hxxp://noescape[.]exe

max time kernel
1050s
max time network
1051s
platform
windows11-21h2_x64
resource
win11-20250210-en
resource tags

arch:x64arch:x86image:win11-20250210-enlocale:en-usos:windows11-21h2-x64system
submitted
14-02-2025 22:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://noescape.exe

Score

8^/10

adware discovery persistence privilege_escalation stealer

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0"	setup.exe

Downloads MZ/PE file 2 IoCs

flow	pid	Process
45	4456	Process not Found
170	4456	Process not Found

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 10 IoCs

pid	Process
4476	setup.exe
2704	setup.exe
1976	setup.exe
200	setup.exe
4780	setup.exe
3004	setup.exe
1880	setup.exe
1536	setup.exe
1544	setup.exe
4904	setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk	setup.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\WidevineCdm\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\es.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Edge.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\concrt140.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\ml.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\mr.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\TransparentAdvertisers	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\km.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\gl.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\eu.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\lo.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\bg.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\pwahelper.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\telclient.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Sigma\Cryptomining	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Trust Protection Lists\Mu\Fingerprinting	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\ja.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\sl.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Trust Protection Lists\Mu\Fingerprinting	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\MEIPreload\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\kok.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\tr.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\LICENSE	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\ca-Es-VALENCIA.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\ka.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\mr.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\fr.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\msedge_proxy.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\Content	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Locales\lt.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\EdgeWebView.dat	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Locales\hu.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\LICENSE	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\VisualElements\SmallLogoCanary.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\vulkan-1.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_proxy\win10\identity_helper.Sparse.Internal.msix	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\sq.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\ka.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\VisualElements\LogoCanary.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\Social	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_proxy\win10\identity_helper.Sparse.Canary.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7365BA45-B8C8-434E-AFE7-EE965E934416}\EDGEMITMP_E39D3.tmp\SETUP.EX_	MicrosoftEdge_X64_133.0.3065.59_132.0.2957.140.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\kk.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\Content	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\LICENSE	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_proxy\internal.identity_helper.exe.manifest	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\identity_helper.exe.manifest	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\msedge.dll.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.59\Locales\sl.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\onnxruntime.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\bn-IN.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\msedge_proxy.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\Fingerprinting	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\ne.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Trust Protection Lists\Mu\Other	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\cy.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\BHO\ie_to_edge_bho_64.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\en-US.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Trust Protection Lists\Sigma\Fingerprinting	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\Advertising	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\es-419.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\eventlog_provider.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\as.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_proxy\resources.pri	setup.exe

