efbcc3d99289557e96

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
30KB

MD5
2e9132ee071ca5653baf90b9b1ea382e

SHA1
8a0c1e5a0df6432c50539d68caf697b8adaf1556

SHA256
adf6e6542f1422c431ef92a209886224fbb53b5c67e68ac070d5c8a4c6ee569a

SHA512
0b021758117109e4414c7ef37356106a96b68536ade8d3f1d1fb3dfce7c1132ab6fe02f7292ed225c09814a9c57124f731fd35069d220760678eab565f320976

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
917c18cfa84c8b8e83d8321f03be093b

SHA1
c0a4a743f4059183724fc8c26e84b5a80bb2f7f0

SHA256
6c56355b232c3bd35f397f99648c020733ea2d57db1cd4beafffcd962b896ae4

SHA512
03359c6104e9f0cb2d66b6f1bf5598b2bb00d9e7a62fbd0c5475ca67b5194e96c2e6053a2a1c22323ba0002c614caab0477597fd34b57dd1f5acdb19f70c0854

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
8b49a989a56d4a5aabd0a03f179ed92e

SHA1
ca2f84217c867eb853830e95c7717ce35bd997f9

SHA256
849e23c2f53d06462bd0f38e9d7c98e9389486f526a90c461c04c0aa1db7b7be

SHA512
f4861ab9200db234550cd2e355ce200b7746c614e9c326287c0509d152f29d41d7a056e4fd27e3150cb433cd0234c4ae1cbc0c3a8b5892ecb3e8d4632a985aa7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
1146f59b139b9d810996a1bae978f214

SHA1
cc9d54e6e3ce1efc4ef851eba35222547b996937

SHA256
7b5ce6c7fa03e69a93694fa59c61be88b3eb8cd8951790f3bdd7cba2d99e6b83

SHA512
0c94943646b0a08662eda2d236b7c88ecec0745faff5b9c6097f68e73a20059f8d2de47a9c00e58c6d2083331a34a0fa19b0964f3c62a6b8cfa02bc1e283e75a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_da.dll

Filesize
29KB

MD5
08fb61cf492ccd1236907af7a6b1bd4b

SHA1
9f6e0f7610d42f8a402d3adb7b66374f4d0f3cb5

SHA256
d6261d4bd9ce4011caee1e0efefb5685a5bb5e29130ad8639e4578fc90027631

SHA512
747982680ebc9e3c0993a69923c94382df6bfc113ebb76d31f65f9d824abef1a051a4e351f0f42296fd84e7663fc3bcc784da51dbce0554c3a880ac2258aa16c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_de.dll

Filesize
31KB

MD5
970e46bfaca8f697e490e8c98a6f4174

SHA1
2bc396e8f49324dee9eb8cc49cdb61f5313130d9

SHA256
eeff2c2487c6456e6a3ed43fe5fbb9d3b72e301d3e23867b5d64f5941eb36dcb

SHA512
789f29ee2c34d86da5c69225bb8b2fd96273c20146126c28d3d36a880bbda5b16ace479ce59aafdf645328255105133f489278023e63e04e9fa1fb34cc1f3ae1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_el.dll

Filesize
31KB

MD5
3d22a75afd81e507e133fe2d97388f2e

SHA1
f7f68cb6867d8c6386438d5a6e26539be493505b

SHA256
823fe6edc1fb0ebdfb8ebbaa2d36f6dc0424c8f26b6594a390ae0eaafd319ab0

SHA512
34a62ebe8d057a6f6e6f6b2672ebb95d4d7c49e739f4beee4bbfb5e917b7176aba4d70b0e84bd727c967d0885c08264dfb42371fe0d3fe4f8f12dbb1e26ca69a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
fe685e8edec8a3b3c16e7954b787e118

SHA1
ac71544158bf86d357d78d003f5ff2b4b5fd4ef3

SHA256
4b60ce6e3c8f725ad8e88cd0d0a3f0155a7145915670a532fe1143fb2dfbf49e

SHA512
e30d12a607d1c6fd2060ab38f443af680f8c8655900b0a21f3f0b488033f9300915667bdfa59ff4fd3488f58ac52c7f5598ff5078bf849bd177d1d8c10533f04

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
be845ba29484bdc95909f5253192c774

SHA1
70e17729024ab1e13328ac9821d495de1ac7d752

SHA256
28414cd85efe921a07537f8c84c0a98a2a85fdbd5dfa3141e722ed7b433d0a96

SHA512
2800ec29ece429151c4cd463c5042492ac24e82b4999a323607d142a6e1a08cb69258190a6722afbbcfb3c9cdc6eebdedf89ee6549e0f420f6fbae3aa0501fd4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
dc8fcfbcd75867bae9dc28246afc9597

SHA1
8fd9361636303543044b2918811dbdab8c55866c

SHA256
3deb382ffdfbd2d96ff344ec4339f13703074f533241f98f0ccd8d3f8c98f4bd

SHA512
ac8fbf033677a6862f3d02cf93bf1838c24f006b40fd44336ae13ecc2287ae4c733cc3d601e39556586131e8a9e2d930814399ac68165a26458a6cbf51b11d32

