Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

de9337ae9e...62.exe

windows7-x64

8

de9337ae9e...62.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2024, 00:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de9337ae9e8d537dbe56bfbd7dfa7652ad4aa7a99ba4ff1ffe8e1dcc522b7a62.exe

  • Size

    2.4MB

  • MD5

    2b4af996b70c194b62c7937c28e8442e

  • SHA1

    1eb598ef0acec5c0e90561770415ddac4acfa6a1

  • SHA256

    de9337ae9e8d537dbe56bfbd7dfa7652ad4aa7a99ba4ff1ffe8e1dcc522b7a62

  • SHA512

    72ddb3b4ac269696a5859edbb25f39bf04cedbda700534595963b650dbcd4d17d3c9cbb8956365dff0ba3143db78f444d6c7b6a4b9d4187e7adb9040c59e2dfa

  • SSDEEP

    49152:oq+0i+Fnf2xRlAgrOuwSc3v06pIqMe1tfiaiI6LE341pCrL/3dgsh14/d3Jf:chwSIpbMe1xix/LE3sCrLvdgg14/d3J

Score
8/10
adwarediscoveryevasionpersistenceprivilege_escalationspywarestealertrojan

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs
    persistence
  • Checks computer location settings 2 TTPs 10 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 53 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Checks system information in the registry 2 TTPs 12 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 49 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 5 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\de9337ae9e8d537dbe56bfbd7dfa7652ad4aa7a99ba4ff1ffe8e1dcc522b7a62.exe
    "C:\Users\Admin\AppData\Local\Temp\de9337ae9e8d537dbe56bfbd7dfa7652ad4aa7a99ba4ff1ffe8e1dcc522b7a62.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4164
    • C:\Users\Admin\AppData\Local\Temp\edgesetup.exe
      C:\Users\Admin\AppData\Local\Temp\\edgesetup.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:840
      • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\MicrosoftEdgeUpdate.exe
        "C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&lang=zh-cn"
        3⤵
        • Event Triggered Execution: Image File Execution Options Injection
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks system information in the registry
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1948
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          PID:3180
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:224
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Modifies registry class
            PID:4536
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Modifies registry class
            PID:4692
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Modifies registry class
            PID:4796
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTUuNzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNTUuNzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QkQ4NjMwMjMtRTI3Ny00QUYyLUE4QzQtOTE0NjkxQjVGMDg0fSIgdXNlcmlkPSJ7QzA1MzlEREEtN0U2Qi00NUIyLUIwRDAtMUE1QTM3MkUwOEI1fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezkzMDQxOEFDLTg5QTktNDNBMS1BMDBELTMwNjc2QjQxOTE4M30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTU1Ljc3IiBsYW5nPSJ6aC1jbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNTMxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks system information in the registry
          • System Location Discovery: System Language Discovery
          • System Network Configuration Discovery: Internet Connection Discovery
          PID:2928
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&lang=zh-cn" /installsource taggedmi /sessionid "{BD863023-E277-4AF2-A8C4-914691B5F084}"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:3192
  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Checks system information in the registry
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    • Suspicious use of WriteProcessMemory
    PID:4620
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTUuNzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNTUuNzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QkQ4NjMwMjMtRTI3Ny00QUYyLUE4QzQtOTE0NjkxQjVGMDg0fSIgdXNlcmlkPSJ7QzA1MzlEREEtN0U2Qi00NUIyLUIwRDAtMUE1QTM3MkUwOEI1fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezA0NTc4MENFLTJCOUQtNDIxRi04MTQyLTI4MjE5MUNDOTNCMH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjEiIGluc3RhbGxkYXRlPSItNCIgaW5zdGFsbGRhdGV0aW1lPSIxNzI4MjkzNDU2Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIvPjwvYXBwPjwvcmVxdWVzdD4
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks system information in the registry
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      PID:1320
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1CD38F4-A6C1-48BD-BA03-36074A8F0F4C}\MicrosoftEdge_X64_129.0.2792.79.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1CD38F4-A6C1-48BD-BA03-36074A8F0F4C}\MicrosoftEdge_X64_129.0.2792.79.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:3184
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1CD38F4-A6C1-48BD-BA03-36074A8F0F4C}\EDGEMITMP_AA0EE.tmp\setup.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1CD38F4-A6C1-48BD-BA03-36074A8F0F4C}\EDGEMITMP_AA0EE.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1CD38F4-A6C1-48BD-BA03-36074A8F0F4C}\MicrosoftEdge_X64_129.0.2792.79.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
        3⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Checks computer location settings
        • Executes dropped EXE
        • Installs/modifies Browser Helper Object
        • Drops file in Program Files directory
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        • System policy modification
        PID:3996
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1CD38F4-A6C1-48BD-BA03-36074A8F0F4C}\EDGEMITMP_AA0EE.tmp\setup.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1CD38F4-A6C1-48BD-BA03-36074A8F0F4C}\EDGEMITMP_AA0EE.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.90 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1CD38F4-A6C1-48BD-BA03-36074A8F0F4C}\EDGEMITMP_AA0EE.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.79 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff6c2e376f0,0x7ff6c2e376fc,0x7ff6c2e37708
          4⤵
          • Executes dropped EXE
          PID:1992
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1CD38F4-A6C1-48BD-BA03-36074A8F0F4C}\EDGEMITMP_AA0EE.tmp\setup.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1CD38F4-A6C1-48BD-BA03-36074A8F0F4C}\EDGEMITMP_AA0EE.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Suspicious use of WriteProcessMemory
          PID:1904
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1CD38F4-A6C1-48BD-BA03-36074A8F0F4C}\EDGEMITMP_AA0EE.tmp\setup.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1CD38F4-A6C1-48BD-BA03-36074A8F0F4C}\EDGEMITMP_AA0EE.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.90 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1CD38F4-A6C1-48BD-BA03-36074A8F0F4C}\EDGEMITMP_AA0EE.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.79 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff6c2e376f0,0x7ff6c2e376fc,0x7ff6c2e37708
            5⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            PID:4012
        • C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1420
          • C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.90 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.79 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff7af6c76f0,0x7ff7af6c76fc,0x7ff7af6c7708
            5⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            PID:1576
        • C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
          4⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Suspicious use of WriteProcessMemory
          PID:3552
          • C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.90 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.79 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff7af6c76f0,0x7ff7af6c76fc,0x7ff7af6c7708
            5⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            PID:720
        • C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
          4⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Suspicious use of WriteProcessMemory
          PID:2844
          • C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.90 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.79 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff7af6c76f0,0x7ff7af6c76fc,0x7ff7af6c7708
            5⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            PID:3412
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTUuNzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNTUuNzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QkQ4NjMwMjMtRTI3Ny00QUYyLUE4QzQtOTE0NjkxQjVGMDg0fSIgdXNlcmlkPSJ7QzA1MzlEREEtN0U2Qi00NUIyLUIwRDAtMUE1QTM3MkUwOEI1fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0E5RkY0RUI0LUNGRTAtNDYzRS05NjdDLUI2NzQ2NUEzMDkxRH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI5LjAuMjc5Mi43OSIgbGFuZz0iemgtY24iIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNzI3Njk3MzU5NDgwMTYiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8zM2YzMDY1OC02NDYzLTQxNTUtODg2OS1jOGY5NmJiMjE0NzU_UDE9MTcyOTAzODk5OSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1MWUV2RlprbWRNMU41OHMwaSUyZjVoc3VEcXhvVUdONUlSRDN1WDRaN0U1biUyZiUyYnBibFd6RUhFRWwxTFRnV0FuS3cwNFUyNVJRdUtyVUtJTm9zNHZQdTdTdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgZG93bmxvYWRlZD0iMTczOTU1NjY0IiB0b3RhbD0iMTczOTU1NjY0IiBkb3dubG9hZF90aW1lX21zPSIyMzUxNiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHNvdXJjZV91cmxfaW5kZXg9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNzgyIiBkb3dubG9hZF90aW1lX21zPSIyOTk1MyIgZG93bmxvYWRlZD0iMTczOTU1NjY0IiB0b3RhbD0iMTczOTU1NjY0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MTUzMSIvPjwvYXBwPjwvcmVxdWVzdD4
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks system information in the registry
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      PID:4920
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
    1⤵
      PID:3808
    • C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe
      "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub prelaunch
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4016
    • C:\Windows\system32\wwahost.exe
      "C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4984
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-installer
      1⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Checks system information in the registry
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:1444
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.90 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.79 --initial-client-data=0x254,0x258,0x25c,0x250,0x264,0x7ff8e4208ee0,0x7ff8e4208eec,0x7ff8e4208ef8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1700
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2140,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=2132 /prefetch:2
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3800
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1924,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=2328 /prefetch:3
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2640
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2572,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=2800 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1920
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3584,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=3632 /prefetch:1
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5124
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3592,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=3744 /prefetch:1
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5132
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations=is-enterprise-managed=no --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4988,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:2
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5368
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5380,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5728
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5404,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5936
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5436,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=3680 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:6020
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5356,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:6028
      • C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\identity_helper.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6096,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=6156 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:5960
      • C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\identity_helper.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6096,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=6156 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5996
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6304,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=6292 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5288
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6444,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5276
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6420,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=6288 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5844
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6416,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=6404 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5832
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6412,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=6876 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5864
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=7020,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=7036 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5960
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6488,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=6560 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:5448
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=7200,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=7028 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:5604
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5052,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=5108 /prefetch:1
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        PID:6064
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=3564,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=6516 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:1340
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5156,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:1
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        PID:5716
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6880,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=7128 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:5644
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6984,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=7152 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:5544
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=7128,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=7156 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:1980
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=4532,i,6588182927794627009,3669602228680339580,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:1
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        PID:5912
    • C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:228