Drops file in Windows directory 37 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File created	C:\Windows\SystemTemp\eea981be-89ca-4b3a-9de4-7311f8d6416f.tmp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\2b2dc8f8-a7dc-4964-b227-e3b30ae33ded.tmp	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1556	MicrosoftEdgeUpdate.exe
1300	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge	setup.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0"	setup.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO\\ie_to_edge_bho_64.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\AppUserModelId = "MSEdge"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeMHT	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids\MSEdgePDF	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\AppId = "{628ACE20-B77A-456F-A88D-547DB6CEEDD5}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\VersionIndependentProgID\	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeHTM	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.shtml\OpenWithProgids	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\AppUserModelId = "MSEdge"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.svg	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.xhtml	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\shell\open	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\shell\runas\ProgrammaticAccessOnly	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\ApplicationCompany = "Microsoft Corporation"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\CLSID\ = "{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\AppUserModelId = "MSEdge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithProgIds\MSEdgeMHT	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\CLSID\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\TypeLib\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\DisplayName = "PDF Preview Handler"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\AppUserModelId = "MSEdge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\ApplicationName = "Microsoft Edge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/html	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/pdf\Extension = ".pdf"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell\runas\command	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationIcon = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\msedge.exe,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.xht\OpenWithProgids	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0\win32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\elevation_service.exe"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ProgID\ = "ie_to_edge_bho.IEToEdgeBHO.1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\CurVer\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\ApplicationName = "Microsoft Edge"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds\MSEdgeHTM	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\TypeLib\ = "{2397ECFE-3237-400F-AE51-62B25B3F15B5}"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationCompany = "Microsoft Corporation"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.mhtml\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib\ = "{C9C2B807-7731-4F34-81B7-44FF7779522B}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LoadUserSettings = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\ = "PDF Preview Handler"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\DefaultIcon	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.webp	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}	setup.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4740	msedge.exe
4740	msedge.exe
3516	msedge.exe
3516	msedge.exe
3564	msedge.exe
3564	msedge.exe
2500	identity_helper.exe
2500	identity_helper.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	4788	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4788	AUDIODG.EXE
Token: 33	4476	setup.exe
Token: SeIncBasePriorityPrivilege	4476	setup.exe
Token: 33	1544	setup.exe
Token: SeIncBasePriorityPrivilege	1544	setup.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3516 wrote to memory of 3724	3516	msedge.exe	85
PID 3516 wrote to memory of 3724	3516	msedge.exe	85
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4896	3516	msedge.exe	86
PID 3516 wrote to memory of 4740	3516	msedge.exe	87
PID 3516 wrote to memory of 4740	3516	msedge.exe	87
PID 3516 wrote to memory of 1112	3516	msedge.exe	88
PID 3516 wrote to memory of 1112	3516	msedge.exe	88
PID 3516 wrote to memory of 1112	3516	msedge.exe	88
PID 3516 wrote to memory of 1112	3516	msedge.exe	88
PID 3516 wrote to memory of 1112	3516	msedge.exe	88
PID 3516 wrote to memory of 1112	3516	msedge.exe	88
PID 3516 wrote to memory of 1112	3516	msedge.exe	88
PID 3516 wrote to memory of 1112	3516	msedge.exe	88
PID 3516 wrote to memory of 1112	3516	msedge.exe	88
PID 3516 wrote to memory of 1112	3516	msedge.exe	88
PID 3516 wrote to memory of 1112	3516	msedge.exe	88
PID 3516 wrote to memory of 1112	3516	msedge.exe	88
PID 3516 wrote to memory of 1112	3516	msedge.exe	88
PID 3516 wrote to memory of 1112	3516	msedge.exe	88
PID 3516 wrote to memory of 1112	3516	msedge.exe	88
PID 3516 wrote to memory of 1112	3516	msedge.exe	88
PID 3516 wrote to memory of 1112	3516	msedge.exe	88
PID 3516 wrote to memory of 1112	3516	msedge.exe	88
PID 3516 wrote to memory of 1112	3516	msedge.exe	88
PID 3516 wrote to memory of 1112	3516	msedge.exe	88

System policy modification 1 TTPs 4 IoCs

defense_evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1"	setup.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://noescape.exe
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ffb2cce3cb8,0x7ffb2cce3cc8,0x7ffb2cce3cd8
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6916 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6768 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,15625171456906153388,13054733319515541417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:4720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:552

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Nzc4QzhDNDUtNTQ5My00MkUxLUI3OUQtODZDN0U1OEE4NUI1fSIgdXNlcmlkPSJ7NjM2MjNENDEtOEExOC00OEE1LTg2REItMENFMEU1QjY2N0EwfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RTkxNDZFQjUtRTM1RS00RDU3LThBRUMtMUE1MzIzQjMxQUIzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RSt4YkF6Nlk2c1UxMjg5YlM2cWw0VlJMYmtqZkJVR1RNSnNqckhyNDRpST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjQiIGluc3RhbGxkYXRldGltZT0iMTczOTE4NDAzMyIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzgzNjU1NjU2MjA2MDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ3MjQ4MTMxOTIiLz48L2FwcD48L3JlcXVlc3Q-
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:1556

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x000000000000048C
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4788