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_es.dll

Filesize
29KB

MD5
9c0ef804e605832ba0728540b73558a7

SHA1
a305f6b43a3226120d3010ca8c77441f6a769131

SHA256
626835e07c1fc4ab670127682f3e5225881a2d4ddea873c5271e9032668fa641

SHA512
c27a4b24600bdd33a4f9430e8d4d8f7f3718efcaf2d1ec36023e34b996817af79b5a9baeea1506f97d2716c9b2b5509bbc1bf4d7cab779554eebadaa8c942dfe

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
111118683f6e8ed7ceb11166378aebb0

SHA1
fd3e1cf198885ab5d9082d540d58f983d8a0f5ff

SHA256
5cc4930c50716138e25987baacb9a9aed7d30ff5c0ac927e35f7fc006f5179c4

SHA512
cc3480f05d8d59d3d705204e15ff6453a6d9c77bdb1011d069bb1f83b3d4e14204f19caa7e7ecbb6e3ed92d429ac46940791903440fbfeca2f7e7e12b9a47f6c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_eu.dll

Filesize
29KB

MD5
c0da1ad8854f64b7988d70c9db199d5f

SHA1
b184335283bf0026615f2a4a120fda87961c774b

SHA256
73190820d59e5bfe769b82ada48b0c9ed353524bd5cab303f5175d7d9bbb74ee

SHA512
424ef2d0ceaba76b64c3349ec1ff5088cb8aff9103fb38da238c80e6452a967f3dca09860b2b8fe9c01e20bebadc539960a5bc241a91bab98bfedf29c2f777ea

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_fa.dll

Filesize
28KB

MD5
c4cb44ee190c5aa8dd7749659437e5cc

SHA1
667f4aa01a4262fff2e01838f94330c0ebc285a2

SHA256
dc184d54d00d51d2f8de623c0c4b07e9408f7b02e1f1085107edaf14dcbee136

SHA512
0330d733e89811c4a89deb202ec517de3128ad266483f37bd8d91eb6e45336febf7297da4f3465c683ed1b6e08114d6a3f52ff74484276509b9816ae7dccbb10

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
a9b037f7bc8f5b382bf6c69b993dbeb1

SHA1
7beb733f3561ac3083a3dfca3b7644c5154e1330

SHA256
b498d1b38a81199b62a98a0e36aa9e955e1c0143436908538314089c0e59d128

SHA512
a63c1e1a4d8d2e5043e0cdc420d1c545b0adbcdaa1a65f09454d47cc9642c1ffcb16e76454e90c75fd88f29917024b11418a606acbd560a98b79cd8631186332

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
6b2319c3634103272f39fc71d7f95426

SHA1
a1d692a68c5cbb70d29a197ec32c9529c15a0473

SHA256
28c610ba7f8332be050c30e296acaee423bc0a7a9cacc7b3d60618e284ff9cfa

SHA512
51738dd14b410c689ed56530ac555824c773bcb163f4dbaddc86e684e04c1f06271001f0b2bef7d6231f17231b2e3e35f9aba2974c48eff6d1a8ab877e5a6031

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
8e1793233c6e05eeaf4fe3b0f0a4f67c

SHA1
97697fe9ba6b3cb5cfe87bb94587c724ed879c3b

SHA256
b9caaa668b71964316ee15e6e49f8ae81e5ed167fdb69fc31bc6df834ab4e7a5

SHA512
3d2fbf5e05e7b9e21c85ad7f59db9556046e4c1755f0b138d6de38eeadd3480e772e35798f9339aa7daffbf92afbc385f9c0bb4e4f5c65292dff3b280f52bd6f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
5e63ac4b5abe6c84f305898a0f9ba0bb

SHA1
e70baf6f175c297a9b491272ce8f131ba781553c

SHA256
711b5968d2116d7e97aa5852ec864db35d3c186f341fb024cd1ef4525256131a

SHA512
c383e4df4337bf9a66f684dabd2faa95cb49abb424c76d0603f91af7b7260be5b2877246da293d5df83fdb59d291d63a7d73303c34682a50ea84a8fcd7d6e874

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_ga.dll

Filesize
29KB

MD5
f7b123f6dd6c8d8832a8bb8b7831e42c

SHA1
7e9524b79036568b2b4446ee00c76460fb791c6d

SHA256
119b9e288832f2a4d47d63b693bb195a72f27e9c0aa014b2c3ccd5d185f7afc7

SHA512
6bd457d1e3f943a4ca5a1d36907fe526a4f2965a8411280a2988ef1d264203af0797365c1306e7ce103cabec2ead17d194f20848b4c665e986705c3ed6e291c9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
6de337fa9f131077042f7ce421a9fa42

SHA1
25e21b64cdf60a1da2f940b3c873eefd680a5fc9

SHA256
263e07308785bd7e510eda95499ab3d3d66942f0bfd0a5722258e2a87b5d0a90

SHA512
e747fc105c4ede0d4f73492e3757975a9410499caf867bc149cd43bdbf1be03d3df82fe04c7cf99e3ad6ee06fb5011fc5b069bd502c2f3b3e578f587d0362e3d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_gl.dll

Filesize
29KB

MD5
be03945025cc2f68f8edd4e1ca3c32b7

SHA1
d4b1c83f6b72796377bfd3b42c55733eed8fc5e4

SHA256
aa95c108db3582a4be98fe83519aab3fed09c8cc9b326469edb89871d6562373

SHA512
a03656acfc123f06a071f0e326ce15bf17e2efe080fa276acd50cb40e35000d74a3d0762da327c59a7564bb3f03532bf04c733ae850852f62ce71fd513e9080a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_gu.dll

