Overview

overview

6

Static

static

1

MicrosoftE...up.exe

windows7-x64

6

MicrosoftE...up.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-11-2024 09:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MicrosoftEdgeSetup.exe

  • Size

    1.6MB

  • MD5

    66a907805fd6088b0015b4c3070b29c5

  • SHA1

    f959441fe010e521b6f9b931775e64faa592744d

  • SHA256

    22c466b14b52daa11ba0590580af7b1a9150d024ce76313c75f86ecd6850bb0d

  • SHA512

    b5c250907cf04e5d6e481c97ae33c49d052193df8b5a4579c76dc1236e96ebd109f1cbc4f81089f7551b9fb8fa8df32b3264f77782d083386f60db506582db42

  • SSDEEP

    49152:piEf3nHwPrSzBVf0mtw+gGTU3YRzA1izx18nMl:piOG2zBJ0c9RE102nY

Score
6/10
adwarediscoveryevasionpersistenceprivilege_escalationspywarestealertrojan

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Checks computer location settings 2 TTPs 7 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks system information in the registry 2 TTPs 12 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • Executes dropped EXE 50 IoCs
  • Loads dropped DLL 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 43 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 5 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&usagestats=0"
      2⤵
      • Event Triggered Execution: Image File Execution Options Injection
      • Checks computer location settings
      • Checks system information in the registry
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1820
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        PID:1812
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:3684
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies registry class
          PID:3736
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies registry class
          PID:3464
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies registry class
          PID:2512
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEU0M0IzNTItRkJFRC00OEM3LTkxRjItRUMzQjBDQjkyRUQ0fSIgdXNlcmlkPSJ7MTc2MzlFMEUtMTc2My00Qjg5LTk2NTMtNjMwQzZEM0E2MUJGfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezU2NjA5MzRGLTBEN0QtNEVBRC04RDEzLTNBMjBDMzk4MUEwM30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xOTUuMzEiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ3OTI5NzI1NjAiIGluc3RhbGxfdGltZV9tcz0iODI4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
        3⤵
        • Checks system information in the registry
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        PID:2444
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&usagestats=0" /installsource taggedmi /sessionid "{8E43B352-FBED-48C7-91F2-EC3B0CB92ED4}"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:4236
  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
    1⤵
    • Checks system information in the registry
    • Executes dropped EXE
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    • Suspicious use of WriteProcessMemory
    PID:4384
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEU0M0IzNTItRkJFRC00OEM3LTkxRjItRUMzQjBDQjkyRUQ0fSIgdXNlcmlkPSJ7MTc2MzlFMEUtMTc2My00Qjg5LTk2NTMtNjMwQzZEM0E2MUJGfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MDE2QzgxMEUtQkUyNy00RDlFLTk5ODgtN0FEREEzMUEyMTNEfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O2xoVmkxMlFjazZTbDB1VTFPQjZZMTUyOWJSNmJzZXk0K2N1N2RIeHM2Y2s9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIzNiIgaW5zdGFsbGRhdGV0aW1lPSIxNzI4MjkzNTMzIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNzI3NjYxMjM4MDMwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDc5NzM0Nzg0MyIvPjwvYXBwPjwvcmVxdWVzdD4
      2⤵
      • Checks system information in the registry
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      PID:1992
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1231F16-1158-4800-8524-0BC24DED8D35}\MicrosoftEdge_X64_130.0.2849.80.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1231F16-1158-4800-8524-0BC24DED8D35}\MicrosoftEdge_X64_130.0.2849.80.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1464
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1231F16-1158-4800-8524-0BC24DED8D35}\EDGEMITMP_15DA5.tmp\setup.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1231F16-1158-4800-8524-0BC24DED8D35}\EDGEMITMP_15DA5.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1231F16-1158-4800-8524-0BC24DED8D35}\MicrosoftEdge_X64_130.0.2849.80.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
        3⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Installs/modifies Browser Helper Object
        • Checks computer location settings
        • Drops file in Program Files directory
        • Executes dropped EXE
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        • System policy modification
        PID:1044
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1231F16-1158-4800-8524-0BC24DED8D35}\EDGEMITMP_15DA5.tmp\setup.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1231F16-1158-4800-8524-0BC24DED8D35}\EDGEMITMP_15DA5.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1231F16-1158-4800-8524-0BC24DED8D35}\EDGEMITMP_15DA5.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff77b59d730,0x7ff77b59d73c,0x7ff77b59d748
          4⤵
          • Executes dropped EXE
          PID:440
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1231F16-1158-4800-8524-0BC24DED8D35}\EDGEMITMP_15DA5.tmp\setup.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1231F16-1158-4800-8524-0BC24DED8D35}\EDGEMITMP_15DA5.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:2464
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1231F16-1158-4800-8524-0BC24DED8D35}\EDGEMITMP_15DA5.tmp\setup.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1231F16-1158-4800-8524-0BC24DED8D35}\EDGEMITMP_15DA5.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E1231F16-1158-4800-8524-0BC24DED8D35}\EDGEMITMP_15DA5.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff77b59d730,0x7ff77b59d73c,0x7ff77b59d748
            5⤵
            • Executes dropped EXE
            PID:2304
        • C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3496
          • C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff66624d730,0x7ff66624d73c,0x7ff66624d748
            5⤵
            • Executes dropped EXE
            PID:5092
        • C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
          4⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:1204
          • C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff66624d730,0x7ff66624d73c,0x7ff66624d748
            5⤵
            • Executes dropped EXE
            PID:776
        • C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
          4⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:4332
          • C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff66624d730,0x7ff66624d73c,0x7ff66624d748
            5⤵
            • Executes dropped EXE
            PID:1284
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEU0M0IzNTItRkJFRC00OEM3LTkxRjItRUMzQjBDQjkyRUQ0fSIgdXNlcmlkPSJ7MTc2MzlFMEUtMTc2My00Qjg5LTk2NTMtNjMwQzZEM0E2MUJGfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0Q5NzRGRjYwLTJDRkItNDFDOC1BOUZDLTFDQkY1RTg2Q0E0N30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzAuMC4yODQ5LjgwIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzcyNzY5ODkyMTAxNTEyMCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0ODAzNDQxMzM0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDgwMzU5NzU5NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUxNDEyNTQyNDYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzI3Y2I3MjlkLWZmOTQtNGQzNC1hYWU0LTMzODVmYTA5YzQ0Yz9QMT0xNzMyMDkzNTIzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUJTYVMzMjRCNXZWTU5HdlVhRmxiRVpwc285blluT3FXRHcyU09WTkxMcW9XJTJiNlg3R2xsJTJiQmVPUlJsJTJiaFdzJTJickpDekpRZVZjVjNHS3MlMmZxVE56c0lxUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3NTA3NjkyMCIgdG90YWw9IjE3NTA3NjkyMCIgZG93bmxvYWRfdGltZV9tcz0iMjc0MDYiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTQxNzIyNjMwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTE1NTE2MDIxMiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTc3NjA5NzQ2NiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjI2NSIgZG93bmxvYWRfdGltZV9tcz0iMzM3OTciIGRvd25sb2FkZWQ9IjE3NTA3NjkyMCIgdG90YWw9IjE3NTA3NjkyMCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNjIwNjIiLz48L2FwcD48L3JlcXVlc3Q-
      2⤵
      • Checks system information in the registry
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • System Network Configuration Discovery: Internet Connection Discovery
      PID:1636
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
    1⤵
      PID:4568
    • C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe
      "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub prelaunch
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3564
    • C:\Windows\system32\wwahost.exe
      "C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4740
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-installer
      1⤵
      • Checks computer location settings
      • Checks system information in the registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:1952
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x254,0x258,0x25c,0x250,0x264,0x7fffac484dc0,0x7fffac484dcc,0x7fffac484dd8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1896
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2208,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=2204 /prefetch:2
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:876
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1948,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:3
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1132
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --field-trial-handle=2576,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=2732 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3912
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations=is-enterprise-managed=no --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3612,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=3676 /prefetch:1
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1052
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations=is-enterprise-managed=no --instant-process --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3620,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=3692 /prefetch:1
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4192
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations=is-enterprise-managed=no --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4696,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=4724 /prefetch:2
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4960
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5288,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=5268 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5344
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4348,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5648
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4896,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=4904 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:6080
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4756,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=5648 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5448
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5552,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5652
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=5952,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=5960 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5744
      • C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\identity_helper.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6036,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=6052 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:5352
      • C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\identity_helper.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6036,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=6052 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5416
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6556,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=6560 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5608
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6728,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=6740 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5304
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6780,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=6620 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5964
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6972,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=6872 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:6064
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6876,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=6760 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:6136
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=7156,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=7164 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:1360
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=7160,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:6040
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=6968,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=7096 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:6092
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4760,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:5900
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4844,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=588 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:5852
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --field-trial-handle=4832,i,1411458319043930338,3481153028484379084,262144 --variations-seed-version --mojo-platform-channel-handle=4736 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:5872
    • C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4492