    Network

    MITRE ATT&CK Enterprise v15

    Reconnaissance

    Resource Development

    Initial Access

    Execution

    Persistence

    Boot or Logon Autostart Execution

    1
    T1547

    Active Setup

    1
    T1547.014

    Browser Extensions

    1
    T1176

    Event Triggered Execution

    2
    T1546

    Component Object Model Hijacking

    1
    T1546.015

    Image File Execution Options Injection

    1
    T1546.012

    Privilege Escalation

    Boot or Logon Autostart Execution

    1
    T1547

    Active Setup

    1
    T1547.014

    Event Triggered Execution

    2
    T1546

    Component Object Model Hijacking

    1
    T1546.015

    Image File Execution Options Injection

    1
    T1546.012

    Defense Evasion

    Modify Registry

    4
    T1112

    Credential Access

    Credentials from Password Stores

    1
    T1555

    Credentials from Web Browsers

    1
    T1555.003

    Unsecured Credentials

    1
    T1552

    Credentials In Files

    1
    T1552.001

    Discovery

    Browser Information Discovery

    1
    T1217

    Query Registry

    5
    T1012

    System Information Discovery

    5
    T1082

    System Location Discovery

    1
    T1614

    System Language Discovery

    1
    T1614.001

    System Network Configuration Discovery

    1
    T1016

    Internet Connection Discovery

    1
    T1016.001

    Lateral Movement

    Collection

    Data from Local System

    1
    T1005

    Command and Control

    Exfiltration

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\Installer\setup.exe
      Filesize

      6.6MB

      MD5

      5366d353cfe8a8f4ff9b4b8fc5ce1e3c

      SHA1

      4262b83fbfd1c4a4647fbd3a0af85eca81f3d338

      SHA256

      dae41fa913389c700bd64b071bff7cb827c666cd95cbf106ae47daea2438a3c7

      SHA512

      60a16a0866e0574aea9640927c2be205c8b32894cb4e3e76738cd3169a45af97aa00ff31b66a90813c04c43f4e71282319af2a5bb25c4cb602f14a884dbd6eea

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\EdgeUpdate.dat
      Filesize

      12KB

      MD5

      369bbc37cff290adb8963dc5e518b9b8

      SHA1

      de0ef569f7ef55032e4b18d3a03542cc2bbac191

      SHA256

      3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

      SHA512

      4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\MicrosoftEdgeComRegisterShellARM64.exe
      Filesize

      160KB

      MD5

      cf9a26b458293978a908536927ec327d

      SHA1

      e8b293e3799f352921c7f430648c21f79e47b052

      SHA256

      4faa7cd71e234433f684c3d70efbfb1ada8d4172fc55caf78c0705e5646b0ba9

      SHA512

      54447d830595fd5e4cb8ff60e78916b676f983033397932fc0ff402cc310771d9e448cebdb1bcae6e0dd3d90c8968df01171ac52a1e14a36eda950f67909e714

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\MicrosoftEdgeUpdate.exe
      Filesize

      209KB

      MD5

      0032498af2ebc50357cb31f1024c87fb

      SHA1

      9818522c47ec379ff7bddf92ea72cd831691d094

      SHA256

      c6bdf041b02561700c71c6275df4704a52d1fed4ba6a1bec98a602c6c325d6e7

      SHA512

      f83fc43ca54e87a67d949666ca8c30721f372312042be978b01dcdccd530ce5db4d3d9d6ddc934a92c079825b91fd988f362cd481dd87fa09ddf2cfac85c05c3

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
      Filesize

      204KB

      MD5

      cbb1acbff5a8ce79804e687be8e3e75e

      SHA1

      0bb50f813e08ff13d637a8f4ee66e4c0f1fb01ca

      SHA256

      6d483505a0c9fd508ef48323099e2c64fce025e4b018df1d80d60aa00d8fb004

      SHA512

      7f4a8df19f94c74b1898109804f4ec596abe32ff59d35279e58b139cf3210f6faa2697eca422435a193f4f2f90535187fcd233a018a54a0cfc426ced25de5ce8

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\MicrosoftEdgeUpdateCore.exe
      Filesize

      241KB

      MD5

      f70b0fc2f46f5e7082817a11c39e3c54

      SHA1

      9939591b236bdd16ea02e79eb11a2d6fefe2af44

      SHA256

      f6e636cfe7c53c120d834756f52ab407f1c5dc97c27a14e557f24c176e86d87f

      SHA512

      b8bde38507eb84725aad9b7ffa33eae462fe6c7779f7ba650453b10bc9b52128198c4e29a568b0ba865fe266c19af81efc3f62a7ffd68e38e9d403d71b1afd79