Filesize
29KB

MD5
951dfd4709b3fdbe79a6e43828387592

SHA1
0c7bbf1852135456692970639869618fb616ba5e

SHA256
21c72dc48cd33291520e3f432d8d59ec103496ab6508f41fa1b081b3bdf98bb8

SHA512
b338c345db00135ceb3577a67bcbc36b37be742e39aa6a333bac93ba20ab1463df55a381be95c9e9effaed4daa0ce93203ff2994459f9a23813dc0afdff03e8d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_hi.dll

Filesize
29KB

MD5
6b97796e1746317567ed7cffe9441d3b

SHA1
dd269b22021eb37fe854ff181a09bf7f9568f7ac

SHA256
a4ce75f6b1de6a2500bfd6b0ebc1c268cb3d7080dc9e7661bedd9361f7215d42

SHA512
f1856ac881de7acb7f61f2d7c1d064458855c3621fcfa951f1d1207f3d85fd6f64b26547ea1391c4145bdeee23e6611acb2fe80b8c1258dd108085e371d34d73

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_hr.dll

Filesize
29KB

MD5
8bbd58f9644187747407b0a18c60aa0a

SHA1
82888f3f2ce1dd7b9b3f5ac26bed0a6da5601dff

SHA256
35008c4ea7f22ac78d28e72311d4b3fa28d6af24072fa94558a9b3771a4b545e

SHA512
1fa7d62692062c1d22e3fe0e5c15bfbb2def115be2991001a998fcc6bbb5983d9343b06172e8f38b245587b15762b655ef58ec508160b576779963e5889efca8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_hu.dll

Filesize
29KB

MD5
e56f98d6b32f82f391d5b087a135a7ec

SHA1
c8de62b4b22a8153cb788e03f7e04c55a5ae5396

SHA256
236252a34d2efdb4e801bd827a791935aadfe6c0a471f1b252d9bf2d291a6bae

SHA512
45b9933478505759e7217a65e3a054885841c5ae9bc58983c6cb216ea2a15c53f45ecfb6b40fee07d54c289819ddc2161a651e5183e244e0f43946176f224c8a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_id.dll

Filesize
28KB

MD5
5b5366c7779dc9ce9f3a15b6f22289ac

SHA1
d9995fee337b9696be970a2a48a845ed71bd7d2b

SHA256
da6d5c982387286396f54c043bacf106f78fc76db4a33984c8b2cb88882fc9b3

SHA512
35362a3719833449bd9e757194f9b0b28c3d68a0c62f52d224b1cd5eca5a2343e1db868668e2b30d927a1966b5db5cd0b2230d7f4576627e486eb3a86913b195

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_is.dll

Filesize
28KB

MD5
b675cc1f6f5f174c265c0887d9591915

SHA1
abb182cfbe1d5723ecc380c5fa08b24c1f421af1

SHA256
c012110ad65f8244494ef2aa70696128a949fbc5797e5139afa7d4195457df1f

SHA512
be1b23a563a2b4f6b658df3f8075d48bf3921c5951a6fbe77c24a0949997e068403f5bcaa3f93030b01d7a69b1aa74ce06f37038c30145e03a9822f4854f7c0d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_it.dll

Filesize
30KB

MD5
b8b03be1e73e1ccc0df159c48e875038

SHA1
37d1b2216f1e90a69b1be65b2c4f0f5f35e78aef

SHA256
4ee8f48af5136fb80f5d031395f92abb2b3571fdf7c4c98ae833c2ee74c49160

SHA512
ef47c8c0f8aed7a4d912986e2a3fbc34b54fdea25b006bcb63d502a6cefc42bca717a93e16ff1c137892a91b894ea15d95a53dd3b52b850bf1a75ec9bd7b3013

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_iw.dll

Filesize
25KB

MD5
dede65e2268976ded6f598ecea661025

SHA1
45c6fd614dac74eecf83709081b4f289c05271dd

SHA256
9379736bb1b621367e42736d311288d33742a9e0ca3e056b4638491fc434a880

SHA512
92a46ca5e3c40bf55fede64aecd7fd05f6419c645d38325546c46632775fe72cff4152e473ffbc15d478da62c76a088ebfb4db91b9a0691a9ce1c763ad3f9285

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_ja.dll

Filesize
24KB

MD5
ffc1ff9f4cb8fcb529f8580d3b92a80c

SHA1
d0ef21a7407c5eebe1fc21b6549c92c6222bf0cd

SHA256
d508f613bbec62a237a5616959dbc292fe4a79adc8783fb91725f3f2c32658d2

SHA512
6345362f03f3bc4409c1e5875b2e7cb58b5df9737c9c5502a19314046281e682a3ea7ac5adbbb933a130f52efad4da4eb9ad99ebfdd41bdba23d1fbea4180475

