Resubmissions
19-12-2024 08:32
241219-kfqvbsxmgl 1019-12-2024 08:29
241219-kd1azswrh1 1019-12-2024 08:22
241219-j9qkzsxkhl 1019-12-2024 08:18
241219-j7clcaxkbl 619-12-2024 08:10
241219-j2wf9swmgz 719-12-2024 07:51
241219-jqbbyswnbq 819-12-2024 07:46
241219-jlylpavray 3Analysis
-
max time kernel
1050s -
max time network
1050s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
19-12-2024 07:27
Static task
static1
Behavioral task
behavioral1
Sample
b28242123ed2cf6000f0aa036844bd29.dll
Resource
win10v2004-20241007-en
General
-
Target
b28242123ed2cf6000f0aa036844bd29.dll
-
Size
87KB
-
MD5
b28242123ed2cf6000f0aa036844bd29
-
SHA1
915f41a6c59ed743803ea0ddde08927ffd623586
-
SHA256
fd563cf7c0c862ab910cf558b5a123354b616e84902d277edf09f378ff6f9786
-
SHA512
08e5966ca90f08c18c582e6c67d71186a6f9c025fc9f78020e1ce202814de094171111b7f3623d81f7371acdf92206446f7c0425e08e8f5f5b6fd969007d9fca
-
SSDEEP
1536:0A1KsVHBnVJ0T1rFTQHUPx+nVP7ZSRILMZoXyqqEbzPCAdt6rFTc:0A1rVIrFTOUsnVP7sRILgAPCvrFTc
Malware Config
Signatures
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe -
Checks computer location settings 2 TTPs 4 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation Setup.exe Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation PcAppStore.exe Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation setup.exe -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 21 IoCs
pid Process 4536 Setup.exe 1528 nslD91.tmp 2028 PcAppStore.exe 1392 Watchdog.exe 4036 MicrosoftEdgeWebview2Setup.exe 1280 MicrosoftEdgeUpdate.exe 3832 MicrosoftEdgeUpdate.exe 3984 MicrosoftEdgeUpdate.exe 4888 MicrosoftEdgeUpdateComRegisterShell64.exe 3684 MicrosoftEdgeUpdateComRegisterShell64.exe 3904 MicrosoftEdgeUpdateComRegisterShell64.exe 4840 MicrosoftEdgeUpdate.exe 4412 MicrosoftEdgeUpdate.exe 2196 MicrosoftEdgeUpdate.exe 2688 MicrosoftEdgeUpdate.exe 4440 PcAppStore.exe 2472 MicrosoftEdge_X64_131.0.2903.99.exe 2624 setup.exe 2736 setup.exe 3892 PcAppStore.exe 1616 PcAppStore.exe -
Loads dropped DLL 36 IoCs
pid Process 4536 Setup.exe 4536 Setup.exe 4536 Setup.exe 4536 Setup.exe 4536 Setup.exe 4536 Setup.exe 4536 Setup.exe 4536 Setup.exe 4536 Setup.exe 4536 Setup.exe 4536 Setup.exe 1528 nslD91.tmp 1528 nslD91.tmp 1528 nslD91.tmp 1528 nslD91.tmp 1528 nslD91.tmp 1528 nslD91.tmp 1528 nslD91.tmp 1528 nslD91.tmp 1528 nslD91.tmp 1528 nslD91.tmp 1280 MicrosoftEdgeUpdate.exe 3832 MicrosoftEdgeUpdate.exe 3984 MicrosoftEdgeUpdate.exe 4888 MicrosoftEdgeUpdateComRegisterShell64.exe 3984 MicrosoftEdgeUpdate.exe 3684 MicrosoftEdgeUpdateComRegisterShell64.exe 3984 MicrosoftEdgeUpdate.exe 3904 MicrosoftEdgeUpdateComRegisterShell64.exe 3984 MicrosoftEdgeUpdate.exe 4840 MicrosoftEdgeUpdate.exe 4412 MicrosoftEdgeUpdate.exe 2196 MicrosoftEdgeUpdate.exe 2196 MicrosoftEdgeUpdate.exe 4412 MicrosoftEdgeUpdate.exe 2688 MicrosoftEdgeUpdate.exe -
Adds Run key to start application 2 TTPs 3 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCAppStore = "\"C:\\Users\\Admin\\PCAppStore\\PCAppStore.exe\" /init default" nslD91.tmp Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PcAppStoreUpdater = "\"C:\\Users\\Admin\\PCAppStore\\AutoUpdater.exe\" /i" nslD91.tmp Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Watchdog = "\"C:\\Users\\Admin\\PCAppStore\\Watchdog.exe\" /guid=F2CDB6FB-4AB8-4547-9F25-FAD1F7A44351X /rid=20241219074436.79241637796 /ver=fa.2001g" nslD91.tmp -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry 2 TTPs 8 IoCs
System information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Locales\sv.pak setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU1DCB.tmp\msedgeupdateres_ta.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Locales\ko.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\msedge_wer.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Locales\pl.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\msedge_elf.dll setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\wdag.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Locales\ga.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.99\identity_proxy\resources.pri setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.99\Locales\he.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.99\Locales\tt.pak setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU1DCB.tmp\MicrosoftEdgeUpdate.exe MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU1DCB.tmp\msedgeupdateres_ja.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Locales\ms.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\msedge.exe.sig setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.99\Trust Protection Lists\Mu\Other setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU1DCB.tmp\msedgeupdateres_fil.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\dxcompiler.dll setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Locales\qu.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\webview2_integration.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Locales\sq.