    Network

    MITRE ATT&CK Enterprise v15

    Reconnaissance

    Resource Development

    Initial Access

    Execution

    Persistence

    Boot or Logon Autostart Execution

    1
    T1547

    Active Setup

    1
    T1547.014

    Browser Extensions

    1
    T1176

    Event Triggered Execution

    2
    T1546

    Component Object Model Hijacking

    1
    T1546.015

    Image File Execution Options Injection

    1
    T1546.012

    Privilege Escalation

    Boot or Logon Autostart Execution

    1
    T1547

    Active Setup

    1
    T1547.014

    Event Triggered Execution

    2
    T1546

    Component Object Model Hijacking

    1
    T1546.015

    Image File Execution Options Injection

    1
    T1546.012

    Defense Evasion

    Modify Registry

    4
    T1112

    Credential Access

    Credentials from Password Stores

    1
    T1555

    Credentials from Web Browsers

    1
    T1555.003

    Unsecured Credentials

    1
    T1552

    Credentials In Files

    1
    T1552.001

    Discovery

    Browser Information Discovery

    1
    T1217

    Query Registry

    5
    T1012

    System Information Discovery

    5
    T1082

    System Location Discovery

    1
    T1614

    System Language Discovery

    1
    T1614.001

    System Network Configuration Discovery

    1
    T1016

    Internet Connection Discovery

    1
    T1016.001

    Lateral Movement

    Collection

    Data from Local System

    1
    T1005

    Command and Control

    Exfiltration

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Installer\setup.exe
      Filesize

      6.5MB

      MD5

      b621cf9d3506d2cd18dc516d9570cd9c

      SHA1

      f90ed12727015e78f07692cbcd9e3c0999a03c3a

      SHA256

      64050839b4a6f27d896e1194e902a2f7a3c1cab0ef864b558ab77f1be25145d6

      SHA512

      167c73cf457689f8ba031015c1e411545550f602919c35aff6fd4d602bd591d34e8c12887a946902b798bf4cf98aadfce3c2de810bf16c7c24a216bfd8abec19

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\EdgeUpdate.dat
      Filesize

      12KB

      MD5

      369bbc37cff290adb8963dc5e518b9b8

      SHA1

      de0ef569f7ef55032e4b18d3a03542cc2bbac191

      SHA256

      3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

      SHA512

      4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\MicrosoftEdgeComRegisterShellARM64.exe
      Filesize

      182KB

      MD5

      1723c5e707061e59d769c492a95d5083

      SHA1

      3b535b7a0df2f7a4ab5e531956dad9892adfb5e9

      SHA256

      e97ab6dc0ed865aa8606f5c113fd62170341d1a3d63d5618f233aea969ec49ab

      SHA512

      a4e3bd9ec331a27338c123a9a3ae23619fc5a5b80fc9aea38d23d3b82ca015f47669e0f3e1a6f98e7f464e6bc21e92723a04f72805e45e0dfc81540a2d299a8a

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\MicrosoftEdgeUpdate.exe
      Filesize

      201KB

      MD5

      35a79bd6de650d2c0988674344bf698b

      SHA1

      a0635c38472f8cc0641ceb39c148383619d221dd

      SHA256

      a79a81da2b8dcbe39609a9e1b4e8c81ae0bc54195c0c854b77bebe7bfa7f10c1

      SHA512

      afe33d38785afe489845654ba1c3ed6648b36b1ebe5f98b3d5d4bf24eba3af9bb6676af5a79d2ec570bf2b4b6ae40d14fc3d4b872c5d4577aea40f6d1a26c0cf

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
      Filesize

      215KB

      MD5

      c55b37823a672c86bc19099633640eab

      SHA1

      da5e15d773c794f8b21195e7ad012e0ed1bceb72

      SHA256

      3df9cd2fecf10e65be13d4b61ca0a9185845f2cb04b872adeaf41ca46af39aa0

      SHA512

      1252c3fde4aa4ce239103e8df7224afce093a2cbe539bd40347601980a314ea3326ea6ce4c1ebc845c125845969ad65ebca319b9df35a809ef871bad14aaf33d

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\MicrosoftEdgeUpdateCore.exe
      Filesize

      262KB

      MD5

      dd30f3ff486b830211df62d20348f86f

      SHA1

      08c7d7407dee7ed20b50e8f1a2cb1b08a9282dbf

      SHA256

      9d57bdc8b97e75f8a04b93a1657dfd18d4e2f68607783c9bca42140233978fa7

      SHA512

      af3b48ced7018c7edeabdfa998e51356d57c2d7a846c76629fed0ff2e5db8db79041184c58a5a67a10ec627f53af8e3c80bbffacaecf5dae6d989cecb82e72e4

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\NOTICE.TXT
      Filesize

      4KB

      MD5

      6dd5bf0743f2366a0bdd37e302783bcd

      SHA1

      e5ff6e044c40c02b1fc78304804fe1f993fed2e6

      SHA256

      91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

      SHA512

      f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdate.dll
      Filesize

      2.1MB

      MD5

      39ac5a029f87748e964491b97936d890

      SHA1

      24777aad794a13d0e7381fc6f32f0e1bcdb1ba80

      SHA256

      ba861524fe648ccb47b7ac57421bb07a6231a7aab5eaea332548511cce6185bc

      SHA512

      2ecb9b208846f84cd37f37d2100f26358d6c37128efc4010b2e7efc10202dc37b621d0c0138a8b76b23d968da324c685a41b44f4ae30cbbe243581f1904e14c6

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_af.dll
      Filesize

      29KB

      MD5

      2a9524cf8afae49394379d9d9be69206

      SHA1

      e43d4146f8abebbb30831fbd39a39846bfb7eeef

      SHA256

      e5a08731963e681b6386c4e85c16bc98452ebc13c4a7de3ff6979125c609d5f0

      SHA512

      a0111589960cbdcb10b55c17aa82555e44f0f0f173ebad09de6364881138cb35280596f1de6d86b31044427445575630c22079c3585e34729ce461599b8979b1

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_am.dll
      Filesize

      24KB

      MD5

      1903bc250fc269e79c9f7aada2979aff

      SHA1

      efbf76b1259217c02c138078c56f36b2cb8543ab

      SHA256

      228fa3e2fcacc78111a8152d6862de2302c024e81cc8b5e3f16e31caf96cfd04

      SHA512

      9db527c2e26ef691c089f5d1d010298e0f47e2e0420fba03ed18c7c2793b92c5860240b214b5233dddbc150413a2649e9cf4823239b9831930c2804b143ab538

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_ar.dll
      Filesize

      26KB

      MD5

      b4c28669b9d4e56b094af6062f4db065

      SHA1

      4c492c03138c8a796cf0673866892b9e0c2073ec

      SHA256

      7fe494dd265f99f330b153ef69c51c0541016755ca1876788f7f0ede78f9cedb

      SHA512

      35941ab6f2dcf5f60824d172f75f9f7b8b93e65c7bd8bc441fc32e49cbb414a68d65a02e3479b096f728b2a34d3e85dfd868e8bf95ff9b1a57d10adc3da0022a