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_ka.dll

Filesize
29KB

MD5
e802f3589731c88d166a8b0e3bae1dc7

SHA1
b94e21b646c26053c19a0e6238f0e4fbde0a2fa6

SHA256
173f78b786cd1a58a47ec9f7c662e403b191fa42cb7308aa7eb6b0f744bfae0b

SHA512
ecf9eb33afb00c6839d6778e36685b904267e6f384a7d307230000a506e6ac6e95132c2f50a4cbe523d834dd6c7ecd1277d47b73188130e097a0b64c0ec64a51

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_kk.dll

Filesize
28KB

MD5
1c6f35c21ff0afb2f4aa9d4352fc86f2

SHA1
d4bf67c14304add3e7d8218ff66a520a7b1e0a6e

SHA256
779900e90b23d0443e0b93b4ac7c8fa24dd6a0ebddb36cd22bcd7a1a6fce2ecc

SHA512
caf80f4adab14a81bb14e36683772539a6789448ddfcaba2a09e5c6c3e2dae105ce436ca7dd7b412c6c73dcc0768141822b13064d452a48a37721e1e9dd357f2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_km.dll

Filesize
27KB

MD5
9dc0ee4f6b7e239018d6962b5097669c

SHA1
3b091cd8dc4f46ec7603c56d2ebf73385576031e

SHA256
4d31ba95fb2adf05ea6fb9b1896f09c872c228187bd3d2f979b162097ea18979

SHA512
aca659bcb9dfe59bd23dabcf2051b8529b0a1b9f2c1a0748ff29ffb02307222dc3a5d8b7aa42f6469200992e6cca14886908eb624f9f1959095133b09f3752d6

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU3D9C.tmp\msedgeupdateres_kn.dll

Filesize
29KB

MD5
b6d73bbacd24928bfe692e2c48522e03

SHA1
8ae460214f623db552fe09944dde5f83e1f3e3ff

SHA256
9be3c751e0f89866599d8d4a6d2bc10db749fabcd6de88922e4b7c4bb1f03ddf

SHA512
762974a13e623435adda030e9f496220ba65e8ebcfbc3aefd896491a4816bd8496cba79dc56f321e4eb98a9fcf71b36160c27f701c5e690c071270065d1f3f14

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
204KB

MD5
28f3c67f8a3b1367c2078cf40f45760b

SHA1
b0d1df9e5a817a87f805f8b8b6cc017eea51b880

SHA256
05d9ba24ffb44ae77f27bdf95157ddaeb4b074e317651d962dfcdaaa60a08b0f

SHA512
9248eda50a6dd77cbb8e70b263e8bba60a7b64d84d46af2d238b6826468d8fb4c0fe4c5b03ebc6efa39a6fef02eacdfe111a495ded0aeca1f9c69002ca4046b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\08f194da-f6f4-40f7-a3e6-b9be3e5863cb.tmp

Filesize
208KB

MD5
ee675b6e44fd8ad07a4a76ee6b56b0af

SHA1
f63ac749dc9b0d6103f1d2a04d570052d99df5b4

SHA256
8a3a349aab9246b5caadbf06ceea326ff952c808c0767c24eb36352259949d6b

SHA512
9290dc47001a72dd2784e46b2295764c48d873b6afeec6172403909d0b86c39fd072374630dc172c780940bc22d1e27cc97f0f0272a8e729058cc752024be51f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2c1fd282-2e6e-4a30-b7ee-076b99af426e.tmp

Filesize
9KB

MD5
664838ded59303b0b77a4f9d07b8e926

SHA1
f4a4d01e5dc0379cc02cfe30b08dd20513d94d71

SHA256
5505db6feca2b33efaea3ad9e8964bd0457d6b1772fd1157c74cab9cf758535d

SHA512
bac0303fce98426ce782da43c17ec807eb495854d76a2e55181b6811f5e7dfe956062d69e675c4bf20d7b09b8cf06c97f9db7d1a72951d59f6844c5c595f3b43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9165408e8a8fe5b10d9bba771023ce76

SHA1
38b91d3026057dd58f34dded12b871d23334b81f

SHA256
9f4345097f12c5ee512aee8c7908b95add55aed193dbff124e9697571e6ab2d5

SHA512
d18f3e6f33d53c4b035d9f347305bff7f763264adf76fc06acff048f4541a3f992a285408bfbc1dec45af6c6ca99a1b28158788c80a1fac83a78923d7b04a14c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
d327b43b3c90923b98b5119f25161a42

SHA1
c75a338483f5bc12777689a23cbb568b35b04506

SHA256
2382b954acc4d789b8a1c7b12552a324fc830a27e06debe5b8f407f70e6ca0d5

SHA512
458642e8500ea5533e3ab5a63babd6ddac19e04d646c346cca9461f8c8ef623c33f27813ded37a9abc7c940fddf515d6f99e9eb37ca6944933b053b826aaef83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
ab25b0c3e0d624ff35eef08260ba7f91

SHA1
bf5f8d49521c6a700509f949bb8078d248197eda

SHA256
55ee4c40987d63d3342793871f40b9d9eab55fa28efc89f2d00560ca02613169

SHA512
7332aefe5cf26cdc9124e92b79830376acb99bffa883f1a8296069093a618374df26a805756dffaed1890d1ac1c2a8fe0931daf10e8201040a1497a890dc8342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
32965d150dcca8436dc0540f446387f9