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\NOTICE.TXT
      Filesize

      4KB

      MD5

      6dd5bf0743f2366a0bdd37e302783bcd

      SHA1

      e5ff6e044c40c02b1fc78304804fe1f993fed2e6

      SHA256

      91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

      SHA512

      f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdate.dll
      Filesize

      2.5MB

      MD5

      00670be258aacf4ca0c01ca980e96354

      SHA1

      4ed09d74b4eb0cb5b95ab37e341025fb7081287c

      SHA256

      0cb9d6c4fd45a3ba0f8e8c450e90beeee40e57b092906b841805fd3a24da4402

      SHA512

      79a8e1c944d7e38087668db4052f604b4aabd605f7628e2b2fab8526a8001152b2b9e2e6d15f41e701df24e2e44077b0561b88f64de01ac5366a4d9e696cede1

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_af.dll
      Filesize

      27KB

      MD5

      0d8ca15cd08112472d8f725b9d26f400

      SHA1

      6082361001436a4d2c45babb755601a19bc58a10

      SHA256

      a36ec679129d8fa6e3f56b37c88e7d3406bb4d6d74e559e5a272ac8f34a812f4

      SHA512

      8ec03222c8a023fba580a309a487e4d9535cded212ce47aaf3d7f4cda250c99ce25417330e0508b0a306e0ba14f9451cda0a31c550fdf0ec92c192792af1e23b

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_am.dll
      Filesize

      23KB

      MD5

      5b981b86b65935bae5fe5805660c7302

      SHA1

      1107f5a6b8bb4ed1e95f621fbb7b236d6a57e11c

      SHA256

      bd380d64f5b9dd6bd979a78e912f1a3d2a7c08eda3418abc85d67c43c8477264

      SHA512

      d00f6d92f0efa0c89ee042abcb8b583097cd173d80b8009fc9dcda98a25c73edab970d607b4993831577812335db49dd3d76dba64a4cd6adc7b57494f0f78766

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_ar.dll
      Filesize

      25KB

      MD5

      5e9ba26ad6068d5b12ee2ebd74d66c03

      SHA1

      2081cb86bbc6e20965b147f4178990f4c9ba52e7

      SHA256

      6fc47a7fefb2ea88371b5e1ea84b24faaff6d4ccb503e6d9903b8301d16715e6

      SHA512

      ab2eb6ae054cc107b83d877fc44dd62380c4098fbb805033c1d1f87d7172384c4cb7482d1f8931ad5f5b7dd181f6239748497e4b5866c2f406c310c6837028c4

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_as.dll
      Filesize

      27KB

      MD5

      30a0dfc5374347d838199254ef2b27e1

      SHA1

      739c8197c111eededbdfb8e1940e63188bd8c5be

      SHA256

      92cc3b354e786d428ab3bb43c77119b81a2960b00bd9d99550639a8b5c0428b6

      SHA512

      b8611af4595eea99fb45653f6419235368075664721c467753cedd3b71507a28e0d6c5fb2c4b3e01db56d4842c043b14e20ac1ae7c225e7d678c77befdfccd1d

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_az.dll
      Filesize

      28KB

      MD5

      da1dd46046721726b57bab405c7b7c49

      SHA1

      f42267672f7112d772feee601d2add8346a0a89d

      SHA256

      d699ca97e2bc94f0ecc95b2ccefed201786535e7ada3fd6ccb543f42cfc273b8

      SHA512

      b71909c7df499a702b199b87a96d7f25fcc82a0dcbe1138e900b3f386a6204d1b95e37941f32f61a0a558ce2b514f938b0029c55da0e4955229863d8b4b40061

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_bg.dll
      Filesize

      28KB

      MD5

      9fbe7d6ef07bd3af76a9fc97dfd90e95

      SHA1

      300ea110b9ec0ef6c754950ff4dd59dbfc9f2b23

      SHA256

      fef5f9a3ac4626f756b28f6304dc5e5e50bff553930ff35d6b8429ee494b4313

      SHA512

      0df3f0af13d5ed4291ba179846a741149807e073c767b90ab5fd50449879429de6dd2b43954b3a52d3cc77ef4c98dc9efcd594c17784b48c97bf5bdccc90cc97

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_bn-IN.dll
      Filesize

      28KB

      MD5

      583c93b26e5dcd4bab07f7d303ebf5c3

      SHA1

      439e6d4762c2a3593512ff103a8ff32110fd0da3

      SHA256

      c0bb2e9167995db0d8f1f69a202ba00529e2ead8daeb29fcb99d42b0613efb2f

      SHA512

      aafbc518e596969d20327a2b860b63013b1d5bb7c89faacff0ba95a9f6bb160dffd5a0058475ec1ba2c5d07cfd8cd4a0cffe4bb89bd4bb74b3e5981d6beec414

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_bn.dll
      Filesize

      28KB

      MD5

      fef17d66629715ae8ce4ab00464152ca

      SHA1

      f62db519180eaaec0d62f56bf1dabcf353583aa6

      SHA256

      2ee6f8216f4953f3101de9578b392e2de94d59a79d08cbdd327b3d433f2b70ee

      SHA512

      98b2647b3bbb2476371fbf9329fad70934bcc7e1f958e925bbfca17a7083e47a5561db986d260025c339b051f7f00bcaaff938ff351032b95075bcc589b7255c

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_bs.dll
      Filesize

      27KB

      MD5

      c359759bc31042b62167a40c7c0203b0

      SHA1

      21140ceadd92ab23835c0e7a8f2e2fb95d0ccbdf

      SHA256

      43fe0258ad799cae8bb20f23c20d74fbbb4b650b97b1b5b737d1d1728556d897

      SHA512

      1d5837ef553223ac09e93df362da460002fb4f9eccc19120c4fb8c29cd453139a3cef54e9514217ac2d862a423d7a82f3e3d9b09f00c611cb16f19dfbe90979f

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
      Filesize

      28KB

      MD5

      5928df4290e3b6e8676a5aac6ddbbc31

      SHA1

      d83b71bc4b37c3b228b113239506f89761a55f7b

      SHA256

      ac5f350f4dc790f61135186c113bb2b8a78f26dab322ddb86b0e3403ab960721

      SHA512

      90113cfe50355d6df04382ee69db6ddad1651e771d0182e28d0d3de3d1d5a2f10d22d5de2b54e12bff1fa5d478513c881e9cfceb2b471746fa870516aa3d0e69

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_ca.dll
      Filesize

      28KB

      MD5

      c2cc0764c763cd30ab629173ad2c9fdd

      SHA1

      0e681669c04e102a4b031378b38c2645dd42bb3e

      SHA256

      f3b266910a5bc6f738c154cb6a754cb55df05ad7f01cd6d61cd6e0cc8927455e

      SHA512

      f54ac389ea62f4c4af5cfd727be094d43976c53a84a1df4313fa5c81bdd9f7038ec9b13832abda95d6f496956383708b3828f41e4b746ebf645dbc343f6568e6

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_cs.dll
      Filesize

      27KB

      MD5

      ebe48b47180b491688ec519a8d9bef73

      SHA1

      bd98b11dbaef493968d999c22e2e35fdadcc51b2

      SHA256

      02aae7715ad305977f316b9c80989ec63371c4c3e813b64252fe5f92143201d3

      SHA512

      7b2b7204505d73ce66ad070bd31a7790dc56ef071bd233b7be3eb1ecf82a9cc30a605c0524c707d10a9828849de69a7169f8af5b7ea1c4da797deba89bcafc20