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_as.dll
      Filesize

      29KB

      MD5

      16b0c8a664626da016a95fb46fdc9c0e

      SHA1

      c674b635cd8927511825847f3d86a5562b4155d7

      SHA256

      b059fc9713d3a41e9a83f0d61f8cce29546d3759def0a7b8e162a13915e51255

      SHA512

      ec39269fbd9e510d10d665c86b8a8161208b74f919e4fd128e365144d71f2b59d3c48c50b8f017b1d30c711ee4f63668f843539957b4643d2a488c9e17290e75

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_az.dll
      Filesize

      29KB

      MD5

      bf510bb9b7639af7da969f77620b480f

      SHA1

      17a6693a5d6aea1f3fa6f34abc46daf558cac645

      SHA256

      2507da222cf6c6dd608da9b569f89f8e11c47b6e16134c767cdc23b7c1f56bd3

      SHA512

      6cebe80005cb7759ee4fd8dd9ca41bdd073c01e969e1ebe03cb07616921e50516974019faacc2f9dcaaccdc0044eaae57a6a94f3a4a4ce044a781cd8091478a7

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_bg.dll
      Filesize

      29KB

      MD5

      4b23c7229eb43740744cfbf48c4242ca

      SHA1

      4938dcf6239e14db53c8f085d3c477905a9986af

      SHA256

      a7527b867ebc222114b679b2ac542cdc46a75f8bc24e5ca8b7ebc17b7a2963c2

      SHA512

      4bd8ed0ecacd3f2c69dcd0789ab8ee10dcfd6144b019dd8858c2234bebddfe42c83037fb8e2f934f3320f58796683bed5ab050ba897ba1fa409b6df60f02ec53

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_bn-IN.dll
      Filesize

      29KB

      MD5

      1e038b27661b303e15a39a55305e86bb

      SHA1

      35b48fe72d50406063f9145fea64c57f205f0084

      SHA256

      385665137d0dfee16ed8ef2da5ce28d826d210eb2bde1fa4ef13dac50e4b5364

      SHA512

      13fcfde6923b38acc2cfa530087d13725a2cabdd2e771d503f4d2f5cff93e8744f142e235dd484244d920d80cb3e7cecbbd731b473f6e509edb39159c51e9465

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_bn.dll
      Filesize

      29KB

      MD5

      9afe531b6472cf9eb66028e9638584bb

      SHA1

      6212292867bd59fe376e79988c07f4db8ad26cdc

      SHA256

      383754fc147dc6ef5f1edd14b60bab6bebf32639dfea718aaa64b2b65ac98812

      SHA512

      352bec509ccd3ad15a274ddd3ccea43b76eaed885b0e7722235abd95aab8fec1c645722765d76865c1b32ed422a10e6666f220e3abcc5a24268ba94c5cc6b8d8

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_bs.dll
      Filesize

      29KB

      MD5

      5e06d311c2e24b94f378c4d3b3deb260

      SHA1

      ef7df63f63746eb197c21694ebb21cfb86c0b2b8

      SHA256

      d2052450e3a3272b302d80af9f2c46b766153267100bc902dcf03a78ec609b65

      SHA512

      8d73b5265735aa19116cf41bb8d2bdacde5b22b286a56af58068f9579b631b044c155e625f6e1fda12e505f621f245faebe126c2557dd2ec873d7d980f8ba552

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
      Filesize

      30KB

      MD5

      afdafc9f56401b662f42cef830d92b38

      SHA1

      b56966370ec07cd676e35d93fad001e0f6b3fb8a

      SHA256

      03d7a1c0d8810df4b908fcc40c8491df0e3ce19db8ee22e6be79d02fd9df8f72

      SHA512

      884f9cd99785ea91c5c8e26200bbf0b010ff278b52c5ac590cb73712321a9cdb645e5448bf4cf62622cdb06543b8de4a8e6956a2f6b6677c0b9befb35589d8b0

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_ca.dll
      Filesize

      30KB

      MD5

      15ee7526536790bf77317975896542f9

      SHA1

      365bc54203b490daa0e24a1c9813d5d99c9de720

      SHA256

      5e2349af6e02da1c5d18f1b3235fc5099229d2d99e1c5cf2713c21472c151f8e

      SHA512

      475fd9c0879c8cbc418a66441e3dc026fca983327a95763eddd1537c1f44fdf272d212c69e1b06aad55d91c68379a2beafb2908659d58a61c740731a7d047406

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_cs.dll
      Filesize

      28KB

      MD5

      8eff4531519a4b768005b9411d4a5f9c

      SHA1

      59b354e3f32f0a0da8755c27b903803994f4aa31

      SHA256

      2e9a230a8b8a7fa437a28e2115ebf01178f3209fc0d61eb90160f49c11a16cb0

      SHA512

      4426ae1e2937e1f6c7364d2f437aeb83d834f9997d28cb1ffb07fe1c448dd954083aa822ff439c886249a387823a23245640a0425dd8c42b75b73912733f11ee

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_cy.dll
      Filesize

      28KB

      MD5

      11b92ae8fe94c784480d465a37935766

      SHA1

      f4ead29d4b20c57bb0e4d16a7488784f61a25972

      SHA256

      571b0cf8b0383e33393b8b8fa79d1632688ffc2bdde794fff62c85f5e1a3f161

      SHA512

      b636dec2e1d48916d0c83d2fe45eb24d826c027455cf22ec78e013166e59fbdb4780ebe69de3ab4b5730dae03652d253890917f53fc835aa73f9f75b01dc4f23

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_da.dll
      Filesize

      29KB

      MD5

      19a7aee0daf68fdc1a24e3228a8bf439

      SHA1

      1fc6ce227a11245787c80f3932e2c311de2d44bb

      SHA256

      409cce12be8b7a86313bd1d9e3c6d9154cf0c5735db61d94852a128a746dab99

      SHA512

      0051119311316d29dbc13ace84c24283aa2eaf1d46459c81ba7b31cc6178b43165618fd7bec17de698b1431ef2b33be179c2c8b1537c1000aadf849e2c888c84

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_de.dll
      Filesize

      31KB

      MD5

      ce66ef1a806c21949b75055f81cac760

      SHA1

      3719e4af114a3c0baceb133d152a02bc6a1fb9f8

      SHA256

      23f5414d554b96db0b93c7dbe27939d294b8061e56c19ab74d59fe9135e81c8f

      SHA512

      04d9575c866ac28db490a291be3da41f884d3ceadbc9b7077776ea7deb1819277aadcf9c9e1b5afede3e90bafbcb00e6ef0840166228d153be7e8d8d53975593

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_el.dll
      Filesize

      31KB

      MD5

      09cf47260852ff7b2c91c65d127b9314

      SHA1

      b3d362f3d08f81bd1b719a1c94b54f5f9c9610da

      SHA256

      eb4344676280f83e6023ddc604ffa42e96eb46e765a216fbc5ecbe49ddb3c920

      SHA512

      114a21296d8e7e054906139102617e6cd6008337a0877053721553cfed10183f54f890c8071b1cea17bd0b2535589af7aafe5bd1d161886ad7363f89919d7300

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_en-GB.dll
      Filesize

      27KB

      MD5

      39dc20ae50a0e2ba9c55dda91256b3cc

      SHA1

      464139f11db3fd6ae77502b183c4b59f581d6c7a

      SHA256

      e1891a155be133e6dd82cab3f9437bb7f047f0f80689ca724ca4d1d90d1fef14

      SHA512

      08b8e19528ff007b904f55872935e0de9e06e7cbcb3f3ed751264e3e20a740b477b55c818bf2b0ed213c4ed9cbaba0c8953c19f427be3e8ab8f50c9c86a74bf4

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_en.dll
      Filesize

      27KB

      MD5

      894b6ea4b49fa390bd70167a75f3ff7b

      SHA1

      4f834ef6567d02f28390d63c8ca9fd3c735b2140

      SHA256

      a8dc2b1e32d8d3d2c321c469eed3329f7661f4fc71d14696f97106b5aa6c532a

      SHA512

      9b4fcbd07dc7f65c34575aaabb7a517198739f7268133f084b101edf99f0b96387f3f0248de1be5252b2466db0bc59036d40e3990d4264bfab89aa01aace7ea6