SHA1
ff24bf13ffda951e81f20dd5956b44897b5c1cbe

SHA256
40d54d8b44626af44e0b195c2fd8d7722cd35c480c861d18802027e9e7581a1f

SHA512
a811365f220fb75dd0e78744f2aae30e7c1d49df4fc122d81dc99db5d7a20d9528b5d8763460113a46bed6f7d72bee9514e71d4cdb6b296a3e33b8147cbe97e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
87e4082c90430750d42d3c29987870b2

SHA1
07067126abbd22fdfa07ed99d036d46c34c020b0

SHA256
2bb3f89d5c3f7cd1506c1067d0c5c82c01b5cb0b332596e73c9eee0c4b22f0d8

SHA512
8ff1342473253102f8bb9c89378f4455d2151059c988056a5eac0f4929eabef9db47f00c4c6aaffa0bd042e51d8da5b7d08909f7f6f59efc1aaf88f8f9dae95f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1015B

MD5
ec7d07f263a1609bc8edb1e517977896

SHA1
7e0e078a0ddb8fef567f23bb0077eab419eb7596

SHA256
405c7514b19f6c1ea6b3978bb0abb8d840f9def741593954db6c80914a402281

SHA512
b943ea4cbc4e10254169ca6614f7936dd76cc2af154b73ef553a8148fe82bac01878342cf75d486d60b8a2f69d58e64bb895bfef49ef2084ac51fbc83e932030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73b7f31f5324f493375f89abc448c313

SHA1
f8bda88abb55a29ebfad8beb724bbc7d60a222c8

SHA256
fdd6f433a8ab73e6f7c5b3ae4fc68a8954f8231febd95a3722ffebe6e493c001

SHA512
e04e92fb23c399f6521acef96236c108c7d06f2d2d81da484aa689679c4e16582779c4c86ac538625a75ad8e50897a8204436ce1f58571a320c742dfad0d2067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc9925294f0c9243806ce40fb1743da8

SHA1
9216185d040773b062f0f91582e31be434f8218f

SHA256
764c675a72850fba37797815a82fbe8152d26d3dee47e490556102b32e8428f1

SHA512
cf2757831d27242ea0ad23c09af0c95c9c849a9d65e5d38e62345afa32963fce11734568379e60a0c60ddf65ec2063bdd2c7d488b3665efa510cc932a092f248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
579030e3fc33057474232fd149c9d677

SHA1
f031eda21791f98ea463ec0a7397f73030e5ff08

SHA256
972d201b5cbcece1d4c27a69d917e8a0f12abd1c6e1340114186b16b4f302d22

SHA512
cb1ba0a2035f260864d7dad75632a99f34ce074acfd969edf9b3af6a27509f2ecae649e3e2e72dbf96c26848cdeba887202e4f249d60c687f313095d9e4c3462

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
afedfb860a0bf983b555b8d0ab7d6a85

SHA1
dd80d54d046c01025ede5dcfb41b10a2926852ff

SHA256
5af4f67bb81a1391e2840d87862fee8cd7017fa45c6add4a2deef93834f581ee

SHA512
88cf7e0361493b9f96b3244aca6170c41b9ec679a91f5fd86ea1add933abed3f2478309170d6d8626465ff85187efea2f7f395e3ddfa03d173195f6d9050456c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b936bc85c47c85c7a42e6fc8cc7a8c9f

SHA1
560dddc10f5d114353a6a313bc33184f5dea28ff

SHA256
2d34cee14c893544eca94214135eb45daef0e66c15a10f7df044edc0fde7c66d

SHA512
fdbec6e2fea237e931d9f9ddab842f58a44232fb4eb6e57437371b2399cc73673f7da065415048de6fade0f34240c44983c8db300437e91d6ac13bfbd5050439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
3f3528cd2dcc81a49f8b08cd3e518e33

SHA1
40dd5fccc121dec74623aa8c68149513964e8393

SHA256
a53c82b489a42a81fbbe01c2bb1f6ef32f7dd8dd6bd470b314ef36e9633fcf0e

SHA512
a82c9cf166b9cf00ee2b9afd263154ee2f64f46c975f04513bab7b8047917b19ad42d45d7f0f0cb1149a4fad5df20740743df8299dc6dd58ca6052a7df8517e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
3eb640c6b0c58a15db6c2d9bb677ec20

SHA1
536b3ac61e1601969865f9d87148d5162834364d

SHA256
56a7d8f679d8dc38642cc91b3cdad30fb85671303e027fb6906cb9a18155678d

SHA512
d81e190f1bf991bb5a27cbd0bfbfebe0e667132c3f2d1256031386a09fb61709bc1810f5a9c2337ac98110abe55292bb6967cf554f1c6dfa3c8df2ce9404cb33

Download Submit
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

Filesize
1.6MB

MD5
d2ebd82a5d3fac11d44d90d8df253bb9

SHA1
ba94b456e111ea9573fe150ad4090a66540c9938

SHA256
04b65aa7b23d0c7ebbd6e022a600fbc43c0ee896ed280e48ac59e17fb0a2311d

SHA512
49e9ef8066200cd6ec079943c1fbcda95cab2d3042f635ed57949e0c0701ecdf34ea8f16324994dc77bc3ec9fc67882ea88b4d543974e90bf4e8cf69b15e073c

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3aywmk4i.lqd.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
b7b965f1277ef788b3858feae7d0ba5f