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_cy.dll
      Filesize

      27KB

      MD5

      909c5c6afa14ee9756a4291077f2359b

      SHA1

      819e5e4f3197a6f45b5ce461ebda5b8dcf5a9a8f

      SHA256

      7b0b45ab3f199a316d33be841867e0e5219db63174efb5e6d9866816a3faf770

      SHA512

      a7b75854111e769dbfc0fef86e6561aff12b883c34cd91d15a2f209c68d76412670e9ca732ca159bab42176a4c3f1d9707f8e9db5e21143c15d13eafa1381d54

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_da.dll
      Filesize

      27KB

      MD5

      764d47b36dc060e15414e850c974b983

      SHA1

      4cd0ef1c6a951c50844e441a3673de505aa38004

      SHA256

      3fa89372d50cee57a316e279bb092287fad67ec1f47cc8f75178a985f43b5cd8

      SHA512

      9017d3ddc85a919fd1ad5ae182c2e4f1194eeadea98f185a158b5c424b7730f30f10b18ca902cbbbc83d6567033d79327c7b1efa89d36b55b9066a8785530984

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_de.dll
      Filesize

      29KB

      MD5

      24068ddcee174136374b56b4148678af

      SHA1

      604ed94670081d22a50436076d813f3f09d71e10

      SHA256

      8480fd2d3c59530bcb1fa9a07de57f354d4222155d928d1784cad51dce9e30e2

      SHA512

      f8969cd5d3d34c2b1b1be9cc62d5e33cd7798ceced2ecb173c4c01fea3fdf72eac91bb533a7b2ccee6fcae5ae00c56c5f945de70c003ff30838c62a211a837fc

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_el.dll
      Filesize

      29KB

      MD5

      62a99787a2c037f72588c10af0a4f97b

      SHA1

      376981b7ab0da3a63dd324fb679046c1e2fa2542

      SHA256

      b2b41c07abdc47d8670ae0f0c109450de99e95888cc2a1589bb526ab5c6204dd

      SHA512

      23c9eae2398adc8ebd15ae8067d528650612d2ed7afc3378bf7bf86453139ae1ec77283f15c1872f553e9461cfef4a5b0b4e7111b86124f628f19ab1e4cf6251

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_en-GB.dll
      Filesize

      26KB

      MD5

      8816264aa944a8f17e3080af13badfe5

      SHA1

      a200bdac7ddd6e52dff02530bdb6bcaa7c0ec271

      SHA256

      6d059098bdc372b4cf14b3bde4832ff2c68e4012fe5bf6bfdc08a39c5f746178

      SHA512

      89eb5ce3df70977d257f8524df8fa3f3f45432e7d9000db371f228f0d574b7dd844682eda7cd8a511d44bcfc4731dfad053db86ad5570abbb6d9a7db103e9bfa

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_en.dll
      Filesize

      26KB

      MD5

      c4e594d01bdcefcb1b71f06697e13c89

      SHA1

      26a90b0912332fde26451e2efbbed6bd8c4bd02c

      SHA256

      a1be434cb4d92a01fa3b43c1967f254be29dcaa25ceeb6cb13fed711f90b81ff

      SHA512

      1d0a1cfc7c8e10bc6b2cc9dcf6db0e204877439fa4cde26e6b1464cedb35676e67416956ca1b2873a10f0ab00a6049d000097c254ede77b06b1f329c34f17d0c

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_es-419.dll
      Filesize

      27KB

      MD5

      a3a5c7c28cdbe9ff4df338f6f9718944

      SHA1

      4c73b46b2076a16f8b21257865ce8b3d9ca94263

      SHA256

      c2eda53aad3225b73496c9eec5f933d902dc9a3e7c90530f77b5bbfa269ae09a

      SHA512

      1db7979e99b207f7c31a5db1cdcb76f6738c622c9c9146ae07a232c40f3dd2232f031c295d802bd3472006cd384ae7739ad6afd47fc31984b2101c6a2a0ecf8e

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_es.dll
      Filesize

      27KB

      MD5

      0444405f398facffb9ac93c90bd61a80

      SHA1

      1fe865393a4a9967966ed4310f342280b6c9487c

      SHA256

      83a11402bb26ef3a58c1bdf550a34faf76758a8a84b423a6f0a94a9692fb584b

      SHA512

      a5df3e52a4169acb1c89b060e09fe5e6c18fdbd0c597c8b55e843895dc8433f5804613dfd2f4a16d656593effe62a8821742b6226abaffe9c2480b9b9da0de25

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_et.dll
      Filesize

      26KB

      MD5

      657c0184668515f256a8011c162f0bc1

      SHA1

      ef56129d4edaffd59342ac2e94be2c570f44d23b

      SHA256

      453597b38cb5e06b4596d8ad3763b08cbcd806fbcab0228179b40c065a7523fa

      SHA512

      9340c5eebab4376b7fafd32985ce625f808311ab58d028c246095804c8022bf6e7e7dbc366974e5b80bb4117558ec566c1d40839ae451277d97cf8626693b223

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_eu.dll
      Filesize

      27KB

      MD5

      b12325fe45848101245c164385c62205

      SHA1

      a3c8d6938978c30c23534515bcdf45bb27eba40b

      SHA256

      0fad2dc2ec7c313cace9afac3e645ed0b0d34df468a6f51450b15ab71793c3c4

      SHA512

      1f5e63aa4061f9b1ea9f7fd3e092d8d978df6c34416e4139f7a7eacf8976ef8a5dc1b89a69e276e6e02d7b15f4ab50a2b958c98585563cd51a582561f1f6ad93

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_fa.dll
      Filesize

      26KB

      MD5

      8ac4c8e4072943915105e358f3b53193

      SHA1

      0badce4b142c3ee14ac906bf6be7d19f4af46641

      SHA256

      abe601ab7930302cd675f3ad1582b9fea3837166e74f23f24765eabb7ae86d1f

      SHA512

      267795330e1b10e29d4a7e54af14f3f621a612eb9b2bbd336cb2eec3e4feee29baa9e87c08136cafda891a3729aec4669cf55684d27f950695195bc20ee752ef

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_fi.dll
      Filesize

      27KB

      MD5

      0b6513b1eeb7193ec6561ee4c82f0315

      SHA1

      fb5a8b42698aa4250179e5070422fd8adbfa9e6e

      SHA256

      46c2c90780924935d4213ece24151f07e63d6c1dca4d99ac0542967a56ee9f03

      SHA512

      37dbba2e969534dea488a64aed6b9a3e2ccb079b36865dd00f5e60f87699f60e7626ff85861aef2d52398fd95cda1637e39a47e037e26dd6feb26268fbc40ad6

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_fil.dll
      Filesize

      28KB

      MD5

      c020597034e8e3f1a06744195ac08468

      SHA1

      67a9485915cfbac21d4ca172f685448e89bde928

      SHA256

      6ee5908725a1780779a72022a1e0d9bca32a2f027907e7ec1b12a964221dfb96

      SHA512

      d8ee3eb3f810b35dac344828cb920fe5fd0a1c8a17ee72b5a9b7e253b054b7bb43b65d2f1fc4232aac4364597c6fe8cce68e9f2867038661b1421343234a4824