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.99\Locales\am.pak setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU1DCB.tmp\msedgeupdateres_sr.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Locales\pt-BR.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\VisualElements\LogoDev.png setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.99\Locales\zh-CN.pak setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU1DCB.tmp\msedgeupdate.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\EBWebView\x64\EmbeddedBrowserWebView.dll setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Extensions\external_extensions.json setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Locales\ar.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.99\Trust Protection Lists\Sigma\Fingerprinting setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU1DCB.tmp\msedgeupdateres_bs.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\cookie_exporter.exe setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Locales\cs.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.99\VisualElements\LogoDev.png setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Locales\sk.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.99\Locales\el.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.99\Locales\or.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\vcruntime140.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.99\Locales\bg.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.99\Locales\cy.pak setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU1DCB.tmp\psmachine_64.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU1DCB.tmp\msedgeupdateres_fr-CA.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\identity_proxy\dev.identity_helper.exe.manifest setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Locales\gl.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Locales\lv.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\vccorlib140.dll setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU1DCB.tmp\MicrosoftEdgeUpdateBroker.exe MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU1DCB.tmp\msedgeupdateres_hu.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU1DCB.tmp\msedgeupdateres_ur.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\icudtl.dat setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\VisualElements\SmallLogoBeta.png setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Locales\fil.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.99\v8_context_snapshot.bin setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.99\VisualElements\LogoCanary.png setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.99\Locales\fr-CA.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.99\Locales\ug.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Locales\ka.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Locales\ta.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Trust Protection Lists\Sigma\Other setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.99\Locales\da.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\identity_proxy\dev.identity_helper.exe.manifest setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 4260 5032 WerFault.exe 83 -
System Location Discovery: System Language Discovery 1 TTPs 11 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nslD91.tmp Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeWebview2Setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 2688 MicrosoftEdgeUpdate.exe 4840 MicrosoftEdgeUpdate.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies data under HKEY_USERS 41 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{42580F9E-2678-4BB9-A2BC-F22A1D432A1A}\InprocHandler32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7931E4D-82F7-486C-9FFB-E44AB90B021F}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\Elevation MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.39\\msedgeupdate.dll,-3000" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\CLSID\ = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0\CLSID\ = "{B5977F34-9264-4AC3-9B31-1224827FF6E8}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CurVer\ = "MicrosoftEdgeUpdate.CoreMachineClass.1" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.39\\MicrosoftEdgeUpdateBroker.exe\"" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ = "Microsoft Edge Update CredentialDialog" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CurVer\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.Update3COMClassService" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\ProgID MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0\CLSID\ = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0\ = "Microsoft Edge Update Broker Class Factory" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\PROGID MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B} MicrosoftEdgeUpdateComRegisterShell64.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 700313.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 650702.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 46 IoCs