SHA1
bfeff74ce26dcdf8fcfab14a42d0874409f6eae7

SHA256
0e337ca7c3d1c0924f504f8ce06a7bfedaca75dca0cb7c9198b2d50bbf6519cd

SHA512
8df8280e135825aa11c29cb27fc226afd5fdd9388fccd4b8b1edc5d391b3c3e1f524a16a953232f9d7cebf1358b843be9ac6b42176727627f2b3837e4b333358

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
d230a93c3559429b0b987b5987c3331e

SHA1
381af73f0094a7514d44b5dea2bb7751afcb182d

SHA256
9871b4a7da2e16658db08b94088d64785d8f603bf0f88d93f82a74075bad62fc

SHA512
58211771e795a244e341c3dbb114a6114479f3c9158d30190ec8ab0904b24cf9cb3192dfaa862156c739d2c712957d40f5edb552a00920515040bb48605a39a7

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
f7396b802f91c61c2c90816040524ac1

SHA1
4fa72c8aba8ef30411d851f69a9f4298c5aed428

SHA256
f7521cb575f807f21616528afe59f8e106c645b355c65c9fb809d60952f2cf1f

SHA512
9201511978bb7a585ef0a096056254e6144d11fa8d6e05585d9b811584c77bc7a1d2350f798b1914dfd3d8673fd1a76569e47250270f289b46be65de80514c56

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
bbdb887ef29585274e01798bf33d4d37

SHA1
e6da608d5fe40c2bc01800077ded5ea338bfa01b

SHA256
0f9f748e2572bc93248f73a51d89364a0c5a45ab085a5263fd22ad663a14757a

SHA512
138719b6729a0df1f307f1c5bf5c623c596b8c8b92e16be33be4222ff7527ba6a58f821ff1b1a6e6e401ff8145b06e650a6dd531e609e18bc9dbde9722440132

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
4f434b929f09f4d0aba5a55a7377f42f

SHA1
86cfaf454d0124dee8c2b5c717a7ef1e26287a49

SHA256
b19d5e3d1b5027f8c5b4593f41a682c52067bee29fac6c67936920a5375d653d

SHA512
a3761ebf4d36d03b6e09050c7029ad4b4ea24e4f9d01dcad6c4a0d81516c02c65143aa1dbdd0789e336b4e6369d02d6f840da2bab955d792c7e549143fe47dc0

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
f8800c0b6371c9f7ae7843abe2b3fc03

SHA1
30a13c5bb506a92a99235b6e85c1716f792347fe

SHA256
c555dfb2d5b2d51d2685a0889e41c63a897bfdab984bf306c86e7d9ec8cf4192

SHA512
e1a3c55974d88019a8602983fae532566c99a2f3a0b557c6ce9f7c8370be0239211eca8bf184dda584c184ce3bf23ad75c829e9963958d029521047c5a80e49a

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
662f6f742374a818634b6001d3210846

SHA1
e5a900e348e19a9b1a1a56ab146ba646e3628c24

SHA256
fe7cf7e38953f0359062d4d4469576d3bd05deb31fb2b3f563b1b6f187e0f1b6

SHA512
43520cbcfcb4fd21e654858fade3b13c6949465167f5b8710656da128937f11c3c91665eb8689ff472eab0cb927c5a41d46771c3b0a33ae1da9b1a7df8348e6b

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
4ec6d0daf2d17a2a72613fa507c4c6a0

SHA1
d3afbfacd1c533c3891bc58ef4e18cce5cdd28c1

SHA256
07aaf35146e91227d8852d99fea160dc4b7d9c3e70dd8bf84fa43ae74c64d77c

SHA512
a5b9e9c2b4f30aa54c6effa834294cf79147663617d12883688580846b7db59625608680ca112d1c34e9a0f92a215764426a7ba0a6f7b2ecf316400f3291f1d9

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
6fc605f65bbcdd83b49c1ba38333fd0f

SHA1
638ea86c5ae023ed1fa318d890d3909c306ab8ba

SHA256
65e30204ec4bef7fda678f67cd0d10ee50057953984d6a4ce7255d8bcac622a4

SHA512
d7994e9b0772983896b10c128915fdcfbbac68b93167f70e27143a3038b636024f2417bd4702a3ce6d257dfa598bdeb67fdad35dd31612568385a55a35daf4f3

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5b5ed6.TMP

Filesize
48B

MD5
c8b11e7f0727e53a584662cf6da83741

SHA1
8afb048992943ab35c39168e4c513682930ca8a2

SHA256
0586c8385fab5e4ed9c31527adbff101b91df8198942b071941f8ee675523f5e

SHA512
7938abeeb75986169cca3066dda92d6d81acc9281045c5748121d747d7d3d581c419e04f313829ab0a19997e4a25c5dc110d7197c004680ee29596996434783a

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\DawnGraphiteCache\index

Filesize
256KB

MD5
34dc20d7ea82439362945d13c9106d5d

SHA1
cc9a285a856d300ca37ca38fab955d1f526fd114

SHA256
6c925cc990cd013abd545dc7fb01d4a57b30a2ea765e976ccc5d13de6380701a

SHA512
8b77c232118ce530b14e7120f3b228b671b6becca57d3fbd7182493d03b88afb4e7e9542272fe88b08f1d70294da4d03e34714db0884dd03293cd4c7fea6c504