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_es-419.dll
      Filesize

      29KB

      MD5

      bcafbabbfc8f810220b2ebdbb8a76d19

      SHA1

      58703c8355f996f2ce8ae5fd1ce4dc29318fd414

      SHA256

      7fef9c85b5d7dadf344ff39d82794ed252066cceb2b6531be2a45ee3d84844b7

      SHA512

      b02820c3088ceae9ebf19ede77e3a406483a3dc13c030860d3818e6e8a163e9f54293fd058ec9575c196d12f1465211ab7feff145faf684be6a8cc251d1c0d71

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_es.dll
      Filesize

      29KB

      MD5

      3ccb8eab53a0b4c93507bf2adff6ced5

      SHA1

      25fa2435e97bd0e1cf986a882ce33e68f961c139

      SHA256

      8bcbd325374a8cc5c1c7ea774382515316473c200baec86a65ae21073fae33b0

      SHA512

      4f443ded84d74e150a0be3c32edc734ca01298817933a7b1f0e5c5cd93f26987f051c4c306848301e688b9334d134a12bcdcc0ceabe1fcaaca5c4d307c697bfd

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_et.dll
      Filesize

      28KB

      MD5

      6b03eb5b302e72727977f2431ea7f30d

      SHA1

      ac5cab93d3c28e46f92d2719638c739c680cc452

      SHA256

      b5b51fe000e0e0ce42e8dbaf4b8343a5411e2e99440726c747196a02ed736137

      SHA512

      362e94f79b7726b277cc90c5158d3cc5a0a890bf32e11707f9901233414b3ff22816df78276afa67f0122fc7d6fc2d09dbb1fd8602e3a01f807f93b9423bb463

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_eu.dll
      Filesize

      29KB

      MD5

      ed883bbd9e4b3de4db68e356707f3e67

      SHA1

      e03dde660c15a614442552f8c4d2cc5dd8425fc1

      SHA256

      168eb27052a559561af3ed650bc170eb471e53f05b9065f0e229672d040ae1c7

      SHA512

      ae48fe344b2644380e56a95d98aeb0ffeff7ddf0c914f5d14ef518a4d40bb090fee9a7fd30f7178524bcdec1a2d8fc870b4b40d5d8437e3f2577320262236126

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_fa.dll
      Filesize

      28KB

      MD5

      ba417f44f7564f1aca70cca9166f3f44

      SHA1

      d8f064e25038e0076bffcd1a694b58063b7268d7

      SHA256

      56632098f623cbb58fadddc5c7a889fbc91954f661078501e62517709b8ba703

      SHA512

      c35ba956e92a2298268bb6ee7a753d6b7f94bdec96118c834f028a0fa45f18b67302b0e20a26d948d1720b04461d3074ae30003bb9028790d9d2d63cb80f4467

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_fi.dll
      Filesize

      28KB

      MD5

      7f47c9b9bc9488754579935209291c55

      SHA1

      470e590c6f5263a44b95abbd6d0c158fae326d21

      SHA256

      f0d8c44d909aed479b3e770b556eb3792c0d3ce247defff953a4dd9f7ce4cc75

      SHA512

      6f81ddd06f6a1c796bbf21143737bfeed8f9ca0ace82a4de00ccf79d7288586376439e0564f1cb128e5e585eaba122d406af8c3a6e3969efdadfe0cf65c3ed4b

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_fil.dll
      Filesize

      29KB

      MD5

      20134024ed75deda002dc0839b352f84

      SHA1

      e67bbd13a320d2b4413b283e165385c44a65ea0d

      SHA256

      425e0834cb73365cf78a233a5b139e1897961e5225e9cc92ab365b3efbe30d76

      SHA512

      7dbab9a85d852546ab8c30b3452ab8b200874eb3aac0c862bdaf5c90cc882cec11de536851693f8f115706448e3323c66affbdd7e65257395baf24a0208dc537

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_fr-CA.dll
      Filesize

      30KB

      MD5

      08b6c8f26644370c6dcbee63e4abf884

      SHA1

      e4981733831c4d31715cad1749545d21dc29acf2

      SHA256

      916b52a362fddae79461d1d07ff01fd3bb4f7b8916b263d62572a8ad420946d8

      SHA512

      31f074e494a372a1b961fa9c053b561bae9e52182866a538a734b7589cad550a42b1d88649262a7d265226288084e5ba65e9e1d6d32ffd9292258a9f65e236a5

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_fr.dll
      Filesize

      30KB

      MD5

      cf3ff14718b5e6125b956d6d9e897196

      SHA1

      041de2587e03f6c52dba60e9d2459ce33b263eb9

      SHA256

      d75ece04e40e34beaaf50cce0fef63e52918b5939c9c267fbfd1e6cdcb2a82fa

      SHA512

      551ed975b1afdc75f464bb742c30f239f9d18aa99bf9140ec0620c938629868b38a952041288244b6e2387748c16546a8fe55a664a9903577b8e484856583ac4

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_ga.dll
      Filesize

      29KB

      MD5

      3ca8dfe9af49bdde95188002ebd5f227

      SHA1

      d18d7af889c4d03ea417c09bc56069f3f697c547

      SHA256

      6577e1a60f0fa340dcb70dcf625c877fc9502d122744782708ede0c53ceb56a5

      SHA512

      a61ba9baa6d0116b769c4add55aefc99a360bf85be7986ab099a424ff7a39ccee18d946128e74e39283629b52aa14821f36fe338c0e17de29694fff5138590be

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_gd.dll
      Filesize

      30KB

      MD5

      d64f47e1971f1e9faba211ca984e550c

      SHA1

      6f4de57c6f174dd778788b138a9b25cf4725258b

      SHA256

      75fd1c674a460dcdafbbc1429a4c30c9ac28e58527c6f0797c3706012ec19e00

      SHA512

      722c9f1e5d27d6ac678ca13aa648aa22aaf1121b835fad5209ce3e482471724cf4920390f51c8df2d31c66898def51ad76b0c119f4de831011b56afead2fef7e

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_gl.dll
      Filesize

      29KB

      MD5

      31276d0895baff6976c94c549efbb47d

      SHA1

      4f0fe790cecc28823e6359fb3b78dde13cc17681

      SHA256

      d3bf99db747f3e6a2d541ecab380244c0a33ceef8655383d54e2daff37dc9a88

      SHA512

      413958104046b85772d4a32550ae3a7a3a50eb66dc35966554123bd9dd15fc7a76fa7511f6d2ac666d8a205a9b58042f68e2322189c2b34d372db6b180b70da8

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_gu.dll
      Filesize

      29KB

      MD5

      bb4a1f9374f1c3e0cbc4788a3ce1d4c5

      SHA1

      30667d6dbaa689db9a08b42acacdf68435dac46e

      SHA256

      bdbd0882aba924075c40de48fcbbe951ea6a937c0b85541fd6f1fa5701b8e655

      SHA512

      d0a5260ae123d4698e2f62fdcf97a73aa038b69b200508948185bb5de5f5edb50d6859c9e6e21e84145ceebc144882d0ed5723ce1486e805c26737358ae77504

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_hi.dll
      Filesize

      29KB

      MD5

      274c267b7ee544d36698b2db119a6929

      SHA1

      27377267ddc09060254033c4aa9916a60a254956

      SHA256

      ac843711f010925cfdd60c396baafc3ead08584ed4b1b3df57b0c975cefd039f

      SHA512

      f9073912e9c314efe60f36dd9b2bdb4b1475aadde18e82bec971c447293a4f8dce46abe625bb9cec4dc48280fce3cf3d8175054b70b4e440e89a8c072f4a505a