pid Process 3048 msedge.exe 3048 msedge.exe 440 msedge.exe 440 msedge.exe 3344 identity_helper.exe 3344 identity_helper.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 956 msedge.exe 956 msedge.exe 3840 msedge.exe 3840 msedge.exe 5072 msedge.exe 5072 msedge.exe 4536 Setup.exe 4536 Setup.exe 4536 Setup.exe 4536 Setup.exe 4536 Setup.exe 4536 Setup.exe 4536 Setup.exe 4536 Setup.exe 4536 Setup.exe 4536 Setup.exe 1528 nslD91.tmp 1528 nslD91.tmp 1528 nslD91.tmp 1528 nslD91.tmp 1528 nslD91.tmp 1528 nslD91.tmp 1528 nslD91.tmp 1528 nslD91.tmp 2028 PcAppStore.exe 2028 PcAppStore.exe 1392 Watchdog.exe 1392 Watchdog.exe 1280 MicrosoftEdgeUpdate.exe 1280 MicrosoftEdgeUpdate.exe 4440 PcAppStore.exe 4440 PcAppStore.exe 3892 PcAppStore.exe 3892 PcAppStore.exe 1616 PcAppStore.exe 1616 PcAppStore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2028 PcAppStore.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 52 IoCs
pid Process 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: 33 1232 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1232 AUDIODG.EXE Token: SeDebugPrivilege 1280 MicrosoftEdgeUpdate.exe -
Suspicious use of FindShellTrayWindow 49 IoCs
pid Process 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 2028 PcAppStore.exe 2028 PcAppStore.exe 2028 PcAppStore.exe 2028 PcAppStore.exe -
Suspicious use of SendNotifyMessage 30 IoCs
pid Process 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 2028 PcAppStore.exe 2028 PcAppStore.exe 2028 PcAppStore.exe 2028 PcAppStore.exe 2028 PcAppStore.exe 2028 PcAppStore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2028 PcAppStore.exe 2028 PcAppStore.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3732 wrote to memory of 5032 3732 regsvr32.exe 83 PID 3732 wrote to memory of 5032 3732 regsvr32.exe 83 PID 3732 wrote to memory of 5032 3732 regsvr32.exe 83 PID 440 wrote to memory of 2416 440 msedge.exe 98 PID 440 wrote to memory of 2416 440 msedge.exe 98 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 2604 440 msedge.exe 99 PID 440 wrote to memory of 3048 440 msedge.exe 100 PID 440 wrote to memory of 3048 440 msedge.exe 100 PID 440 wrote to memory of 1532 440 msedge.exe 101 PID 440 wrote to memory of 1532 440 msedge.exe 101 PID 440 wrote to memory of 1532 440 msedge.exe 101 PID 440 wrote to memory of 1532 440 msedge.exe 101 PID 440 wrote to memory of 1532 440 msedge.exe 101 PID 440 wrote to memory of 1532 440 msedge.exe 101 PID 440 wrote to memory of 1532 440 msedge.exe 101 PID 440 wrote to memory of 1532 440 msedge.exe 101 PID 440 wrote to memory of 1532 440 msedge.exe 101 PID 440 wrote to memory of 1532 440 msedge.exe 101 PID 440 wrote to memory of 1532 440 msedge.exe 101 PID 440 wrote to memory of 1532 440 msedge.exe 101 PID 440 wrote to memory of 1532 440 msedge.exe 101 PID 440 wrote to memory of 1532 440 msedge.exe 101 PID 440 wrote to memory of 1532 440 msedge.exe 101 PID 440 wrote to memory of 1532 440 msedge.exe 101 PID 440 wrote to memory of 1532 440 msedge.exe 101
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\b28242123ed2cf6000f0aa036844bd29.dll1⤵
- Suspicious use of WriteProcessMemory
PID:3732 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\b28242123ed2cf6000f0aa036844bd29.dll2⤵
- System Location Discovery: System Language Discovery
PID:5032 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 5963⤵
- Program crash
PID:4260
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5032 -ip 50321⤵PID:4544
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:440 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd8d5e46f8,0x7ffd8d5e4708,0x7ffd8d5e47182⤵PID:2416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1964 /prefetch:22⤵PID:2604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:82⤵PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:1604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:12⤵PID:4628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:12⤵PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 /prefetch:82⤵PID:1440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:12⤵PID:3376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵PID:3984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:2924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:12⤵PID:3860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:12⤵PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵PID:2236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:3496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵PID:1912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:3544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:12⤵PID:2096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:12⤵PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:12⤵PID:212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵PID:4016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:12⤵PID:4696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:12⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:12⤵PID:1772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:12⤵PID:1812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:12⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:12⤵PID:2924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7176 /prefetch:82⤵PID:3484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5608 /prefetch:82⤵PID:1496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:12⤵PID:3860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5444 /prefetch:82⤵PID:3468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:12⤵PID:220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:12⤵PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:12⤵PID:640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:12⤵PID:3452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:12⤵PID:1508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:1856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8240 /prefetch:12⤵PID:2884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:12⤵PID:880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:12⤵PID:3604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:12⤵PID:1104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:12⤵PID:2284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:12⤵PID:3904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:12⤵PID:312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:12⤵PID:3304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:12⤵PID:2136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:12⤵PID:4840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:12⤵PID:1928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8624 /prefetch:12⤵PID:1288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:12⤵PID:4248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:12⤵PID:740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:12⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:12⤵PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:12⤵PID:3132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8536 /prefetch:12⤵PID:1108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6844 /prefetch:82⤵PID:208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8036 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1108 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5072
-
-
C:\Users\Admin\Downloads\Setup.exe"C:\Users\Admin\Downloads\Setup.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4536 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://pcapp.store/installing.php?guid=F2CDB6FB-4AB8-4547-9F25-FAD1F7A44351X&winver=19041&version=fa.2001g&nocache=20241219074432.578&_fcid=17345942543212693⤵PID:2904
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xe0,0x128,0x7ffd8d5e46f8,0x7ffd8d5e4708,0x7ffd8d5e47184⤵PID:412
-
-
-
C:\Users\Admin\AppData\Local\Temp\nslD91.tmp"C:\Users\Admin\AppData\Local\Temp\nslD91.tmp" /internal 1734594254321269 /force3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1528 -
C:\Users\Admin\PCAppStore\PcAppStore.exe"C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2028 -
C:\Users\Admin\PCAppStore\download\MicrosoftEdgeWebview2Setup.exe"C:\Users\Admin\PCAppStore\download\MicrosoftEdgeWebview2Setup.exe" /silent /install5⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:4036 -
C:\Program Files (x86)\Microsoft\Temp\EU1DCB.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EU1DCB.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"6⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1280 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc7⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3832
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver7⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3984 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4888
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:3684
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:3904
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0Q5REM0QjEtRDQzQi00QTBELThFMzctRTk2ODU0RDY2QzQ4fSIgdXNlcmlkPSJ7NjVBN0IzREYtRkQwRi00MTlBLTg4MDgtNTE3ODQ0ODJFQURFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxNEIwRjU3Mi0xNURBLTQ2RkEtOEE4MS02MjFCQUNGMDdFRTB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDk0OTI3OTI0MyIgaW5zdGFsbF90aW1lX21zPSI1MjYiLz48L2FwcD48L3JlcXVlc3Q-7⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:4840
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{7D9DC4B1-D43B-4A0D-8E37-E96854D66C48}" /silent7⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4412
-
-
-
-
-
C:\Users\Admin\PCAppStore\Watchdog.exe"C:\Users\Admin\PCAppStore\Watchdog.exe" /guid=F2CDB6FB-4AB8-4547-9F25-FAD1F7A44351X /rid=20241219074436.79241637796 /ver=fa.2001g4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1392