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_fr-CA.dll
      Filesize

      29KB

      MD5

      4df8d16f45846075e652ca9b701faaff

      SHA1

      a605eaa6cf9fd4ff2e46aae331d48cbda1e50102

      SHA256

      03d31c89ff1512a0671390151d0f30015fa445ba45364cbc4dd6fcef07198d37

      SHA512

      3ef64490fce1702632557a7ddc24363620ca272e8b61e48c1f2b74374db83b52a59f156cdb019e0205d0d6096ec9fd73a15183eed2e3e0b8d8acc9b96e3e0690

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_fr.dll
      Filesize

      29KB

      MD5

      5b460959d67d7c7dee8966c7593e2d9e

      SHA1

      bd4e1eb217d319f9367a3134d488eb57ef7456f4

      SHA256

      7c8218e882f0b19291f8088fc1a0e9d8f793465b80b84c282558e19ee349efd1

      SHA512

      c15c161b1cf16e8549675523ab2ba5086e5e090cf7a837f2aef6bbcce201505f9ff2478c774261ddb9f8ff563f8fb41dec0c6d8eee43841ea1fa0455e9b11136

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_ga.dll
      Filesize

      27KB

      MD5

      807d3b85c91a3a78d857724f6d4df8f5

      SHA1

      64fccdca9e003186890c336dc5667455b8055c71

      SHA256

      2a00e20da2ce93516d077fb52db7149b162e5a6b9fbc4b8f7ad442d3e51d3c8c

      SHA512

      66ce1ce09d055676c919f36e31d944e7c4d5bcae0b6343d22b6fd8880602b326f9fa610e7e120daddc99fafa5c8a1818d428fdc6fd206f755e81a56f73b463d0

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_gd.dll
      Filesize

      29KB

      MD5

      0cb26946b22b67acbd2348d25baf1f11

      SHA1

      9b74999efbe944089ef779d04d92579b82b4683f

      SHA256

      fe58df1b17fde8184475607bbb4367911c1ca9fdac79f256c001eaed0acb6b0a

      SHA512

      87e9cda95c6cad7f6efcf71068e9ac6c4e73858062079d4d264e7bd2f1e4126948e0d2ab57c9be7ff9f21fa59eeacab477bb455ab06f547aa3c5270fe1192b66

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_gl.dll
      Filesize

      27KB

      MD5

      0a3eea473ed114af963258dfeac97381

      SHA1

      55fd6a61fb35eea2a34a831448b4f3a9b7d1fde2

      SHA256

      7ce39b48849e3e33e78e9a39cc84665c33677ad248de27680c67305b4e6fa87d

      SHA512

      8849621aa87728b0fcca0aed5e598019630f91b609214c043d9e7eaec53a39bd95c8cd77e7eb5382ec8231df5f4742a7f59e031d8efb4643ebb4f27bccba0cab

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_gu.dll
      Filesize

      27KB

      MD5

      d75d2279ebc522f7b88d8e388b55a6bd

      SHA1

      ae532f5cf3630fd164458ee2b9178805c93064d9

      SHA256

      dc9e53b4d5b7cc6ea74effe897b6958b5991ddfbc60baf3ff5af74fc71fc138b

      SHA512

      741fb93967b31091905df55899c33303e80b1273187e296a10e4b85d7f93f53bca55e3f76ef5031d63716615e4c258b11efe19355874cda3624db39b0770039a

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_hi.dll
      Filesize

      27KB

      MD5

      8088a0a302b58718eacc92fb787c74f4

      SHA1

      61dbe98e235723d82d7daacfbf3b0512976798e6

      SHA256

      bf81c79c7a6f20e7c5d28d4384129d9d5a61c1df5fcf1e249802e3c979c9d7c0

      SHA512

      41877350e92d46792f78984158557ef3cf78b7def79eb3b917e896e30c7865591406bd0245dc12220275bf4977aa25352e77eec037c46aa713e01a36d070ecfb

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_hr.dll
      Filesize

      27KB

      MD5

      af2042a5338884a7b07ac78fb14091c8

      SHA1

      99c545e0ebbfb382918955519f88fc1a68aba125

      SHA256

      31143a690e4c51859e18b4f9221468042e705817d52170ada0dc1d508c455cb7

      SHA512

      5b00c5730c0233c196043b05ab4462c79b30d181ae7cdafe18713be881e09538b4f58cfa5c0a8c17f31a1b9459100dea3ae1adbee42d77f407b94fb25ed4575a

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_hu.dll
      Filesize

      28KB

      MD5

      2f8083b85f9c4f588cb8843e21077198

      SHA1

      b21d1cdfaaa7b93064659614b3f27c8b4d5ce5ae

      SHA256

      9de51be04b9b01664132c174bc2567fb2fe15ee4b74a6e68c2c7e8c8808ab184

      SHA512

      296a6ce20a253c7e77ce94dbf46ec96b305df153915f96e338df21fc140bedcb9d4ba29b7faaf280a0dc607a870ee96254de9dc469c071c90fdd8c499ee8ef5b

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_id.dll
      Filesize

      26KB

      MD5

      41ac4e817c88a1fc008a43e25c4d71a3

      SHA1

      ffce205ffb01a54f96b0191b7c15dc3cd769e337

      SHA256

      d4009d52a419b3870036dac6f40202f3670530d574829ad55616d7a00808d9d3

      SHA512

      4d867b4ef9f33d93b67497ab52b826a31c130bb385734a5fc6278aa3b93346cf148713b36fb2eaa0b8f1196109b7975c45cf40ae3a69c1f109a9da2e42d3e0d8

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_is.dll
      Filesize

      26KB

      MD5

      74d1be37b419bc050be7107d5320b8fe

      SHA1

      98d9868042a4671b0a9f5abc17289ce42a685077

      SHA256

      5a379b8d3b188c8f321c4f58c9589a1e8e53dddfadd493fbea84bd14532d8c4e

      SHA512

      e26e0c72b14b835abdecc0185eb4a0c664ab749ab75b178fae687538bfa6607896674900403ce38e5aa594f6e78f1c4bc3c61db49a568fc89c0242c8605af62a

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_it.dll
      Filesize

      29KB

      MD5

      cdd173c3f540c2fa198c84657804d969

      SHA1

      2278b71961c16c366760c972467d57e11354eb22

      SHA256

      c381989587679bd6e6b90632bfe57c20c987127fe5743dea3ef278745faaaff7

      SHA512

      01fc2e45183932c5b3029f3ee625d6c5fc4449f5f7cff11a963aeaa241fa2a510ba455dc4a408a9a0b0b0f127407983395545d0f8875d9a13ef1f368ddbd15f3

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_iw.dll
      Filesize

      24KB

      MD5

      0ec86b4b2f37b6d19b7f884852730da0

      SHA1

      d39e6b0e1fda1e26b873ca635266b87bf41667fa

      SHA256

      637178fef36bcca7ac50b10091731d86d0b73892d60b98531d21614fed28dc30

      SHA512

      f49f9db37fbc1c47bf614ef391205a1a7da29045dec4f15ecfe38472c62264e5d107181d55b27f471b626fae7b6328ce05e8e60bc61ede271fc4c47804c0a4eb