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_hr.dll
      Filesize

      29KB

      MD5

      ca9abf92edc001d3c0cea4c926bd004c

      SHA1

      740513a325a5c15376f4b1aea402e9c54155ab33

      SHA256

      d6d9e064773b121fbf224252ef6c7d64f239d6b5013c119738a8240cc047e346

      SHA512

      7171143ee05b0e03bc936fbd98d3a37c3763bc244ffd8ae85e3229b85e13ec6262c3111b93b3a067f3d82f5fa6b6f691438c0e148efd14606cdf5a850e474a7c

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_hu.dll
      Filesize

      29KB

      MD5

      df2764d7bf9bbc6d4e96301c928566b5

      SHA1

      1f9adfed63fff6cd144515e8a7fbf8c4131d2f65

      SHA256

      3dcf3b4acc066674418e30239406abf59b85f9a00ba2a0aa7ca33036caee6514

      SHA512

      8c1eec6d813fe2266f0e03ce72f504f355f720e0112527fd411abd5e7fea05dd4bfa3ee9a878c882c16e8cd30224727eabc5ab38bd85cf146b21547ade988391

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_id.dll
      Filesize

      28KB

      MD5

      c80c6530280315158443cd04f89e9169

      SHA1

      fb87a9ff3696f0acceee6c8f1e4fb40795a8ae7d

      SHA256

      52957587efb4d995597541656f38e0edcd4545acfd92e3b81cc72578839021de

      SHA512

      bee22709e362ade03cf385c9b09d321923cc17a9e7c227fef7717da7405ea7bcc63e6f18b5e3e18e9dc19d5b0d9d4cb32c8548d9f16803959eb13b1189df9815

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_is.dll
      Filesize

      28KB

      MD5

      28064f47523b575c20fc85733cddf487

      SHA1

      0c5583888be256c8e09a396e333ad158b5f87553

      SHA256

      0752855a2e2a69e0f969af6c31102db513dbc390583f07d5df60746721ada58a

      SHA512

      d96656335024e0228a18148de4d27f354fdc90b62f977042ac20199714ef50bad271a83547d6c6823ec03422a9b598828fdc3b0f1ae81c760a57a2d1f2a543b7

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_it.dll
      Filesize

      30KB

      MD5

      0da1fde56fc0bf63e17a891e99f559f1

      SHA1

      131d18d7329be3ff21c78a3921b88e910a3d5a68

      SHA256

      ba936fcce39c889a3cb41569f18019d99429a13e7dbd909d9d26e540ea650dec

      SHA512

      67aa088ea8c01b11874537ae59c150645b61072e4f2134719e833ca0c4c3cab835cb9c51bff97582280870227d99cfb72f3a0d2069f2a9a86a7f7dbaf29ad2d2

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_iw.dll
      Filesize

      25KB

      MD5

      d92167a825c73bd6246483bfa1787c8c

      SHA1

      0a96d89226f1e694275922e5e2640bca3d7e7020

      SHA256

      d477fce0f7fbbe9cf86dbfb724e28c617c8c7c5bea664974593fbf0c032e8019

      SHA512

      12401ac374d3050f9540a3df6fae71ff8466ed3df2bf007b52eaddfea0d549601b5756477c141fd596bd19367ad30a607160957a8ad1818ff34e6da4125e530e

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_ja.dll
      Filesize

      24KB

      MD5

      0ff69dde83bf61a768bc63870d687747

      SHA1

      622714cb8eac68b79021800f28f5874aa23176b5

      SHA256

      3a3a4d24498f0f533a5f5e4f1364e7e2a1f348dac95f649951131185c64d7bc7

      SHA512

      e1300b6f2dd5df3385c06fb43de5aa246f3f1da942e26b86023663e07b12104f0e74b2749d4ef2dd60cabfc8eadfe5f131a8bb5ba8fffd6374f9cd4635b4bc53

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_ka.dll
      Filesize

      29KB

      MD5

      67eb1378381ad4d1a450bd26fe51f5e3

      SHA1

      ae0655d07a4d0b049ed258de646199f9004963ce

      SHA256

      b2ecba67a708b9fc75fc4574b72218f64517dea1aeb5ac26400ac554903cccf9

      SHA512

      1da5356bee3e18f9033b81927368eefb8f7a0742f7f02be9ddf0f3f309d9d4f1ceeb640acac341e504d54c0d0939f1da2bac27645adf404ed2ac48a2846a919d

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_kk.dll
      Filesize

      28KB

      MD5

      d9b956ec540d8b1e528d88d8c5e5fdaa

      SHA1

      bb967aeba493d9ac0b3889f7bbf9136614080331

      SHA256

      cf008a24b53f2d62516a2944b77fd9be17a4778c0ba1b83a09ef7e83c3cf3901

      SHA512

      d6d6171c95c07ddef12bc40a5fda756ed3870a06ff2434bdd7abe02407720bff01fab5eb1bafeb7d4b9b661fc364c39de4a9eab01ef39c6bdce6de58ce4c1a06

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_km.dll
      Filesize

      27KB

      MD5

      5ef433fe15a877e530ba0a044486f200

      SHA1

      db1deb37392e001353f5a098d8686a17fc156b40

      SHA256

      896549adb3d1a38d95e743490cf6f551cac876fa1afc4b07f8eb30ad4d853502

      SHA512

      97839850a49a09cbc416ba1e8e9570adfcacbfccb70903cf597ad8781c7c3d11fd07e2598dccb7e88da7617e44ca99c62dfb3404c0c2a467641d1a6dcd7e8e64

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_kn.dll
      Filesize

      29KB

      MD5

      1ee9fe48904cb43a9147bf16823b16f1

      SHA1

      19fd9c0a2a1d919340eefca7956bd84df467b737

      SHA256

      a65da5bd18d6ac28c45cd11f56f8b868af98e42a69def6199d61235f6fa3d71d

      SHA512

      b556dff94243eeeb8dfe2c185c67ba7359877b8c0161f8fbe9a37a7e7591b0c8242a0be09255b616ac4f5560a728f1780cf6971c826ee6214a1b28c16551bffc

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_ko.dll
      Filesize

      23KB

      MD5

      6c3abddca78cb3ba9f724bad9fed6165

      SHA1

      3114daf9295215bbeed0f4bb4e282b46ec1c74ae

      SHA256

      d47e586aacfa638aab5d681d8b4ce0b42f9d698e213817554b9d42441191d548

      SHA512

      b37b7c8d7d24ead85389ce445536ef4a68c43e2a55508801ab00e9bee2c2ef428d07eb30b62228d647508dc4f6b0d78b1b8edc25052eff0ec5a9ec87fdbcba1d

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_kok.dll
      Filesize

      28KB

      MD5

      f97d285a3ba35b1395d9868e15bce4f1

      SHA1

      154dfcb8646bdb02b618dddf8a0dc1cbdab2269a

      SHA256

      33506ad10fafd8a767afcdd93cab2d91999b4e6468771379d944ff4758c2f5e4

      SHA512

      bae3152e85cc5e8f96299e7d45be8a85e47ea1119fd4d8d2bcb038ce293dab6820e35bcfffc03c9596b95e716e40711c47682f0c71e308755dc71b4c20c57628

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_lb.dll
      Filesize

      30KB

      MD5

      9c7c3dec8769f8b33aab63a15f642d81

      SHA1

      41ab17373c388d005b6d39c3ffc9fd5aac1a75cb

      SHA256

      c088700c358cfad6bd692233e450b8f4836a30a457c7b047e67681c10aecf2f7

      SHA512

      86923405fdcb2ebbf9a2dff24847d55bf1cf39550f475b1268e7edf279269e317c09b638b06e29f4d30ba59fd606f4ab5787f7d09da5ae3c5572ad41f3b3fac8

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_lo.dll
      Filesize

      27KB

      MD5

      b0973b4e4407ea116a723bd7c39c1d45

      SHA1

      011e9126cf2fd3db3f0f810dc1d8e60891ef0695

      SHA256

      36e1ea95cd9663137ae49504980e00fbb311023c8f5f6f40f3cfe14a14ff183a

      SHA512

      574eb8426f774a7ccf860b4f0e324a2cc32581c9aecb834aa25c5f62946d15ef781a9f32feea8cd44e352d4878f3f6b8f097635bddb9df3bf2a443fecd0946e5