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\Network\Network Persistent State~RFe5b7106.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\Network\TransportSecurity

Filesize
188B

MD5
82c8f0b0a4ea16cf49d981fbb78045b2

SHA1
2c3016057308a8be29f0cf0e9f48eaf5d52a9f81

SHA256
dfa12e499e3be8844284ec065a7ff07f1e013beca7c75e9d1f7c8df87306406a

SHA512
8ab6e517f61db6cddd3bf82645556e98d5e007b7159dc528ab2623bfeff5f5ffbcca33d2e69dc9856a7603ecf34be09c1fa3967b5baca1bc3bf783c578a22f54

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\Network\TransportSecurity

Filesize
188B

MD5
cd64de9910b26449d1c45c1053f15d4f

SHA1
646d1c875e7f3a9a9c30292adc2e119add4b060d

SHA256
21c92e823f2f251497a21b47dc95f4d460374340c3939da0daa51f01bf298722

SHA512
27b0964028d793901f6700ba8df92d19951ed4e7d6f662cea431b8fdbef7eab596ae804f9260aa0f430a06ea231dcafa0a9bdd2cf1314f3786f9eb1972091b43

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\Network\aa20be2f-c703-4df9-b105-681c26161b19.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\Preferences

Filesize
6KB

MD5
593f59520c9fcbd7da05616152366721

SHA1
58f09fa211c4575c8fc919df0ba33c2eef45c3a1

SHA256
bb88cf0b7497cd34402d97c07031a046efcbed6ada479ecd2d508e70f142f8e3

SHA512
4b1fdbbef207d90dbd0c23c023b881c938668165ddfa51668df9dbf999188e3edf35fc23568945a765026b23fcb966aeb1af7bc3243c6b91e155ed79557b0e61

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\Preferences

Filesize
6KB

MD5
933c9d8bf2bd2b25cb404bc233efae1b

SHA1
6d908d232d69af619d708cf8203ef5da1bcd4e73

SHA256
ad262c26bf18c9cc8c4782671244d1ae253fe83cb457f6a0bf39599048dc962b

SHA512
65fa7583de941a4974d9922001897e5d4743287ec83ddf71470a5e5c378ed01941e06ebc72adb78bd18fa9e66af303ff1abcc366cd63773b1c72da9442ad84f9

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\Preferences

Filesize
6KB

MD5
bedcf397037ea191af7b5a5959d7bd21

SHA1
af8a69c1d4e4f698ab87324bb2cc4b84c96f352d

SHA256
9107a281b91060b1b128503e96b706e849c1cb5982826430a8cd7a3dbf137705

SHA512
543c8cdb428c8d614a2623da3073c4082896867a6df4a306c995b0fd3f2fcc549bc56bc0eda7d76a88187d7b9551c6955b7862459098942232682fc5e5126f8b

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\Preferences

Filesize
7KB

MD5
62788974908448f4228d022ff69e40db

SHA1
ecc764571873f0cadc3d47e66a0f8d755cc0951f

SHA256
0edec1bc58943a40c47b1a49f511c3ffc54e07fc0255c839ebe03de3c7715c35

SHA512
e8e77ce9391f6930ccaacecdc53097e30b31580a99b65bc1b2a9a3da68d230bd13e0b42aa5ee46d2f2facdefea27b54d8bacb153542f001bd5cf220ffff4e6cc

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\Preferences~RFe5b70e7.TMP

Filesize
6KB

MD5
c7b83174bf59041c9018a8f6842539f3

SHA1
9032b1d6abff28ac8ad9db85b789fd52c5ece6b1

SHA256
02ebd444517318392f4fad911cc874fb9d9c0270800bc98628003b778d267525

SHA512
ba4f0a9a89238bca617e798e655b5e4dcd83d7fdd7b6397ff5ecaa2d02289805a0c649b67fb766c0b5f36f3164f1adb2359e8f3ef652b5881dbde3a836c4452c

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Local State

Filesize
1KB

MD5
8672e64d985c1c7f6220a718e8e058c0

SHA1
5e5f917b1e8d08d0ea6a6c00ee2f260951b4d63d

SHA256
3d0aa1fc3142e33045613e3b4efeaf77a5a4785d5fd657651908718caca2a0d1

SHA512
b7f7bcf5e429fafb92b122322fdafc2f99ad9bfe83debdfbea92dbfd6da1982f3cdbc94711dc2d6af62cf82f3b0fa62d7b887bce397470eb5a44c86de616bf7b

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Local State

Filesize
2KB

MD5
4fa2f99a8eb07b5e51ebf646a6ef9004

SHA1
8b09c07980792185c278fbb8cbc83b5af04867f5

SHA256
066de638c55bce8e8b795a8a78b9f8fd15d848ce7277634b6bed244ac9129832

SHA512
cbba20ffd6825464debaa73832cf10fd9073fd687393a06448c4040737d2c1d7796aaabeb57aa8f6ea021b291b4f4ed76cfb089f8248bc7e5b6e97e59f33b879

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Local State

Filesize
15KB

MD5
cf00fde5b0d92bae5a9ad0026fcb9b6a

SHA1
5e865544f59bcffdc62c8b0eee93de41bf2aca69

SHA256
d2988f801582f528436659e47492cda7a4a9370d251d29acc397c416b46c9980

SHA512
e82879dfd23ebd553a8bbb6837d68275322c885f746b22ea8efda69fa4bcea0159c64b9bdb4a7d8b6c117517373544c930e9480642b53a28054a729da34dffb4