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_ja.dll
      Filesize

      23KB

      MD5

      02ef894b4b4b6d8c071fffff05f810ec

      SHA1

      4c36f9c8a4f5e22726f87402826b69cd29087a9f

      SHA256

      d0b824b90377e1912c349923d3cfc63018bf96f96ad6a46b0fabf5897fb248cc

      SHA512

      99dc3dbb5eded5cb369fa080bb03299e816a51d541069d93982b85f68bd1ff116483d51339d530cc475015510e9186d9794aae0caa389cbc97a63cea2e39dcac

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_ka.dll
      Filesize

      27KB

      MD5

      df96e9023cdb8cb827703e1fb9c592de

      SHA1

      eda83f777bc404c3bcc0c3eb7a12d5561238ac28

      SHA256

      415ab15b6a48176f3bcd09672de89ecd39684a482c9ee0d45bce366fb3450d43

      SHA512

      23698883a68259ffb36dd932f6b74a2257e8499336a66a41fe0b2a98d6e866a90f4e071f5d41a3942d3e4884a6dd7488b458879f8379fdeb4676edf593226e43

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_kk.dll
      Filesize

      27KB

      MD5

      9022a388f56e7f59270dbd0ec1e36583

      SHA1

      9a3103a02938bf873e0398c404b3b6efb27f60d5

      SHA256

      2e54385d95fcbfd998d5d83ac408c0a45af2329930678bc822544a46fd7390fa

      SHA512

      68455fd649d03927eb484b515838c2c5fb24eb8ae1adec80e60f83c5e150bf701b9adb43972e5a9050603af68cdbded152150c5dda5d90b04e2a942d053a7c62

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_km.dll
      Filesize

      26KB

      MD5

      a351a85e384b65bb7b5260eda1aac709

      SHA1

      9446d97d7d32deef18a9e1c62167747aa316fb35

      SHA256

      48423fa045bd50175e297cd0642335aafa57d16ce4eaba59734f12f88d2d526d

      SHA512

      0dab0dd012c53426feb07ba55dac3d8fbb718e1146b8cc495278b3a432277ecb454d181f48013cc86ee9e26d722c5e070d418a0dc86f9594e0c9a017126ccd94

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_kn.dll
      Filesize

      27KB

      MD5

      5ff19e69a260367c9f4e667d283da5d7

      SHA1

      e54c111fb7a02baadec488c358297a877aaeccd3

      SHA256

      c5fe72e4bf6ec76ba7f4d14374a2b15873de9a5815227ffb303a0b165dfe790e

      SHA512

      17a4f5a6e927146dfb3690d8e5cae29bb898299953734b1c1d8391c38106dfa96dca0246dff83b2bfabf9840661828fa7131df74a69b1ccd1470ce01f07fb99f

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_ko.dll
      Filesize

      22KB

      MD5

      7a79d9fb7cb385c79c5cd7fee302d9d2

      SHA1

      0c2ec8d27c8faaed1a184929e92dccd1182b0e32

      SHA256

      9463457928689d87aa7a52cf5a205bb8bc67c0f94eeeed681715125582cbc2df

      SHA512

      224a3a960577afdbe47bfb42fa6059314ae16cf26686421603d1276bfa3bdcf58a9a26fc6dca298f9ff2f6e190a3008edf8a614d28cc354a8bc253b65b180d95

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_kok.dll
      Filesize

      26KB

      MD5

      ec003a7505d58aa0ec231415267c97ef

      SHA1

      43f4ce1a7c859b571042f2f23cc6a758ed806c95

      SHA256

      eb324b717e98ab6f47eaa65a7ba9e0e7ef9c7563fd05613ec149eab121edf86f

      SHA512

      20f61759938ed69df7b40628587915dea21e2ded3c9901ca9334b6add5f21995afd8d90ce7e290b6b51b9418395f526acca90f8071b6564f85a08d1253031bfc

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_lb.dll
      Filesize

      29KB

      MD5

      7e830cc3d425a9d58f47b67f0c0284eb

      SHA1

      e7535444087b1c43f2414385bf77a59afd4ffb28

      SHA256

      3a99e182cfbae7e5909a7b35408db26ca16d987aeb5f068d0961933a5a4a7a5d

      SHA512

      90995fcb27bd58b9c0d6b08418eb66405ff5287ab9a4b27d08a5183efb54828fd3a9acbabb7aa146a6eb0cfb0c9aa5ce9f32451a35a9e0f5064850cc305f5dc3

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_lo.dll
      Filesize

      26KB

      MD5

      20125fa0aa6057fe9483195d98b53b6a

      SHA1

      b90a5dcd8e65be58c4c8d6276aa1364f4d0d7e1d

      SHA256

      a909ffd028323697edc04d824a9de5e4e69f26fb6c8e9c11b0e311bf5b940d17

      SHA512

      460c0ebb18336391c25a60e99ea0927b36833ca2c91de6fc9cf3f32ac90e7e45527d95f668c03a859d91024ae7ae5372719ebba2e2c7745091b768407e2e4f9b

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_lt.dll
      Filesize

      26KB

      MD5

      91c5d6031932f5d0cfb2778d08d6f63c

      SHA1

      9ae092d7b0b189eb24a2d4282f6598577a39eace

      SHA256

      afae45e481b705702da9b8c6b1cc32aef6e1c5df3a876dc8ad8b75fbca8a16ef

      SHA512

      aeb8675a78a48069224d0ce13ef69d2211b96d6e9c7fe75d0560bce03091ef9efdfb085cc616097072dd952e605e73e2493d6b38b03e01e7f8e85987b0e680b6

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_lv.dll
      Filesize

      27KB

      MD5

      47de5673add4c9043d0890e27afb273e

      SHA1

      efddeede2791e5ab1e57c3afd4399b0a439b7497

      SHA256

      6d3918c43a0eee94053e38c9b45dbf572af62ebd076c1317a5af8db10868ee34

      SHA512

      0a61f73b67aee5f980dedf14bad2df4cde19d0cbee83c76932a3936e5d2a9b66c131bb367d74e030ca453a4772d2beb5f72e79f6f3c0bfb9cc4856c3ba26de4a

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_mi.dll
      Filesize

      26KB

      MD5

      041dae466e6b239074777761a0367443

      SHA1

      6c24a6998ebec33166eafbe96a48b35eba37b687

      SHA256

      e223da37b28d7f5a810c5bec7c4f75ca510543da39149c29d46186a262ac7dee

      SHA512

      2a065e8ac98745975fae07c59458beb00538241ae6db4d6fb4ea060534be34d9cf4aca7a693201c966af08153b4933997c38ed365165ad8822e8284d4e21152a

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_mk.dll
      Filesize

      28KB

      MD5

      56ad0075951eb0e86c590270e4705bcd

      SHA1

      d9700d6916b67ce17580b1f4352e2f1d8b3c7847

      SHA256

      80d6ef7486242fd3c32edaf0873d33bde6760211bb7250b8c2fd10bca7bf48fd

      SHA512

      4c3631d0a5ec92429227d0c1368eb3d62563dea99987cfb1becb5adabd957a73fc31d8d9d2ce1e47c02c516f5b59e4168c00f83037630bd554ad0db61d5cbba2