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_lt.dll
      Filesize

      28KB

      MD5

      883f3e1c963322852aa6ce7177ba11fd

      SHA1

      3da37835cb54a847e3fa2edec45c4589e2c31561

      SHA256

      c3e3bd953b1035bcb34db9077c41643a503aafeecf99afbc92c9e4326bc6fea5

      SHA512

      52e7eae669ce211be72ed62cddd43f926c8d581a28a5efc167d1bb9c7f132f40a000cec02c91cd81604ca9f1cbb61952a9da8d09044703a49309a4faf2ff2f25

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_lv.dll
      Filesize

      29KB

      MD5

      0edaf7aa97694524c60369256b17c9f8

      SHA1

      48a81d2c180b9dbb970dfc381b204c3e0bf11532

      SHA256

      74b7ff57e79ee2685709678d55a4b4b414f3fdf77ab1783c0ded0196a126c0fe

      SHA512

      de1ec10ba23b7f76dae78b6a98a3eee6df1eea424aa9a4800b70ee7b185e5c6a0dd30d0dc950bf7b37a9c07fd7614652258cdccd64413c49647b42351e02e90e

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_mi.dll
      Filesize

      28KB

      MD5

      6e072740c5627ebe87c145120bae017a

      SHA1

      471d9a05568b542484f8cc06ccdaa307d3a9aa34

      SHA256

      eb8d66977d14c532d42a8e6a25bb9fedd749b3fd4470301fb2ac750b3b030b2d

      SHA512

      3daeb9857230571fb7a7069c4b3e1f7c15bf3a3214f974de0be74eda8ae0ca33a72d53ad2fb34d35c7f39e12e0cd91f183a7638cadf66fadf8c869741a2f31bc

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_mk.dll
      Filesize

      29KB

      MD5

      fc7f6cab60b5f7162f0caaf42bc33a6a

      SHA1

      c120491f69b87858ac055de4ba79cb5450073697

      SHA256

      6925acdaea43d471b1e9c481dbdb7e5922df03bb451f8190d781520c585747bc

      SHA512

      c08ff3683fc6b909de93377688ff4b226e75c2eba1ccc10c94f2258aeed30f2ecb57889c9fd50e7a88c300a0b8ead56dddbe484cc7fab80e1bfbd70516b35dab

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_ml.dll
      Filesize

      31KB

      MD5

      cc9eb10aa9d38ea5d2d62a3fc9a21cde

      SHA1

      3522a988506ad5b5cc609ea02a18b5f75a06debb

      SHA256

      9f8112edd3397d50b8b835cba4bb2eafc4e5511cc91bd74d9ff585debc8879f8

      SHA512

      66bb6a341cb95f07ae875586d631fa09c68a920e54242fa5e36996f0c6fb2870e89fe1c959b785bf783884c967dfdd46b0e709a564b6bc911cdb73a66d193f63

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_mr.dll
      Filesize

      28KB

      MD5

      98557801fbb00d5db905372d82d24a56

      SHA1

      afb1d071a351f405846e7e3a8e7d2aff4330231b

      SHA256

      4ad659437305bd4fbbad9fc5a91ba8f70065bd79dd2d74aed154a343ea2d5033

      SHA512

      6d23fb21071f1ad9c86bfeceece4638b3014e8c0c2200697782524ff9e8170a7c1654edf1447d416536283ae3aa3dcaf3ff7a2fe89d51fca0ef89ccad352e7f3

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_ms.dll
      Filesize

      28KB

      MD5

      ee13eb4c7beab0558eeb86efdd526e91

      SHA1

      abf4b64085e504e9ae78c973c1db6f045b2cef40

      SHA256

      989f4e0e96de503a04e32265509c85331abe0887a3480f68f497f71ef9b53dd2

      SHA512

      08fce45e57598641f6bac45a51330ddcea38e7fa508df1ba488d636750264a59d3d32fda866ee0503c40beb3652bb8cd56449529eb4231c71f8d1f85e98bc5e0

      Download Submit

    • C:\Program Files (x86)\Microsoft\Temp\EU9C30.tmp\msedgeupdateres_mt.dll
      Filesize

      29KB

      MD5

      42c0d474b29703d20f0c992c494d0963

      SHA1

      441b3ddf8bae7e76e7a2cf7641af891f7110416a

      SHA256

      f35b475ee72722d6a128cbc90dd441486a4c0db6c6f4d65b7383ff71d458ce7a

      SHA512

      7a723059c52c3297c1bf0fd3ebf5e40129e7e3f85b38da590114a2a313f7da30b94a6f04b101033b61ac011487e56a0fa0a4c57d3f4bd51d688046b330754f46

      Download Submit

    • C:\Program Files\MsEdgeCrashpad\settings.dat
      Filesize

      280B

      MD5

      4f41367ff2cb7d50ec6ce4e55dce8b8b

      SHA1

      a9eb0fb0171ad8f3f23280a1f9667a095e34350b

      SHA256

      7bf98ef2ad1f16d74d71020704c7d82448886cc9d4ae9eb65cc68aea96b8302e

      SHA512

      d7743c16d927234179c9696325abd10e68ba05b4b4e61edc8640105b3db3093b4d56f06bf077fe886005b8ca90373207b3529fa2ea2d816e7e153abec8be7f91

      Download Submit

    • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
      Filesize

      81KB

      MD5

      9833da9c6879f31b3059cd8f3e80bd88

      SHA1

      4cf6aeaa2803b95b9dac29f48da25e2aeb120514

      SHA256

      cf52251cf0b89e0b79fe79198b8d3fa9c1cc8ff0cecc2e0e6f121de7248c53d3

      SHA512

      4764c740f24ad6b68f126e2dcd93041611eb2687f307fcc67e871a536760a9647b49b4787b7b1d1cfede9fe1f7414239695541b97a9b339866bc8fa7a14a6a1a

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
      Filesize

      280B

      MD5

      1271bd2e2f5065ec04bba693c2354cf4

      SHA1

      1e6dbfd31f50232c1be567e48ef74f527be65ebf

      SHA256

      9d500cdec6184f1c605a0d49e92edbe53ccbc4ee75e1478e606736fed619fb03

      SHA512

      2676ad5a9ad11f45bd9744d4cc8e47e626ae659aa042e62a7575b87b21e20409afb794b38bd6efe4949d84bec6b6efdbc10a2c208b44ff18ffd3b43d4d91ece3

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
      Filesize

      2KB

      MD5

      9288e47ca08e15116965030180cb3197

      SHA1

      45a66573a6a12b77c230927c8a70f237f88dacae

      SHA256

      7a47a6e041f65fe773b374e98dd6103009d94d89dfbc225bd0f58b1452249f60

      SHA512

      da8b4fb0c3274489724293b22cf5f62c107b67ad560c7be994a17aa31a158d28e78ed0c90e0e12df08dde7f74860202206d37bf992a72c3551361bfb50e52791

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\07281baa-fd25-42af-a7a9-201b191489af.tmp
      Filesize

      2B

      MD5

      99914b932bd37a50b983c5e7c90ae93b

      SHA1

      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

      SHA256

      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

      SHA512

      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT
      Filesize

      16B

      MD5

      46295cac801e5d4857d09837238a6394

      SHA1

      44e0fa1b517dbf802b18faf0785eeea6ac51594b

      SHA256

      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

      SHA512

      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js
      Filesize

      9KB

      MD5

      3d20584f7f6c8eac79e17cca4207fb79

      SHA1

      3c16dcc27ae52431c8cdd92fbaab0341524d3092

      SHA256

      0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

      SHA512

      315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
      Filesize

      2B

      MD5

      d751713988987e9331980363e24189ce

      SHA1

      97d170e1550eee4afc0af065b78cda302a97674c

      SHA256

      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

      SHA512

      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
      Filesize

      857B

      MD5

      a46fef026d042ab8dbdda9db6a8fa8c0

      SHA1

      1e286afe94c40c219edc04ad5fdd669d5baffff4

      SHA256

      8cc9a85773c9e8d9034d95921ec465624064f31a6f29310ac3dbe5c500283480

      SHA512

      dd46f49d14296bc5498886b2dc31784c5a80ec07e88a62938eac668cddd5558c7108b6202caca5875b36bc80a2d679863a4a9be588a6ec1337ed4f0932f00f0f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
      Filesize