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4176

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CFF9EA3E-0855-409B-910E-6DE2CE15462B}\MicrosoftEdge_X64_133.0.3065.59.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CFF9EA3E-0855-409B-910E-6DE2CE15462B}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
1⤵
PID:2964
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CFF9EA3E-0855-409B-910E-6DE2CE15462B}\EDGEMITMP_475A5.tmp\setup.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CFF9EA3E-0855-409B-910E-6DE2CE15462B}\EDGEMITMP_475A5.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CFF9EA3E-0855-409B-910E-6DE2CE15462B}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
  2⤵
  - Boot or Logon Autostart Execution: Active Setup
  - Executes dropped EXE
  - Installs/modifies Browser Helper Object
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - System policy modification
  PID:4476
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CFF9EA3E-0855-409B-910E-6DE2CE15462B}\EDGEMITMP_475A5.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CFF9EA3E-0855-409B-910E-6DE2CE15462B}\EDGEMITMP_475A5.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CFF9EA3E-0855-409B-910E-6DE2CE15462B}\EDGEMITMP_475A5.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff76d056a68,0x7ff76d056a74,0x7ff76d056a80
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    PID:2704
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CFF9EA3E-0855-409B-910E-6DE2CE15462B}\EDGEMITMP_475A5.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CFF9EA3E-0855-409B-910E-6DE2CE15462B}\EDGEMITMP_475A5.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Modifies data under HKEY_USERS
    PID:1976
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CFF9EA3E-0855-409B-910E-6DE2CE15462B}\EDGEMITMP_475A5.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CFF9EA3E-0855-409B-910E-6DE2CE15462B}\EDGEMITMP_475A5.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CFF9EA3E-0855-409B-910E-6DE2CE15462B}\EDGEMITMP_475A5.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff76d056a68,0x7ff76d056a74,0x7ff76d056a80
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:200
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    PID:4780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7c4546a68,0x7ff7c4546a74,0x7ff7c4546a80
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:1880
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    PID:3004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7c4546a68,0x7ff7c4546a74,0x7ff7c4546a80
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:1536

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7365BA45-B8C8-434E-AFE7-EE965E934416}\MicrosoftEdge_X64_133.0.3065.59_132.0.2957.140.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7365BA45-B8C8-434E-AFE7-EE965E934416}\MicrosoftEdge_X64_133.0.3065.59_132.0.2957.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
1⤵
- Drops file in Program Files directory
PID:3092
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7365BA45-B8C8-434E-AFE7-EE965E934416}\EDGEMITMP_E39D3.tmp\setup.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7365BA45-B8C8-434E-AFE7-EE965E934416}\EDGEMITMP_E39D3.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7365BA45-B8C8-434E-AFE7-EE965E934416}\MicrosoftEdge_X64_133.0.3065.59_132.0.2957.140.exe" --previous-version="132.0.2957.140" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  PID:1544
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7365BA45-B8C8-434E-AFE7-EE965E934416}\EDGEMITMP_E39D3.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7365BA45-B8C8-434E-AFE7-EE965E934416}\EDGEMITMP_E39D3.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7365BA45-B8C8-434E-AFE7-EE965E934416}\EDGEMITMP_E39D3.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7c5956a68,0x7ff7c5956a74,0x7ff7c5956a80
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    PID:4904