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_ml.dll
      Filesize

      29KB

      MD5

      c593e9b76e715577aaf0bcdfb95851b3

      SHA1

      ddc41ffd24dda7963616aa9ab1e01147734c0556

      SHA256

      8c38ed4b49392aebc5b2ccfaa539cc12a58f63ea978beb1fdc95a99ab96eb1d6

      SHA512

      f5b7d40fea7db346125f22030189ab22d4abf85de38db0045c803a32b4e8cd65288d757bf8fb321d49df83c783662d7b10a89dceea2ae5504c161662fa2fd366

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU7937.tmp\msedgeupdateres_zh-cn.dll
      Filesize

      20KB

      MD5

      e9ba49c77424663bee64e88230731a2a

      SHA1

      44613f031f906116d4aacd3280d06989c2043b56

      SHA256

      7d7a7ed6f714ec7a9c98b275321c1ec587c7275fe821be40a6686af7f2f14a0a

      SHA512

      c7b27f76feefff79d114fa2f85499b46a5501a036dbf78b45910b90327151ae47e7f7c63b23f864c5c899ca202c86dc85a8ee9d8b361ae357753a143d7a1b9e3

      Download Submit

    • C:\Program Files\MsEdgeCrashpad\settings.dat
      Filesize

      280B

      MD5

      d2077691e9c369ef8f377d561dacb0f5

      SHA1

      a24e29ce59dc692886c21534f8d30a43601d1c71

      SHA256

      2ec33c73a38f3d99f754f81c82aef1af638b2974d89618f435cff30919c4d191

      SHA512

      c9c072d2f2bdb1eb1abb95f9045bf0f7babfbc760c3b47bded333f76b0feac20a5dfcac631fc914a878793ad760ea8bc4f403e09b6b3cca8fa3377e2b4504f02

      Download Submit

    • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
      Filesize

      93KB

      MD5

      eade2f3fe6e50a0b7b7d50f0fd39b366

      SHA1

      f6814375a9a0fa7a908be37cacbbe8102754929a

      SHA256

      a8ac45e2393d1953288ab9a3f5982288f0131424f2dc880b474f4cc7b08b1910

      SHA512

      a3ea556a3466e8f76b32f43b537de537e578c91609c906df64dff9c72df4f531869afa5651c1a7f62934b49b23b82db7f46bd4e49a0bbbb1a46e848f55101fee

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
      Filesize

      280B

      MD5

      e6649210b3f276eb258b161bf9548533

      SHA1

      d83c8e18baecb1488c74b1349c4d53f14bc2eab1

      SHA256

      72c6708f93793438a6824f5da26e2ea39478603898b80c900dfae17628a721cf

      SHA512

      e09d2a1695968d7ab96a222ebb56de25fc5e6b4e94f55bb1dc0723933994197bafebcd37e1589e162d1a674d9a51a3462578e95701cef557f1bc90cce7d6849c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
      Filesize

      280B

      MD5

      4bd584468d5a7a4efb9363b6c9edba59

      SHA1

      e4514dec3bcdfa4aba5d16a1737084a9d03169b7

      SHA256

      44d52da1ab207f19091101f36378f5b41339365deb1cec31f56094636cd7a3d2

      SHA512

      c3719d31c5d819c587e3322909c7bb927df7894c85e41c3c9e78f2f246405a13b64e79db0276a2f7aa036aecc947caa1284eb07b73ccf6f5fdd7c4313ebf0b20

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1
      Filesize

      264KB

      MD5

      d0d388f3865d0523e451d6ba0be34cc4

      SHA1

      8571c6a52aacc2747c048e3419e5657b74612995

      SHA256

      902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

      SHA512

      376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
      Filesize

      72B

      MD5

      a65b87c072051a4d1e66adfadc122e6c

      SHA1

      322f81e143c5fed650535b09e9b43db7cd4bdc36

      SHA256

      bb8394648f3a19219bfbf9171734c2ca51479fc496504c94aa9cb99b97f0d1e4

      SHA512

      1faa173c40dc9c99f0c800dbaebf7ac12c76adfee6d2c62db85d52aaa2e7f16374c9fbe4efbb9f40a2a3d3b372fb8328de3c02e06c9914dd6cc0341a0091f0a7

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\31af676c-e6b6-4baa-a039-c031a4fe860d.tmp
      Filesize

      2B

      MD5

      99914b932bd37a50b983c5e7c90ae93b

      SHA1

      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

      SHA256

      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

      SHA512

      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
      Filesize

      41B

      MD5

      5af87dfd673ba2115e2fcf5cfdb727ab

      SHA1

      d5b5bbf396dc291274584ef71f444f420b6056f1

      SHA256

      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

      SHA512

      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT
      Filesize

      16B

      MD5

      46295cac801e5d4857d09837238a6394

      SHA1

      44e0fa1b517dbf802b18faf0785eeea6ac51594b

      SHA256

      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

      SHA512

      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js
      Filesize

      9KB

      MD5

      3d20584f7f6c8eac79e17cca4207fb79

      SHA1

      3c16dcc27ae52431c8cdd92fbaab0341524d3092

      SHA256

      0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

      SHA512

      315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
      Filesize

      2B

      MD5

      d751713988987e9331980363e24189ce

      SHA1

      97d170e1550eee4afc0af065b78cda302a97674c

      SHA256

      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

      SHA512

      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
      Filesize

      20KB

      MD5

      165cd079c44a3327066410860137434e

      SHA1

      c479f86c0ab098f0443c3873cf633e1692500e29

      SHA256

      04853c2e33f09d98fbc42f7fddda840b0655fafebc07215a902a541c40eae1c0

      SHA512

      4fe42c4a2b6b5074c7c050ae35e3e4cdf4a18d6361fe9d62dff1bfcb81da35626fcb085e92f85f33378c2d90409445f068c9f868ad6e2878b1407b9e41f8621d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
      Filesize

      20KB

      MD5

      05384a723f43a840b793482d0610f263

      SHA1

      25974392b683204b081ae17cb6b462a94258fc6b

      SHA256

      974fe5b9fd2dcdbd22d3ca08f302cabe15494702fc16494cc9a425e24b4aada9

      SHA512

      2bacad20598c00ea39436177fce1f0b0720efc78e21fa5154b6d56ae7bea8783272b984cf4e2a7584c0b45768c89697e694fb60259ca9a735c1c4f39ed791a82

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
      Filesize

      38KB

      MD5

      fcb8bf51cb58eac331db2217516196e2

      SHA1

      c55ab5e3e65f241a025d98930469f9d152390ec8

      SHA256

      c318538ab7e4b0b6cd383602af0ad3888662503c29782a299ac2c38ff2ace38f

      SHA512

      d06e0d782c3922367222a16bf9dca391dd14b7e71b9b881f5eb34edb2b01c722609a1d644ba1f19e37f9dff9cb1339eb3eb51c7a7caaf53e590f8ab8f1d535b9