      857B

      MD5

      be3432abe8f7c6a4a80ede1b70bdb900

      SHA1

      78a1f529ed3670450fe13256ba2b71325ab437ca

      SHA256

      627293cf13b43b84a54ea8aec24ee90a523aa95207903cf52d37ca4af92dcfd8

      SHA512

      00fe07c4a9310371c324dec0b8910fd6cef2df586dad063ebed58d382cc564ad2e56f1b6d8381ce5c9cf00e300861e9e1dde93529525b747aec8e65701bc773c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
      Filesize

      857B

      MD5

      bc8fad5011b4df4b7b2fe56870f1c5cd

      SHA1

      2967f46fe048fc7e60408283fa5e3be1bb4ce389

      SHA256

      657f3c281393761dcbdcdf5a374e00da65be7f71b5117dec5e8d4120c00648e7

      SHA512

      bc04d3fab8bba71b6eb9f4a2f442ce5d767d644dad743ac1f14dda88b627878e8f1af1b2dc4ff7e845db03081e41a6a798b5360b892bfc3584ff5519299570ff

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RFe597ebb.TMP
      Filesize

      857B

      MD5

      82e9775f2ce3d2bc588c185452c66879

      SHA1

      f3b4a804a15298d41aff75e93fd31b26062ce303

      SHA256

      2f46be338e46034794d98393ab81b23f057841e58fa96e7e45cc56f7be1b729a

      SHA512

      ab37a226284be96ac1d7b0c5be4f239c9b9773eda05ae3cc281886ac981251ca5f4caac1cb09ebfd634f123dd1adc54e8c1cf688b8e1860fa7d49a317a150d19

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
      Filesize

      17KB

      MD5

      455d031fd063218e3cb013d83b983b4d

      SHA1

      aaf751d2a00bf4a9ad63fbc7e6ad5fa09d51b43d

      SHA256

      fb6a86bbc8d6864742eee6df003fb24cc0cf66cda421896d0081290c92bb4452

      SHA512

      6bc0cddf578a47aa5af70d5f79ec5217f843e468f1ceb8eeeed56144c90df7ad48a0a9e9218d997039bfb36ea3f7e95d29ba0a9f432557a32a4c5d47a4577cff

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
      Filesize

      36KB

      MD5

      706f79c701b6340d96bb12afcb8d26aa

      SHA1

      75595732794bc46a489b7ca16428f639597d86b1

      SHA256

      d7cca9ca32093319876eb2ef0dc61d6d891fbd6089b4dc3cd7fa530fa24a2176

      SHA512

      7587530970ae1bcd61df6ca777a5c1063f27769335728218ca0359f7cd11cb89981cab55dc242c2057dd1028503fe12abbd7e173ff7ef3dbadd1162be3541da5

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5858eac8-aa35-4614-813b-42db4264209a\index
      Filesize

      24B

      MD5

      54cb446f628b2ea4a5bce5769910512e

      SHA1

      c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

      SHA256

      fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

      SHA512

      8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5858eac8-aa35-4614-813b-42db4264209a\index-dir\the-real-index
      Filesize

      2KB

      MD5

      02d9fc161c235d313dd66d9f5ded8382

      SHA1

      79e44fb6d504d631265847797a0b5c46b832e089

      SHA256

      5f7f0d1ceccfa4162cf9376024b9164092b60a7dc93b8151076f08ebb4d56e45

      SHA512

      f7808956f5198071e02d729c34d316be2bbfa608a65954ff37e158e0bf5be0ea3d7d96c4a5bf633c3170184f1be8b66809e9badfebb5b9eae2abf1b68d424268

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5858eac8-aa35-4614-813b-42db4264209a\index-dir\the-real-index~RFe5997e1.TMP
      Filesize

      48B

      MD5

      8f95ffb108e7ca9deaca6291332f8f64

      SHA1

      785b232289d8ed66cafc1b1b875def0026533a69

      SHA256

      aa1e7fadf563b9468f58d423a9962deda22c676e86e967451b43efda1b40a90c

      SHA512

      a1d6748ec32ea916779eee8d6da772ce7eb3a82398b45588ca927fa380e31dd68fff45fe493d9e80a0f94ec534353cc4b0e93f2872f0a538922551996838ec33

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5f2386ad-e173-4e6b-9588-e5d281b41831\index-dir\the-real-index
      Filesize

      72B

      MD5

      7284eeb1233a5fc009b3f518ecd9c17a

      SHA1

      49ac873460137d64343ab11aac200ed3616a382b

      SHA256

      3991156dce7e0426d62717fc15dd04e6b55b920ee20481eb14e7f97c636cef12

      SHA512

      98f2fa490dbae39e15ba2954df285c43522b1fe3d29d6bfaaddf2d7d35f6330655a1a997aa6f56a1ceea0d67aa218e1ad0c60e004f867f4b9eb10800a3deaac1

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5f2386ad-e173-4e6b-9588-e5d281b41831\index-dir\the-real-index~RFe598217.TMP
      Filesize

      48B

      MD5

      9bc5274f4f6a32b8e873b4a1f5b84092

      SHA1

      dd4d55ea82c1425682a8d06dc1505088e1c4643a

      SHA256

      7357674b29b6942240d3e8341d98b95b2e165eb7887e3ad75572f5963d837a3b

      SHA512

      a4f0720fc5c99a1db7777f67a37b7e352cf3edab6f76c4810b6671ce5774980ec7a38729be494bf25c822a92df4e4a6db3514b61bb91258851fa8448ab5f3d91

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
      Filesize

      192B

      MD5

      56b07a12843e21217b2e3d7e0abd34a6

      SHA1

      72b1ad1fd42c9befbd6500b2ad2925c48959931d

      SHA256

      eaa4618ffbb6ccbfd65c500c0bf3899cd988772ea8e896947eef4663c9364d35

      SHA512

      002b680437b5ab9ce04e774e7b148a8426cb5bd361732ae1d4b2422bc4972d4f1265e7a3e8a66c53c17bcfd188d557004e0e7643d3c1b87725fbde20626bef2d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
      Filesize

      257B

      MD5

      efd49edff214399daadb4e178cebc1ec

      SHA1

      6665d6708d42d22503428b546cb761e2fb146413

      SHA256

      c36de17fd07fef331f5fe8c77450c0a8bd821acbc4b0b3785db431f31688c261

      SHA512

      d4e72cdec24cbc40a7a87d9c68181802c82a6f54a9b01fe745c98bf1ff2053a12c39a216b937baff9fb42396b02ea19aa2ecbdffe651c0f57082233c39657901

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
      Filesize

      253B

      MD5

      1c4868df0b6a326dab460bd40c5cb4a4

      SHA1

      9fa16d5dc1987b9542fc01d54720c83ec7b7f35e

      SHA256

      6d67b4324dd6954aa9da2499f6babb4f14b398ab5e384825c49047783989f8b3

      SHA512

      cfee5b0cc027599b724e6f7863ea6f1084a172524f578c926cfa89b2e55c4d56db6ee1bc8616ccd7f02e9bc29816afc329415010612a07a256177512fc7a3f1a

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt~RFe59336a.TMP
      Filesize

      119B

      MD5

      0619ea99f4a897481a1665d8c9843089

      SHA1

      4c569a7ac9dcfafc8620f86e25ce30443efa3565

      SHA256

      09d6553f0f3a989a56ccd9a9d787ad278b16bce2a8548e3b4a4879d0f82f4a26

      SHA512

      286bb6e7f568e785a925558fec431a2978c98a382f91fd2cd10cf6617290c0b263d4942caeaf715b712adac9264f03b9ebf513e55610c4426d042597737b1a02