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Local State

Filesize
16KB

MD5
ae90020a4977288f4a18f9b420ed8097

SHA1
3a971e3d2f6e0b1499245be0fb11378a9f143d5d

SHA256
a0c8ba7f668cfde0297f9edfa6b781e67376e7950c69f583eb14bfb08cb2fc14

SHA512
15a2c2ae467623fd331d8de6131743e35a576f924f783b5e9863a35482809a9b0cb834c6697ee3362c17962c2b61ec4982a78ece45210c86a26f6ed08f074920

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Local State

Filesize
3KB

MD5
40e471e4703d9b7d5714f4f487228902

SHA1
7ee16cf8d9b7a10b6391296e2d8710b6738ef07a

SHA256
5d02a5262430bf761fd52f7dd5c11e1a165828cde03e2cae1910ac8384818144

SHA512
976ff1a96adf484a65621ab0aea78d8c9406cc9cee82e4b1c2bb92073ad1ce5e02e90efe715012952156c7270c06407310e1a0be9c895c3b18da909bf0913d93

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Local State

Filesize
16KB

MD5
e533a98b806e8c85f657b9859bc15654

SHA1
cca00285b22e01407e422916f31601e89dce21fa

SHA256
7a12cb9e4b93131e5dfa6ef2f7564435ff8545ee9c1a6b1affd7250485248d63

SHA512
92e09064b2771ecc2270e3ea77d147ec1d33dfcd70c14c1d8cb747794451f0d40458ad5e31150bd1ef83620a0b0b322d9a480e3f4c62e8290f3b0a6b010c702c

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Local State

Filesize
16KB

MD5
5f8ac0965a9cfa1c012ca7e2a4485097

SHA1
54870f486348e126b05aa4eec96d7de23ed228cd

SHA256
bbbacea80a415216cb79e27bb73fc27f75b382b99faac39eb13e1e2b11a1307d

SHA512
ee9f71f243206e62b2eacfdec515ab0e96e2e714d62c6a8b69dc5b74a569fc67cb22e08f15747715fe8012a23cafb160c9fa41270f88ca22cc9102b1b30d751d

Download Submit
C:\Users\Admin\AppData\Roaming\myproject.exe\EBWebView\Local State~RFe5b0ba5.TMP

Filesize
1KB

MD5
74e2e025b84308ac37fffeb35ea5f166

SHA1
cb8e50f60b318c4a5f17e450f9810fb93941e3e2

SHA256
e7846b6966566ad6012bbd19213dfc38346f691450332b15f5337f1505732404

SHA512
ac6eee70161ad2c3f70e6cbfb9fcfadfbe5ef514c31c83186a917457250bdb2bbbe780155a0261517a2a121ada687ff23eca14eda5c83da74b214276937f8d1d

Download Submit
C:\Users\Admin\Downloads\solara.zip

Filesize
15.5MB

MD5
0c83656f68d7b2c56f62d083774b8258

SHA1
7e3097fd27e2b60c62ca0cb1f30257d1af53d9fb

SHA256
2c0fde34466e9f93679f454ac5fe3da8586c6198cd41f1783ae481c7d6d16bdb

SHA512
5282e37b0324847ef57f9f9988544ce9dddcca076f5ab2df1ab35a8712c9f4825bd6402c0a46a6196b2b202619cefb43d7ac55fb3f3194b47f6d151a278aafad

Download Submit
memory/924-950-0x000001B9D1220000-0x000001B9D136E000-memory.dmp

Filesize
1.3MB

Download
memory/1008-295-0x0000000000F90000-0x0000000000FC5000-memory.dmp

Filesize
212KB

Download
memory/1008-414-0x0000000074E90000-0x00000000750B5000-memory.dmp

Filesize
2.1MB

Download
memory/1008-460-0x0000000000F90000-0x0000000000FC5000-memory.dmp

Filesize
212KB

Download
memory/1008-296-0x0000000074E90000-0x00000000750B5000-memory.dmp

Filesize
2.1MB

Download
memory/2908-948-0x00000254FBEB0000-0x00000254FBFFE000-memory.dmp

Filesize
1.3MB

Download
memory/3300-1083-0x0000023DAC090000-0x0000023DAC1DE000-memory.dmp

Filesize
1.3MB

Download
memory/3648-588-0x00007FFC0AFC0000-0x00007FFC0AFC1000-memory.dmp

Filesize
4KB

Download
memory/3852-620-0x000001BD37F40000-0x000001BD37F62000-memory.dmp

Filesize
136KB

Download
memory/3884-476-0x00007FFC0AFC0000-0x00007FFC0AFC1000-memory.dmp

Filesize
4KB

Download
memory/5076-520-0x00007FFC0C930000-0x00007FFC0C931000-memory.dmp

Filesize
4KB

Download
memory/5076-519-0x00007FFC0BAC0000-0x00007FFC0BAC1000-memory.dmp

Filesize
4KB

Download
memory/5516-1081-0x0000023FC25A0000-0x0000023FC26EE000-memory.dmp

Filesize
1.3MB

Download