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:12⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:12⤵PID:2412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1984,1139337949114572527,13025933489925878194,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6948 /prefetch:82⤵PID:4944
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1528
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2508
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4b8 0x4ec1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1232
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2196 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0Q5REM0QjEtRDQzQi00QTBELThFMzctRTk2ODU0RDY2QzQ4fSIgdXNlcmlkPSJ7NjVBN0IzREYtRkQwRi00MTlBLTg4MDgtNTE3ODQ0ODJFQURFfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MzlFRjVGQzItQzRFOC00OTI2LTg3RkMtNTY0OUZDNTdCODYwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNzIiIGluc3RhbGxkYXRldGltZT0iMTcyODI5MzUzMyIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzcyNzY2MTIzODAzMDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0OTUzNjE4MTU5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:2688
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF075DB7-BDB3-466B-B368-C180992DA1F3}\MicrosoftEdge_X64_131.0.2903.99.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF075DB7-BDB3-466B-B368-C180992DA1F3}\MicrosoftEdge_X64_131.0.2903.99.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Executes dropped EXE
PID:2472 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF075DB7-BDB3-466B-B368-C180992DA1F3}\EDGEMITMP_99AE0.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF075DB7-BDB3-466B-B368-C180992DA1F3}\EDGEMITMP_99AE0.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF075DB7-BDB3-466B-B368-C180992DA1F3}\MicrosoftEdge_X64_131.0.2903.99.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level3⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
PID:2624 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF075DB7-BDB3-466B-B368-C180992DA1F3}\EDGEMITMP_99AE0.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF075DB7-BDB3-466B-B368-C180992DA1F3}\EDGEMITMP_99AE0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.140 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AF075DB7-BDB3-466B-B368-C180992DA1F3}\EDGEMITMP_99AE0.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.99 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff786f22918,0x7ff786f22924,0x7ff786f229304⤵
- Executes dropped EXE
PID:2736
-
-
-
-
C:\Users\Admin\PCAppStore\PcAppStore.exe"C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default showM1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4440
-
C:\Users\Admin\PCAppStore\PcAppStore.exe"C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default showM1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3892
-
C:\Users\Admin\PCAppStore\PcAppStore.exe"C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default showM1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1616
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.6MB
MD5f6ef6691c60c40c1b64c857aa7140f65
SHA10a18181edb6539ace366e7d804e37ec558c52b79
SHA256df10339c63d2f24162ffa7d61c797f46a4ec4d91f1f74c3290646a232c7e9c56
SHA512bf2829c18f109ee181518b7819a23782fdee4f81644a9d062e060ccac7a2df27d2f49cb3c26d63e6c9e2aed6ff166f2af596c0365284ef1dc0a70363ea8fd404
-
Filesize
201KB
MD59da54f5a8726349124dbdca094448a11
SHA1a80642cf316be9570494a4c74949024f5d59f042
SHA256f04efee822f9b2baf2f9b4ea576b9908804b6990497b82c549a34ba54b1b4807
SHA512d84a5ac786f8bd0eabe4b1c50c7cbac8828ed2e3eb9a064936b65f0cf07f30e7362d44bda1c95a6652708ebb94e139781acf9cf7c0bdc642620136c6d01e2d62
-
Filesize
280B
MD5a72c7b544f55e41f77cf0b55775c1b85
SHA1adf9d3dcfa25b6f47dd4c56bb7bfc3b60d819d97
SHA2562c7aa3791c30d2a19cb8c3527e462127f00b437667db8a56aab7181813078b43
SHA5128e80389bf55bfa18fda1a8962800bf5ae847d519a39d398f79450a1182fe651fb43339fad207124fd5dca3eab94cd67d996c55beb2601a6474da07b0b019ebbd
-
Filesize
81KB
MD54a4bd0b2e1142ec51798e0420bd7ccc6
SHA170dd57cd144d3dec0a3279a4d7f6b18a4319fca6
SHA256a24fbcc3a159d56cfd3983885bbe1f795103d1f3bfe1ece7ce84e2314e0e993e
SHA512c457604fb721846576ec20c4e01566cbdeee8dc80fc91b33a41191b204564e85eef3ed8d8b302b3fe5b5c97d724b7c3540d70760c7c4f7038fd88ee8b0cfd9db
-
Filesize
152B
MD5e55832d7cd7e868a2c087c4c73678018
SHA1ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f
-
Filesize
152B
MD5c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA14d16a7e82190f8490a00008bd53d85fb92e379b0
SHA2561e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
67KB
MD569df804d05f8b29a88278b7d582dd279
SHA1d9560905612cf656d5dd0e741172fb4cd9c60688
SHA256b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608
SHA5120ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
20KB
MD5077e3f0d3dddb018c1e71fd8e46d2244
SHA1b50954ed5904b533372fe39b032e6a136ca75a7d
SHA25612ea854aa2a6588219451d4af53fcd368e24b109085062deec4e5b891e059e82