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
      Filesize

      41B

      MD5

      5af87dfd673ba2115e2fcf5cfdb727ab

      SHA1

      d5b5bbf396dc291274584ef71f444f420b6056f1

      SHA256

      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

      SHA512

      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
      Filesize

      72B

      MD5

      63527f80d697b6d8690328e23f2fe1c0

      SHA1

      57ccfcf92b6112fa56fc3a8e7e8f7f94a6875d16

      SHA256

      edba238135000a33081872377c269d60de98877490df32bac42cd4fec89a8cbe

      SHA512

      9d3610ab558f8f1be26ac6ed4e701515ad44f335a956438681c715c2baf5946fb67837dbcade3d1e07c6800107ca96796303c3ff3c5267d6e81fe681510f1a07

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5982f2.TMP
      Filesize

      48B

      MD5

      9cb46a7e1280bbdac211754806f1513d

      SHA1

      2023f9eca0fb8c6bd60a152c32efad12ce54e9db

      SHA256

      fccbe0e352b96520f35372fba5955aa67834381154cff49fa615cb31474c40c6

      SHA512

      3ebe1b45329ade7802263014d48f964aecc495a603511a1650a953fc53e5223fb1567b95fdd2edb02034cac6f5b9e7f83ee4d023992a759dcac1bab7aa81339f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
      Filesize

      1KB

      MD5

      1021c7712714aab0be60a9bf87607b7f

      SHA1

      6733f08a6b455ea2da038bc1412dfc30ac5553ed

      SHA256

      714938f5b1c0482524eab0872c4b031e84f426404c8f74f153455970e8ac33b2

      SHA512

      a7fd0a5eddb7212792553fe1562d4f8e980d729ea1e946efbaf14a4f533a11a885861b407fc2ba178bcd676d7bb5ed8c777b2f4df01764e064f8d0315222330f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0
      Filesize

      8KB

      MD5

      cf89d16bb9107c631daabf0c0ee58efb

      SHA1

      3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

      SHA256

      d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

      SHA512

      8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1
      Filesize

      264KB

      MD5

      d0d388f3865d0523e451d6ba0be34cc4

      SHA1

      8571c6a52aacc2747c048e3419e5657b74612995

      SHA256

      902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

      SHA512

      376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2
      Filesize

      8KB

      MD5

      0962291d6d367570bee5454721c17e11

      SHA1

      59d10a893ef321a706a9255176761366115bedcb

      SHA256

      ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

      SHA512

      f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3
      Filesize

      8KB

      MD5

      41876349cb12d6db992f1309f22df3f0

      SHA1

      5cf26b3420fc0302cd0a71e8d029739b8765be27

      SHA256

      e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

      SHA512

      e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
      Filesize

      4KB

      MD5

      bc306fd364089b653cb33ba470a608e3

      SHA1

      aaef9a97616bee164c4f308b2c8e305dd3c62925

      SHA256

      c3caa48297d11dc93289221e467dcd911778a9b5b4f9ea76cefbf819274a6788

      SHA512

      471cc43dcd7e03721331cb8423dc9d8f3692cde4971504f9639382ed904939491448a8c42b6befdd433ed121f339857268d9e74bf4a29ff357f7cdc6cf1cc281

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
      Filesize

      6KB

      MD5

      fbe51b3ab749dafb4406f05dc3f9f1fa

      SHA1

      fcbc46e5def3a01ddfb98bb81ea0466f5131f5aa

      SHA256

      aac0578c1eac3f2fab5ea03302acc40040b7a86998cc1ecf83adeaa828a61a17

      SHA512

      0805921bc0068cd8856d40f80d8b64e121829fdf6b072cd0a3c26fb3631e8fe8f79d4fcd6ebf9c0a4364efa784324baf88a012970e9c27e144ee66f19a0dc8ba

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
      Filesize

      5KB

      MD5

      324dad6e78012884320133c18103c347

      SHA1

      7ed135f114a8d0c0a1ac6dc29baf3bf6044c790b

      SHA256

      dd5ccb29b3c853878dea77d2c01729f3ef929a94ac407a277f46f4279b631ee4

      SHA512

      1c81a3b3a6df8cf57f8ec8222da3f5139af7c9e2ea83fd0f726b2c547d59026619bd3d03e308ec7df752cbb80e224866180dc712be8f6c00be8a85d7bb1eb19a

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
      Filesize

      6KB

      MD5

      c7b351cac9de9cdb0294885943780257

      SHA1

      487486e2cb5b9d09b05ab34a6acdb4d58b972f96

      SHA256

      c507f0aa589fe23e092d2c93329ed68c3d762d59feb7157bbe7ab2203c3ea6bc

      SHA512

      3c7c622690495e3f08ad8d43f8ebe39c2fff3768ece1881fc86934c51a817157c55d66bf5f9f6a87dd96247f1ce28f71ff1c4e44e23f780303c6184766801372

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
      Filesize

      27KB

      MD5

      f6391689b9a2ad073dfb112fa09a9c47

      SHA1

      d025331b8f7320564b99d29968d96ae284455d57

      SHA256

      10c102c7733cbbe7402714cbf242daea26c7bdcd699feab3f963d41cbf955d56

      SHA512

      2fb53285f11431d4e35229036fe572767c29a4588fd77cca86c23b994f4c512dffca29f5a2d6460691cdbc565167eb4b107219e94a499e7825b9fad089f9aaba

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
      Filesize

      2KB

      MD5

      91cedd2182c3aac93fccff059d01caf0

      SHA1

      ecd43ab358b9c07060b77bdbc1e32e341b465aac

      SHA256

      ec660c97c97e7c61c8797880dfcad2298c7e0b144d869ecb597c2a9c746147d8

      SHA512

      18b8b950e343be49e19611618179d89746f34cf6e21fca79195aef6161ee762e805188123101612a48c8cb0c14cdef6145b9fa842a95cb34daec97b6a7d5a616

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.html.~tmp
      Filesize

      104KB

      MD5

      effecce1b6868c8bd7950ef7b772038b

      SHA1

      695d5a07f59b4b72c5eca7be77d5b15ae7ae59b0

      SHA256

      003e619884dbc527e20f0aa8487daf5d7eed91d53ef6366a58c5493aaf1ce046

      SHA512

      2f129689181ffe6fff751a22d4130bb643c5868fa0e1a852c434fe6f7514e3f1e5e4048179679dec742ec505139439d98e6dcc74793c18008db36c800d728be2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\080b94ea-5c26-4b49-abfd-a2640afc6882.tmp
      Filesize

      132KB

      MD5

      da75bb05d10acc967eecaac040d3d733

      SHA1

      95c08e067df713af8992db113f7e9aec84f17181

      SHA256

      33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

      SHA512

      56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\7931e0db-cb21-4a83-9d24-6997199c71a9.tmp
      Filesize

      10KB

      MD5

      78e47dda17341bed7be45dccfd89ac87

      SHA1

      1afde30e46997452d11e4a2adbbf35cce7a1404f

      SHA256

      67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

      SHA512

      9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\b6d2477e-bf45-4131-a025-dcc8bad506e7.tmp
      Filesize

      1B

      MD5

      5058f1af8388633f609cadb75a75dc9d

      SHA1

      3a52ce780950d4d969792a2559cd519d7ee8c727

      SHA256

      cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

      SHA512

      0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

      Download Submit

    • memory/1820-407-0x0000000000210000-0x0000000000245000-memory.dmp

      Filesize

      212KB

      Download

    • memory/1820-221-0x0000000074CA0000-0x0000000074EC6000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/1820-193-0x0000000074CA0000-0x0000000074EC6000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/1820-192-0x0000000000210000-0x0000000000245000-memory.dmp

      Filesize

      212KB

      Download

    • memory/3564-271-0x000001A36D780000-0x000001A36D788000-memory.dmp

      Filesize

      32KB

      Download

    • memory/3564-272-0x000001A36DA00000-0x000001A36DC49000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/3564-270-0x000001A36D750000-0x000001A36D75A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3564-269-0x000001A36B230000-0x000001A36B23E000-memory.dmp

      Filesize

      56KB

      Download