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0
      Filesize

      8KB

      MD5

      cf89d16bb9107c631daabf0c0ee58efb

      SHA1

      3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

      SHA256

      d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

      SHA512

      8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2
      Filesize

      8KB

      MD5

      0962291d6d367570bee5454721c17e11

      SHA1

      59d10a893ef321a706a9255176761366115bedcb

      SHA256

      ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

      SHA512

      f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3
      Filesize

      8KB

      MD5

      41876349cb12d6db992f1309f22df3f0

      SHA1

      5cf26b3420fc0302cd0a71e8d029739b8765be27

      SHA256

      e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

      SHA512

      e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
      Filesize

      5KB

      MD5

      06725c4c979a844690f43fad3aa65f7f

      SHA1

      4528b29c7a5bc962e6ce5acfe9c764d328ee7c6d

      SHA256

      0e299cd92a2201e77fed3ffef842c3024dab5768c34877701d73013b32481f0b

      SHA512

      8eca46fa7fcf221405d8d16fb248285bf49fdbebd8e28964059219e120f6e609565d974c16568c5701078177e23a9d60afa30e997cf5db60944a7bf2e73a9995

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
      Filesize

      7KB

      MD5

      3713735ca462bff8845e393bf680ab02

      SHA1

      f4eb5a16cce1478ab82bdf1f9fd54ef2cdab7ab1

      SHA256

      1069860ce1fb630c08de9e3006183274aea9d18223aee095da3a334a8adcf421

      SHA512

      deaf172a2f57678f93d9d9d9fa40b4dc54733166ce35e9a923180dc3d40b55af8ed113ae552d8401c40f93ab73be76b0aead2b8bd2cf81e9cc498b842a2f4e76

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
      Filesize

      28KB

      MD5

      d94d95ad76740f06afde47b7da7e8466

      SHA1

      80ad7d2aacf43082ed1a21fb23fbc7655b4dad7d

      SHA256

      feb2ceb392a866547a2996758c3c396e8ecf6ce4e8b949105d315bfa0d95b8d2

      SHA512

      65857b86a4c24a3f1870a1bfec9c628c49b2c2ab50f7c669db515938b21bcdb5d26e9e831a7cb8193239f0074a210b272b6547447a1ccefcf49a52366869253d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
      Filesize

      7KB

      MD5

      150f53c64b9f3a9fe59cf5a342e7cf43

      SHA1

      52ca3a5151bc690c8917b85e324bff0d4612e917

      SHA256

      eeae7c748f662813776d002d5c9ccd7a6a7f3910f8fa3f244b3b395ad4d14000

      SHA512

      2630233ac0dbbf0aab7a9adf50d5c9c32f83e547524df18110c246241ee6bb56bd3008dc600e5a7a592d1851b67cb05432c7cab77ac31747e6c22990f26b78a0

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
      Filesize

      5KB

      MD5

      896e63d40097ec7e4d22128376cb126a

      SHA1

      fd0b69e153e59c931e13b9d24b0e6f72db717670

      SHA256

      f4d8c4f9b4f5e53777ebc4e9653f030f71e301ed53a4351936d644cc3dc96d98

      SHA512

      bedd6ed1b941a30d316c3a65e81a02d22855f801d789012719d418c93c8c1ebe5c0fd12c71b1d2107ae125efd2237cdaded71e1c68905558d0c4be854dd00c5e

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
      Filesize

      9B

      MD5

      b6f7a6b03164d4bf8e3531a5cf721d30

      SHA1

      a2134120d4712c7c629cdceef9de6d6e48ca13fa

      SHA256

      3d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39

      SHA512

      4b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
      Filesize

      2KB

      MD5

      454d2813057ab3e5fd18759c6eb7e001

      SHA1

      9fa7ac245f35d44e3320f22d9443ff9fc027a3d3

      SHA256

      de6615ceacd0a0cdac72a501eeaa018564989a90720e8aaabbdc2e9ab93a9581

      SHA512

      2854bd47cff6399571d8b4601ae02fc8808da1bd829d884db665a5c6be46e9cc3913d5ee04e46d616a2759eaec47677c4e347b8fae115310b31f2ec8b5fe4208

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.html.~tmp
      Filesize

      104KB

      MD5

      effecce1b6868c8bd7950ef7b772038b

      SHA1

      695d5a07f59b4b72c5eca7be77d5b15ae7ae59b0

      SHA256

      003e619884dbc527e20f0aa8487daf5d7eed91d53ef6366a58c5493aaf1ce046

      SHA512

      2f129689181ffe6fff751a22d4130bb643c5868fa0e1a852c434fe6f7514e3f1e5e4048179679dec742ec505139439d98e6dcc74793c18008db36c800d728be2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\421547cc-e6d2-430e-a324-2697dddd9439.tmp
      Filesize

      1B

      MD5

      5058f1af8388633f609cadb75a75dc9d

      SHA1

      3a52ce780950d4d969792a2559cd519d7ee8c727

      SHA256

      cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

      SHA512

      0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\dc9c31fa-7fe7-4499-b39f-84ccbb1fc863.tmp
      Filesize

      10KB

      MD5

      78e47dda17341bed7be45dccfd89ac87

      SHA1

      1afde30e46997452d11e4a2adbbf35cce7a1404f

      SHA256

      67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

      SHA512

      9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\ebbb9367-9bb7-4042-91b8-d6aada5a6800.tmp
      Filesize

      132KB

      MD5

      e2d2f826a2253da9da88faea320734db

      SHA1

      17b24a01c01485399600196b6aa68456f070942f

      SHA256

      e59d727ad2f2ea2612506af5418a2ebf5974f16f7aaa9f7497bc92d75a451624

      SHA512

      ad0686dab396d77cbf6a39628aca8a712793257232eaf43e4cd27a27b32a7411fd2755bcbd92d3a9a7acf32b0e7974ac65fbc5b28615d91f48558acac7af767d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\edgesetup.exe
      Filesize

      1.7MB

      MD5

      c243102e4356c7e6d9452dd5971a3057

      SHA1

      b77cf140028277088e11624c15d72f861078db9d

      SHA256

      adccde03bff2a7f178c7bd744e2fa3766e99a830d0031e17b98acfdd53fc5298

      SHA512

      6034e9ed16d03bec97e852915d81fe2e65080a35634f55346a3840f9f23ab21ab1dae71b6547f3e7d6987155bd599612a28d14363c91b1262a57fadf0bb7f406

      Download Submit

    • memory/1948-230-0x0000000074FA0000-0x0000000075218000-memory.dmp

      Filesize

      2.5MB

      Download

    • memory/1948-412-0x0000000000AF0000-0x0000000000B27000-memory.dmp

      Filesize

      220KB

      Download

    • memory/1948-203-0x0000000074FA0000-0x0000000075218000-memory.dmp

      Filesize

      2.5MB

      Download

    • memory/1948-202-0x0000000000AF0000-0x0000000000B27000-memory.dmp

      Filesize

      220KB

      Download

    • memory/4016-279-0x0000017341070000-0x000001734107E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/4016-280-0x000001735B590000-0x000001735B59A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4016-281-0x000001735B5C0000-0x000001735B5C8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/4016-282-0x000001735B830000-0x000001735BA79000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/4164-413-0x0000000000CE0000-0x0000000000F4B000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/4164-201-0x0000000000CE0000-0x0000000000F4B000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/4164-0-0x0000000000CE0000-0x0000000000F4B000-memory.dmp

      Filesize

      2.4MB

      Download