SHA512f9cb475d16d3e8dedc6ef2feaee4f9bad365a8bb992352163a0a9f4ff9e809bf895fc0ffd59375e60a44e5c5bd1f43217177fb44ffc0cc76cc85e45a612b9b3a
-
Filesize
20KB
MD50efcdae8412f64713244acb713cf7412
SHA1b33e187d7323f15050885e512ca9eec3afb1c33c
SHA25618a3bf2c3d887e6c3e3b534ab36354d59933cecc05302093c22768e9bd7a02e7
SHA512ac3f28737f4cf8d9b392f50633e5e76b9d60f42033ec9235956ec63f30c75cf85f2e1766793651c2310c55a6295ed08b1c75cd63b38b83974be4e6eae5a85217
-
Filesize
103KB
MD58fb8d880001d5b578bbc8a6044077605
SHA16e6858257c0b9467b399d50c989e775656586bc3
SHA256c84e8c8b82b65129fa38e2ca67057228e6cb096922d4a63f2659d93e789eafe8
SHA5128b1c2cf508ffc4fc5980ca5cbd395b722cdd05afa895bdb556be17c8f430b16f37e0e6a436d29c814dc4cdfde1a2860baf3ec3f35d3b7a362de9ce9cbb91c5b3
-
Filesize
20KB
MD5efb9f6a1680c9d3ce3abe4d5a75c7c6c
SHA1a454374b7f43f129d4245e73c2048849a78768c9
SHA25696919908509422207d3fe3dbdf26a7bf0da651dae2b8481c4dce4ef0812add18
SHA5121d6fa00634b899162a4e97adf05cdb97ca1eeaec3f43bdef4412ccbe4ae560ee19073817aab38508b724f177e7942b07982acbf918750fad0385d3b5db3d124a
-
Filesize
67KB
MD5bcfda9afc202574572f0247968812014
SHA180f8af2d5d2f978a3969a56256aace20e893fb3f
SHA2567c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91
SHA512508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd
-
Filesize
47KB
MD58e433c0592f77beb6dc527d7b90be120
SHA1d7402416753ae1bb4cbd4b10d33a0c10517838bd
SHA256f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af
SHA5125e90f48b923bb95aeb49691d03dade8825c119b2fa28977ea170c41548900f4e0165e2869f97c7a9380d7ff8ff331a1da855500e5f7b0dfd2b9abd77a386bbf3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5bd3493ae62a4aa5130e1600985ab3e78
SHA1da4209bd0479112e9278388ab0beeff06a5f7f70
SHA256fcfe6f81b8ca0db6b698fe19d58e9b7f50ae430848123260590a46612f3e1264
SHA512810055c5b2073646d679ce1f9aba8086a98db936e657313042f592d1610ef698a533bb5e90bc4a65fcfd2e36ba27056ea18bf7119a0efefe7daee7ddf885e917
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5781c013641690aebe91d6688a331880e
SHA1c4f102e6b506684b10cb4ea06cbb0b7360c7f9fc
SHA256c4ff2706d32663436911d179c41590203e99e2eb17be4ea7532d7160083df83e
SHA5127ec9c0bbd09dc7403d0754a249b4515ec83d07822c5c769613584b7aff2bcfe32745c6d89761e034b327948b1226cf3da6bcb67c5d814d5689e5c5f32b509eec
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5193da5bf64139b722080af77a8f16314
SHA13098960e47a3a467e66a0b4caabe61899b012b57
SHA25605c12377a2df15cd81f86ba02e22e7fe71864385c987d45cb261e4f45d252974
SHA5128536808afcdee855daf26d631b17ebb73df9f05dab86bfc0da29d52dc70c24be87fe5e79a3d37d2553c98939a1e46933617b97b9577879e474e28fd727ca8264
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD531f9981622aef87979d0d9cf512e43f1
SHA187720a56f1d6a3cd7b21ba785e05ee6fac162993
SHA25648c9d5fe71153213a75dc5c30d269a33ee2ce1ca4b90205de3adb6fa4bd16e09
SHA512c15c6719c0fe14e26e7e37efc46c56d9688d8ffa3512faba2b0709ef0a40902bf20d7ddd6c0177e804e902f9fca21c8e6e8eb6bc02de80c1c8b6840d83559318
-
Filesize
747B
MD5a7959976f4618ccfd829d77bca384751
SHA15ab33e9933f98992ac21f52da647c82342a41cb1
SHA256a5283269e230549425ec02a852cb2baa44342904862c44555343b849e6608d86
SHA512a40d22d0ac1fffb313bc2b560b0decf962974ba7c7286e9cc2344aa2095103a935bf05b8e5825fc120ddacf6c24793911cfa74d15d3bb709ddffc0162643dbc7
-
Filesize
5KB
MD5e4745d5fb0267828f67d6ade4beb7b0b
SHA11d239bc6b61b2bd6dbc8143da6757430e374dab2
SHA25650852012a392514d9a152e1a3bdbb9c1fe85118713a11850d4fe7d333c763fc0
SHA512162aee92cd7649da6e2f6f23f7b72fd81d92df3a34b54582a30b4cfbe519d9c274a920d478b851cd220821071cafad4e6ba88940d0c01078f60284b8f2a402e0
-
Filesize
5KB
MD53976fe2adb729295ee5fb3dbc6b4e280
SHA147ef44a470a9fd63e6335e48ea60a644ad1b73a3
SHA2567dc9b84cc206dd6a567cf8de76177e3d1f1a24de4f8e6bfe313e31bfd82845db
SHA5125b535f65bbcd8e8423e2ab632edb0f23f0adabc43368efa07fc515fe944a070c259a851a463048045b259bf5e7b991763eb6e09339b4fd7dad3a6be271c2ee6e
-
Filesize
7KB
MD5974be848f708365f1e145ad3388524f2
SHA181855de5ccba8b74ed0845f7d81672d455a40c8a
SHA256f51f7131635b9a6b63bf3939afc2520b9f948847bca35027c7db3f61eacdbbf0
SHA5125e95336b8997e0b889940d39fbd43aadd7b00b4c49f81f4cabe7aef611e6ecf6c1946295de4933ac89838d9cee9b7f3449e7287d4837619d6dc1feaed4ccc476
-
Filesize
471B
MD553fe8e3f7c2bfad4428f006849d99e20
SHA1e114fb17fedb45a0106cf482467ebb2331c74412
SHA25608861afcba6bc43a844c00620d095dd06f55d1d96abfcf692d94f198093fe422
SHA5122e7a868ab8d3381cd6eda0d7f1cd7dea60d0de35e8df6aa48126110f975000847d86b67b16ee36639212b929716c24fcd434f5c2434bf18d1a4e541958f01a5b
-
Filesize
5KB
MD54d9f7ddd6d26f8881015fa68d777a47d
SHA17e4a1d8c7ce7da6dc08bfcb575670fe005f5801f
SHA2566995d89139cd6456782a57a2444cdcacffb4076c03cacda6c2f76315a6ad57b4
SHA51272550e35fb96a7cd6a6f249dae2e1d83b600f3fe8a40066582eccca75522a0bec611139e78a1c9b7e1d483556af44c024821633c8e37dbbc977ecdea24ab8cd1
-
Filesize
8KB
MD5372797c0589a0702fd73e5567906ac4a
SHA1db1c569da3abbb757cb57024eaa0cc6d8c9abf1e
SHA256f7c5f3c26839b930f3b05dd51a4330999bf8d64accf070cbc0f89af2c325f0c5