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Nzc4QzhDNDUtNTQ5My00MkUxLUI3OUQtODZDN0U1OEE4NUI1fSIgdXNlcmlkPSJ7NjM2MjNENDEtOEExOC00OEE1LTg2REItMENFMEU1QjY2N0EwfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntCRDZEMTFDQy0yRTE1LTQ3NzEtOTNFNS1DMzQ1M0FBRkUyN0V9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjQzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNCIgY29ob3J0PSJycmZAMC4yMyI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSI0IiByZD0iNjYxNSIgcGluZ19mcmVzaG5lc3M9Ins5QjdDMDBEQS0zODE2LTQ4NDgtQjVDRC03QkJDNTYzOUQyMzd9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iMTMzLjAuMzA2NS41OSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSI0IiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzODQwNDU2MTUxMDYyMDYwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0ODY4NzA3OTcyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4Njg3MDc5NzIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYxODA4NDI2OTgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9mZWQ1NTgwNS0yZTg1LTQxZDgtYjRlMy00ZWY2YjVlYmY2M2E_UDE9MTc0MDE3NjgyNiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1TQkFzeTBuVG9hd3FSYXhLQnh2V2phd05vbHl2MmNjaWFSMHhEeXVMRWNhd0loeEdsNWt2SGNvVmslMmZFREZTM2dIZjNNWiUyZm5sbXQwYUdPVGZPSVB4OGclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iNCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MTgwODg0MTk1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9mZWQ1NTgwNS0yZTg1LTQxZDgtYjRlMy00ZWY2YjVlYmY2M2E_UDE9MTc0MDE3NjgyNiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1TQkFzeTBuVG9hd3FSYXhLQnh2V2phd05vbHl2MmNjaWFSMHhEeXVMRWNhd0loeEdsNWt2SGNvVmslMmZFREZTM2dIZjNNWiUyZm5sbXQwYUdPVGZPSVB4OGclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzg2MDQwODgiIHRvdGFsPSIxNzg2MDQwODgiIGRvd25sb2FkX3RpbWVfbXM9IjEyMTc4NyIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MTgxMDk0ODgzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYyMDQ2MTEwNDgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjY4ODE2MzYxMzMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI3NjgzIiBkb3dubG9hZF90aW1lX21zPSIxMzEyMTciIGRvd25sb2FkZWQ9IjE3ODYwNDA4OCIgdG90YWw9IjE3ODYwNDA4OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNjc3MDEiLz48cGluZyBhY3RpdmU9IjEiIGE9IjQiIHI9IjQiIGFkPSI2NjE1IiByZD0iNjYxNSIgcGluZ19mcmVzaG5lc3M9IntBNUVCQTM4Qy0yNzNGLTRBNjUtOEE0Ni0yMEM1MjIzNTgwQTF9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEzMi4wLjI5NTcuMTQwIiBuZXh0dmVyc2lvbj0iMTMzLjAuMzA2NS41OSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjQiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDg2ODcwNzk3MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2ODgxNjM2MTMzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MDY4NzM0ODIzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvYTQ3MmVjZWMtYWU2OS00NDllLWI3YTItNGU4NmRmZWU1OGE5P1AxPTE3NDAxNzY4MzEmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9SzNzJTJiUlpna1RnVTQ3QTRZV2IyS2pUVzM1NDVpbkgySFhiWGlDVVlnbWFjcDE0ZW1mZERkeHd0cG54TEljSU1LRGNOU1Zyd1hwa0ZvWEV6bVRwR2tOdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIxNiIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MDY4NzU1MzI3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9hNDcyZWNlYy1hZTY5LTQ0OWUtYjdhMi00ZTg2ZGZlZTU4YTk_UDE9MTc0MDE3NjgzMSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1LM3MlMmJSWmdrVGdVNDdBNFlXYjJLalRXMzU0NWluSDJIWGJYaUNVWWdtYWNwMTRlbWZkRGR4d3RwbnhMSWNJTUtEY05TVnJ3WHBrRm9YRXptVHBHa053JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iNTg0OTgxMjgiIHRvdGFsPSI1ODQ5ODEyOCIgZG93bmxvYWRfdGltZV9tcz0iMTgwMTgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzA2ODc5NjMxMiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MDc4OTA5NzY0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NjQyMzYzODgwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNzY4MyIgZG93bmxvYWRfdGltZV9tcz0iMTg3MTYiIGRvd25sb2FkZWQ9IjU4NDk4MTI4IiB0b3RhbD0iNTg0OTgxMjgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjU2MzQzIi8-PHBpbmcgcj0iNCIgcmQ9IjY2MTUiIHBpbmdfZnJlc2huZXNzPSJ7MUM0NUY0NjctMURGRi00NDAzLTg5RTktMTNCNDkwNzJENUVEfSIvPjwvYXBwPjwvcmVxdWVzdD4
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:1300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Browser Extensions

T1176

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Installer\msedge_7z.data

Filesize
3KB

MD5
a43e9ce8d33ed6eb2b8f5133450d64dd

SHA1
f2b9a2eab4b80d7bef0a6e076423993b77f66332

SHA256
39bace95aa685a42bb379404c0e4f2a11254a7d5ab9a9b5551d311d1dbc05bb6

SHA512
9db1c9de9521cd7bd4af5062693d3557ab196fd552bb6000c1d4266426127c9c7c6eada263e90f99bf941fb1c863d10463940e164a03e0742ee070a35fbcdf6e

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7365BA45-B8C8-434E-AFE7-EE965E934416}\EDGEMITMP_E39D3.tmp\SETUP.EX_