SHA512ba6640fb78147c7163c357c0d0834b0fdae2e1f2a551168abbe58a45b85d1f8e4bf7b47e1cb21d6fc6e692c491e0ce8ef1d9653b2c26796c79725463b40fc4ee
-
Filesize
10KB
MD592402a2d432272793dd172473e15655d
SHA10050828bc38aaee1a2ff031dcd334f597d7d106f
SHA25632668fe79a0983eaaaa7fee187ae6667e5ebb5f38dc32b5e479ba4fa0ecc9fd7
SHA512c9424ed687d5c3c3fc2d715066da4e601227986d66c11fc9f74ff0113be715da9b65e786536a6248796d1dd2334607f6f59cd6f5323315f895e8db66360f418d
-
Filesize
5KB
MD5eaf4d4473d3793301538c7a8c57023f7
SHA15b0b2c08227fbcb884745aa6a102f7113441fb23
SHA25669847409ed69d8bec7ce712a10eb1af8260b19fe4a3dedf538ad4d835f8353fd
SHA512c15f33e4348302f9ee40261595ba53ae79cb152d038ed434a451cfffc19480542baefd42b5fd0e7eb68ae3c1dccd867f9be1648aecf4b6bdc34e321ea00f5bbd
-
Filesize
6KB
MD594ade554ba11d98539723361c2e38901
SHA1f886bb482161e4bbfc07f425f701f1dd9b98fcf8
SHA2567f1200962612b8efc207a9c2f0be0ea0c97ff841ec5fc5ad3bfa38c3b75436c4
SHA5129c606a59173a104231535e6751b7e4d934ee637e591443abddadb1d57ce2ccf55d1e947fa30a00522124ac0cd8ba4c8ff31b02ea1454673f905bf7909d6675e7
-
Filesize
10KB
MD5c60f88ef08b5ced682a32a5b7af61a82
SHA149d037fc108eacd1230ef25bc5e33ada1be60889
SHA256eae26bdd27180859efa2d71a7ebb325a929ffc11b0e8bdf164665372305a76e3
SHA512b1e5eec6ee51914ea9c27f4e3e4817702079eacd8629c947a744f1e5382ebf2a6ed8465bacde379e181ff5f67b9e600a25eb0156c42d5438510c1fecbf49568a
-
Filesize
9KB
MD58cb93440342bbcd92240ace58a8b3971
SHA1265dd7ced4e06e825fc9a6c8f2872ea82f5c06b8
SHA2569ef45751f1b380e64f98eab3f655edce866366146ffc30ba1793074705be4ad7
SHA512218ec27a82267b2527e243844132bd590d0b2bcebdc945efa7710cb99413be9a12cff51951d229ed5acf094a78b0edb2fa098191a0dfde39ba6ba0ae237f9378
-
Filesize
10KB
MD526e42015a28de43b6ffe67b43256a4fc
SHA12e7d8fca10e5f1d1b6233616e110ce1bda86f2d7
SHA2560009f78c5e80de1b50ce0f6b61bd761eceba9ba94c312d5935bb7ef1b3d80230
SHA5123e8ff4a024b1cabb532ff5f5bb17c210c97fd424bc6eed8cb3ec2c9ef387a2680b34e724fb881f572d31837f34f67b14efc96aabf4dc82ca5afa860cc1df83a3
-
Filesize
9KB
MD52768171b14692ea9675347304be11f7b
SHA19aa2b5d500b1b34acfc0fcb4c90bf7e68dc042a0
SHA25621d8d4a59480614daa9f897f2e99beb3e1caff3a51f91e19637c6331ee234d3c
SHA512c6c6f8c8aeb7db08123a3dadc41d263c34b4c587dc88b363238fcf893541de462479ac6dad5a524f5c6989208c0aa936d2e8af6b6d9157421f83ed52272c28ca
-
Filesize
6KB
MD5a5ab9c0a8880ecc6767f0d3f8ad11099
SHA1ff26daacf61ef5e5985cf8907a4524123fee448b
SHA25628c00f79bf94bd13c05361c952baf1896a46ab7e36d2534f9e2a414e7cc9181e
SHA512cc89f03ddb53f6bf5661803daedc1b0328f8d4afdba77e565fbf8fa213ec5dd3f2f832b0dd516fa5f0e381f0ccdd30a14f698a4bb35a4e2da169a642a523d2d2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD599ce20b40c003f5d000c68fcbaa1cad1
SHA1b1dbcaef7f3c7d3133b0582020c954bceb562095
SHA256a2f6adb5464cea2e4d088283661db1ba79a57dff8ae75a16b7f10be5db148b36
SHA512f37b36a3895578cd2da2095b7e3b8af4444abde50d65f8a26d1f45cef7f61634dca2445efd806e83d7510f39e88b83fb7fe905a101de2bb976d76ad4ef0692a6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize120B
MD572c082872f011c25304bef291149d5bd
SHA1c2d6b5035ec11d29c7367af75175b8377afb5242
SHA256592fac9f944e2e53c442cf8e54a3fd39f78c084f0903e8901c7634f9388b2325
SHA51201dd66b766d117023db9287e85bf71de29b5808839ce1431daebe84677c1509ab196eaa08dca8edf2dcdbc4e589c6c474b9c549c9d725f81a7ff930831563a6f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize144B
MD5fe951dfbadccef60c9bc4e289d292951
SHA1a9e48a0c300ed1aebdd4f3df5040baed6306e46a
SHA256ac9b1cbd1c94f93e678aeecd34d27fd1d33d64ea7ea6d9577c0b38b654bd3ace
SHA51274ca906581706d6a79a03318c340fe08ed4c1e8cd5dcb7b0b2b4eb060e745a294036fa1f11740539f93722faa9639d6db6554dfa27495d1f7c6d4661e82f83b1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5b388735e854524330a9e5ed55453c977
SHA18bc9a6da289f2b71d88cd35d54e1ac852d30be9a
SHA256f9d8cc4b7fa35f6e3f1d20227768b52c4d3d2801fe678d5aaf58b789ad5645c1
SHA51259b029628924b3d8514947d0c295012b4d7eaa9c4816ffb241deb9ee7f9699b9b27152c691580fe8b712372e0667a06f53c468c61c4199f1f88a9ba0e29b0236
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b7f3f.TMP
Filesize48B
MD5cb5148f6977ab0b859103f61c054b2aa
SHA156d4984cebec9fccbc36d3b4414009dbdf3ffb6e
SHA25650c38e9014aecfff06c15dfed1546975724f131dd29c627b16dec8cbe57be625
SHA512ec990fa6f237da8c6df6996c95d164728ae4f46c0e6da628d9ee82a59cc1603018bf310c2301f72ecdf64991af2219a6bf8f9dcb3fc19748ce8eb77c8494d92f
-
Filesize
1KB
MD52a35efa38bad277a31bcd859e12d11bc
SHA18bd7971894be0fac5af2e441b226888cd32db8bf
SHA256c6a6e29684fb93a7902942c7ecf7210512e31ecb3866c407e6b431b79a4d21c0
SHA5126d9cc1e60084e1082ece84dbc99efccce9623e8207a9e6ed65813b9c540b6c292a302b460a2de2b3ea419c41454039a63700804cf95e34dfbd382e6559f27de2
-
Filesize
1KB
MD5aca616e2413dd7a19367a76343886128
SHA1db14785c8e1cd87c41a0a75ca22c912f29c49ccf
SHA25679638e85ebe2deb778c7feacf9c933155fae5df89860a112a92579c7e79936e2
SHA512723bf2064b2846ac8a6db26d75b242c0b902955a9c27b11aa477ec77928afa1653e4185f4ea46bf76f33a64dc1bb8fe21ec75aec5b0ae53669e088ef6b009ad3
-
Filesize
1KB
MD53d2e2289adb627efb6f7fed6ae4a8804
SHA105ef1cedf7c48bb244d62891fca2ef96cf9ae694