Filesize
2.7MB

MD5
1a59a8af3c58b30ff0fe71db2196b24b

SHA1
6b0e5ba36f4fc5328ec494272054a50cafa13e68

SHA256
ba25974b29a25cb7bc1f58a0990a8ce758354aa6ec5b8b8af210f2c1466ba49d

SHA512
f173fe15db8d7aeef4f6fa62a41246550ccee207e6388095a5f87036362d4c95da646e1a7c68764054556e024da80b749646425076e9bfac42fb77be8f2c0355

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CFF9EA3E-0855-409B-910E-6DE2CE15462B}\EDGEMITMP_475A5.tmp\setup.exe

Filesize
6.8MB

MD5
1b3e9c59f9c7a134ec630ada1eb76a39

SHA1
a7e831d392e99f3d37847dcc561dd2e017065439

SHA256
ce78ccfb0c9cdb06ea61116bc57e50690650b6b5cf37c1aebfb30c19458ee4ae

SHA512
c0e50410dc92d80ff7bc854907774fc551564e078a8d38ca6421f15cea50282c25efac4f357b52b066c4371f9b8d4900fa8122dd80ab06ecbd851c6e049f7a3e

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
537KB

MD5
a28eecefea7b6af01441c8f72441ed97

SHA1
7efca9c273f27bff73e28a36f0ec48db6a07162f

SHA256
a1b30b9cc84bd23021ddfa811e31dba8bbfee858cf4831c677174a1f3c39b2b3

SHA512
fbb9a6dc1dd3b419caa4132719aa527a83e23d8b812fca952ae9b01b829f63e61eb640b788c19f0d4a48b50b6f7a03474a21f7a9463e66fb8790f5abb9a76009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0fbf07cb76182d0957afd0b99fb3f3d9

SHA1
dba680cef81e382a1bf50c3f83d68cbcb6af0c43

SHA256
1cbe3641bbd52d4f86f1aec0f646226bdbb46a0bfc64d0dbba905d4956344f8b

SHA512
afd79c8056aaefcc66a38569ab87edfc763a65ad657623d5b7d2c986d86f1df3fbf7dff7de0879d99534407e4494939ba3a2433cc333f8b8445cee3845146b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8ef3f393ca3aa015861d1b964e96a913

SHA1
45f3babe2fb14e3bf5d7661c7b36a78ef2c3492d

SHA256
4e0736ff91a28fc09b5cde881c2e4de5695d3ea6e635f95f4ec127a794aa5598

SHA512
18c81b7222b036d23538c8a7faf421d5d93f0ff1c66a4048626cbdb2552051cd30e7c30b2270e417edf63ce336c7dd28c380bfabc0199ae16434ef9a07b321d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
48KB

MD5
26440793d8a21119faf2a2eb91280f5f

SHA1
e7d6b1b045c07f1373ca67ec838c2b59deae4999

SHA256
65ef6675c2ff98d15ccaf1c248981e63893bc6ef8541358115828194854fee91

SHA512
d125b4ad58ca33f04f4a738faf035ad4bbb8856e817345e6c0e421e19692bd56bc55946a6f25acf57072da8a3f762eec41d61506ae3f5535328f60f08a01a810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
298KB

MD5
2ad7d1185444147f05354b08c3ad503e

SHA1
656c5f7d685b99d3e5eeace4340d64bd53ee5eb8

SHA256
acb81d71694c3993c3a83defbb75f532f1f53c69336ac92a8e008609db9be85d

SHA512
f23b3dd831488dd0bf7794df0d92ead080cd346a3a586fc93c67adc297c57510fb57703458c4a6d7b9da0beacd2981d6387a600d3393e5b767d59494bc497231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
217KB

MD5
e0d4248cea52948c7bef653779e78b82

SHA1
313d7947fa5d70bd7bb615bc65bed7144aa2cafa

SHA256
9ca41fb4ed3ceb6cc552f4d8b18980365937bfc95313d87c733ef8350ab8f192

SHA512
00f7fc6785fe15c60ecea79a232a702af3d5b67ef8cdd9d0e0ff4591080435831bf70d7b5eb7dab7d9c931e9cd4723358c8cda84ce1acdf19aca350238bebaba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
1024KB

MD5
d8981b5fbce938d3247f164a791bd0c4

SHA1
ab07112cc50488573cdc1d9a9511682cd78c9615

SHA256
2279010354b3b4b613ab697e70a2bd28aa5bbed099e402f59be9eb94e1becae5

SHA512
0166df3849cf162ede30d60f97e64573672b188a8d7d28465f5ff6e163f6bed3a22baf65e94160dc02d671f16f5b13b8a726f72cfd4ce8f012f2c17096de8a4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
1024KB