SHA256383670a54d5bd21959a8195c56b036c7f1ff6eae427385144025d87b0662249d
SHA5127918ebabe98342da1d0cd5538a1cbaf9644ba0e4e901bfc27176baa60101488e8ca3054e6e5cea15f810fb5a0f90131c6a8b25126550c3386596a9926968e03c
-
Filesize
1KB
MD57c492730ce7523085905244ea243eac8
SHA143028f3707bdf9e43d9874acc58bda5196e62afa
SHA2561250245af3e7e18785ab2597a8326d4bab022c8c5d9a6a00a0d39374855dfbf6
SHA51257525d50c408701af6207caf9fa5ddf1a3b63989a92cfca0ec1ea3a630e89c866c3c0959a56eeca0e1ef3a85821f3209183bd7ae30c45eb0cbdcb7d3f460c42b
-
Filesize
1KB
MD5b0c749831d2c1d18f81180ecb3fb404d
SHA1677c822f93d9536fd45e5bca68135c8f78da568a
SHA256704b9d98341a78a2e49a3a05dd59a22222e26d5244729fbd71f0b5b5006508f6
SHA512354075214e415e093fc74ca7988019f34aa488c4cb6835e478ae3729686dff3a2ff8fc5d779e5ff51271f1a9b7826d129c323d11e4a0c93ea0ca373b783bb353
-
Filesize
873B
MD5f33d749ce936bbac88ce6549c399de9f
SHA1fb8aa0de348bd3d5e3658001637cfce812edea04
SHA256a5da2599ef14fe9a65e1df38ca1685bcbda053d9e2ae37eaf022731cc6f79060
SHA512151510ac4252b7fb16c513989f1dca4bfd1e5c694ba5422c710ca9470872af69154e2f1d163b3eceb8a94fd805d617604fa4c75686c143841f7d91fcf84a013e
-
Filesize
538B
MD549e3d120adfe36f56f6b1d58fbf1d05c
SHA114ec4f2fddeccf5f2a3e382f6f690d3b2d99c204
SHA256798e677fa7027a883bc6af2e188dd79ea0cd39e9f05d91c5fbedbb5b636aa821
SHA512f51b0265efbc1a53cf0a8a2fce7b1cd763566aed72a20b6c23680ff401072e72edf7a21e8a2006d7f32306ada7246cce607b1c2c463a82891e68888582270279
-
Filesize
538B
MD542f8070e2b27a44d99e0a84bfcbb83a2
SHA1b19de5fb8b72792d6c3d51ae750bfa92d680b85e
SHA256480356b007f76f007fbd95a02d19fa8427256b6829ac273a5e110871d68cd5f7
SHA51228d4f797e4c9208727a619fae0e3d9ba339f626e781017c0c37883a9f54d09ab4725ccfc0b2b519cd88ede985974ea2dd283c0a96ed361a0cd89d7a85250029f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5ba07a6958a7fe25312247e54e3d66d08
SHA1eccd8a198a66dfeb377c9091fa2c647035527b51
SHA256b67cfe3ad70824839033c7a808f6bd79a1c74e620d7d029c8ea5e375b49b7eac
SHA512a320ee66e90880d7e6b9a26767eeb17beb7d1cae1fbb6d8c3d4baf851d3d472b229150bddf1ba1135d321428f12f5154bcc45facfb803426854c17e2f099bdf2
-
Filesize
11KB
MD5c1c56d2dbb772dcea289fd7dca27f2ad
SHA1d41b792b782199d469cf8cb8f8020a306f616b3f
SHA25671a1cd0f217adea6183499bb4cc8ec3c9a86377d791c194b318b20ce3a5739f5
SHA512d9e2e67f3c98ebfd09abc852a15bb2f6f871751f363149314439fe98c587fb4fe26558fd850e650df2115057efcda067722383f8b7d37a5cadf39dd7f8ecac92
-
Filesize
10KB
MD56d2b0b9797118f0ce83798ed8715e96e
SHA1b76931f94851b1767dd5c9456dc058eae7d9aebe
SHA25667fa2c5eb24e1ecf2580c8d9bbff979c2e9424e860691c7bbb9a9a3935cdcc22
SHA5120bfa9244d79a3c27af52ef0d296fd322382c56245463ca0726dc7386e6a49a2e9b41a4769f8d376bcf7d969bab1597660c7852ed07d2cab19f0294f11a72d59a
-
Filesize
137KB
MD59c7a4d75f08d40ad6f5250df6739c1b8
SHA1793749511c61b00a793d0aea487e366256dd1b95
SHA2566eb17c527c9e7f7fea1fdb2ea152e957b50a56796e53ce1e5946b165b82deaef
SHA512e85235307b85ffd3aab76ff6290bee0b3b9fd74c61a812b5355fe7b854d4c6b77bd521e52638d28e249a43d9ec7aa6f2670af2b1c671091492c7fe19d6f9a4e6
-
Filesize
12KB
MD5cff85c549d536f651d4fb8387f1976f2
SHA1d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA2568dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
Filesize
38KB
MD5a35cdc9cf1d17216c0ab8c5282488ead
SHA1ed8e8091a924343ad8791d85e2733c14839f0d36
SHA256a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df
SHA5120f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf
-
Filesize
9KB
MD56c3f8c94d0727894d706940a8a980543
SHA10d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA25656b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA5122094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
-
Filesize
23KB
MD5f4d89d9a2a3e2f164aea3e93864905c9
SHA14d4e05ee5e4e77a0631a3dd064c171ba2e227d4a
SHA25664b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb
SHA512dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2
-
Filesize
67KB
MD585428cf1f140e5023f4c9d179b704702
SHA11b51213ddbaedfffb7e7f098f172f1d4e5c9efba
SHA2568d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a
SHA512dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59
-
Filesize
200KB
MD546866e9b5d2dc5fb547ee599df63af53
SHA118f4e8982d0fb07d7c8a9039ef6a26f436608d4d
SHA256394f11e6c06655280d97917a0b4f6b0173b441246e195b0b83373e5e4c73e260
SHA512ef838318dca928378279dc2a0ef486a7f777d1f758fad27ba7699e264615666c77138d7ecbf30f5c25a83f630cbc5ee1a74f4a071d58b7f68ba95476f22f4d67
-
Filesize
1.2MB
MD5c9db6b5c84be13a43ad23cc204e4bc52
SHA194bd6634303205715fd04f8aa10d75158390e4d9
SHA25677200156d4773175d341aad11ab23bd52445065cd95060348da17d083dc27688
SHA5129273493c5e5ea24b2f5ee219fdf849546e85b3f5cc24c970f1ab6fdcfe961d96ca6fd41c96f9d915892ab24ce7ff409f0f5a6569b0225e95d36afba51615f8d6
-
Filesize
1.6MB
MD5ec5b2a3126f46e01e1fcbb215d4f9ec8
SHA177cfa2daad5e57e62d39c5f7323c4f68032c3152
SHA25609c2a441a22186cbcc90e0a79556c4c696446740955c9031f8b52e84c7cd4ec1
SHA512b0f5ec2cd2f120de85408a57070ffc078cad2eb8cc6f93874008c392a0f7629f6ecba9d74cd3462f7868f110b12664853eae11c64f3b2d237dd4f901a1f307b3