MD5
00ec1e7b1c6a4099b843b10d44187e72

SHA1
86e174a0ee824b72d107abf0dad395c3edc27dc2

SHA256
6209e690a43eecf80cc69dcfcc4a651bebc7b5cd45ae79089735abb45b5fdf6c

SHA512
d1766cc9ce196ea3dbdb387b5243b2bbcf2b0dc1da9ce1d100f5dc372610f433e3a90ad70e1f8dd4946c84ef4bf29979993b19ea18bf8fdf8141f2eaa0c21d43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
1024KB

MD5
92b08773597d3baa787dbd677d2176b2

SHA1
12db510979ef24ee0d6837885d1ac9e2e870af74

SHA256
d2080865e10013831c26cda5560f55af793ddc3a4fd748cad5a9df6057826e8d

SHA512
f87f35c1ac7b2390eb6e359c6c55becc502c11702b00c68641e9e0b15b9e4724db3936bdb79402c429f9eaa421c78f876eb7e51c520bb8d5ade195a27e2e2701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009b

Filesize
1024KB

MD5
e1d0107904fca6238304cf6f359af5e6

SHA1
efa27587e6a8cafdfce600517496e21724c53467

SHA256
ee8ff2e6872e1745a6ab078ab5d25c1ebef65402aae7962525c38a53e6a1f64f

SHA512
d4628d79d85c4fea7300c04a4611dcc044fb44cb5e2435420fd29f02a5a1d42501683689b5e2512c91f0d4cfc8ba7b10ab7fc7ec01cea479903b63e8a46152d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009c

Filesize
641KB

MD5
16fb68cb7ccf84ec047cb3381dc67977

SHA1
9bef6f827f79cb3cbb170211f6e903db80046a59

SHA256
c81b3428af10a3534d897d2fbd08ba1c77b15c97d96f76b1b9e994f0ee91df5d

SHA512
3421637c935fa0ed649b5b81f777188340b046fceee1eb88040ad2476591e373aaf4009f6694c017214d32607906d6118fb90809054f59266195a4f3bff983d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a9

Filesize
22KB

MD5
b2e58941488e87bc54ee4fd296fcc71e

SHA1
d40fa4cbb60eebfa4a6033b5f9d66568f5eb94d2

SHA256
7add7368be6f871c8eee7ac971ae99262dce088efa50fcc601babd83d896dbe2

SHA512
8f4abd953f3983cdfc2f483cdc7f74b648c465cd3f5e4fe03d6105ad66182e443ac2c513f7e7a0843b6ab075eada592f6de676751930643c698b4d12b337d49f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000af

Filesize
215KB

MD5
0e9976cf5978c4cad671b37d68b935ef

SHA1
9f38e9786fbab41e6f34c2dcc041462eb11eccbc

SHA256
5e8e21f87c0a104d48abc589812e6f4e48655cabe4356cda9e3c1ceee0acaa4e

SHA512
2faa6fff6b47e20fd307a206827dc7ff4892fce8b55b59b53d3e45b7dcf5fd34cebc4776b63da5aa4d0e0408344bd4602d26d09e7a456dd286e93b768cbfaa51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
eb1455e653f9cad79b47edab9c28b881

SHA1
76d672a7f52e6a8a4ec72f70e557d8848d1e9b79

SHA256
6c2f9f4f44f018f656e6223f4bdf4d0be1997544305951967687e26afe30317e

SHA512
261a1cef3f240672e8adfc108f16435606353f719f9d1f7d8abb0781e0eb92f9850e77f2099e05c79d1944ffc43e4369e6cf4f0d1196df254852e48c6f6c2d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e23c13ca780c939639e56552c6a2a968

SHA1
4175aa40c6ea099d305eb439ef8488c77ea37e70

SHA256
cf5a57c8eec39e455f97b5157d9f2d863b6b157d260090455439c9fd6172c6f2

SHA512
316e0048d9f07f56bc6f07dbe80caafa3c3067430a8ef29a9b894c2c440398e735e39a695055c6db29a834aa9fe256ac96e9df79b6da9ff6205e0a98f786a686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4b967a26c97684aa00656e6bb3b2b822

SHA1
65b03cee30e7c304b567e7298d13b8d5eb7a7c79

SHA256
600b5a86f04ca1bb22e18ada5ed89165bd3141c0a6073a6da89db4ffd6f3d47a

SHA512
9d4b9869db51aedd8739b13a891f49958956eb07b6a94d7cdfd7774c51f6aa0658af42536ec92dff8d2c46078da22fd6c9add34457f7575b699b570456f1fbf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
37265039fe0bebbc81046c1e2f038cb6

SHA1
73d89882159b484d9e5872ce3551ce938d8ea2c9

SHA256
cf816a802b68649e506ea812cfe543cf505acf181dbe64b181087072c9de0c2d

SHA512
b67239464a287dba75e38fef728c77df60857975db6549d4ab3aa83750a7b4d08b2a59620e46ec68a3e9a96777f80eda1520a3b94dc2f940f70874eb794d1239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8286b5516fb70ec0df3accfe1864b3d7

SHA1
479665d3cf2640b13b4d07adc1c3efb53f6b0889

SHA256
b219c068c9200dd2ce101c0cd194220460328f53e94862fd71b73c6b7a70f15d

SHA512
b42b687f56daad06e68d21297ce66709ba4d473e88d0b0653c1b7e6a743356b2f9e4ae109b1b8eaefb6c2756e35e688edc1a884c39e58fae358b8bc91150fbae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
66f907188f905f6ae036cb2bf71b82c6

SHA1
c728f727783d1f617da70fa0801db663b0550eed

SHA256
5a78e1718a797ac222793b914544d899db99c84f2b377d2cd34f3cb8ab1aeb7f

SHA512
df21aa2dca4af7b9b50e8bc997d57825d8258e6f16f69c2837735021a05d8c3ff572c7a0c5920bc6bce72b7cc9ad6830262462f5e2daa7d0785441f8d919ca23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
55aad8cdb8e0a0c51bafb49de8bbf063

SHA1
3e08a75b6e221496d79d1b9d32dbffff44912d25

SHA256
e0d452efcf86222c764546cf6f83b305c7a1d12cabd6fab52b81ef6c6449e849

SHA512
58bb3a61b4fe396e41c7fcf6f82d61a128b2531eded9b87bce2bd8516ce748032ca0a9962a4dbff2f4455b5028eddcbbdb73802f6b6a00f1a1387410eb9d6252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f48bbbc7fa00ce411749b07bc7bf1c61

SHA1
4e03703649f70140cd03d1d3ceb50c6aa1649e3e

SHA256
b5ec7a1c539054ac2b7107e3f1271cda37a6783a813ed239d4261843666bb111

SHA512
df3ffe15b3d8041ad357000a8ded9e9efd0b8de88df5dbef0b896ecf7925a67b33be4a524e70eb06645691bf7a21d2dbfd5da3ca53b6e94da137838aed328021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
030857c87c6f5bf1bb12600107e2b255

SHA1
c637507c43bdd6b619d72db6ab3ce958f517c5a1

SHA256
81d59e588b4b8409d9635b833a79adee045c66fa075d9c5b5eeed808fc4a7df1

SHA512
2c5f9f5a14b63049246aeba951ba347162d5753b5337d2830da1f5ce5bd160acd09f352861472da1083f6ba912c62e91bf0b757c6cd8d79f07462f50b0548fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
9cf93cc324e1e4ac993d667528189066

SHA1
075b4c7fae40751c306135992479c3c4f9e92f95

SHA256
ef847874182b2c31a64f22e39399cc681653d1c3f5b44f26665ad48f8f54de59

SHA512
c7d9afe298d8defb2f6ca8840f7b243ca80bdfa465310a9a4dce41dc52aea3893604604bcab4a4f9a2481127dbf5ca3dea560300c5031a9e30e346bba93eaec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
4e3709a6829ddfad5c9263623646c360

SHA1
4b0bd9f8929db2949048b5733c8a6120202ec6aa

SHA256
ee1ff255f1e26110b6d7916a0df2736e4406c7a05369e9493305fb0b7e43482f

SHA512
b803b054b31c14cfe141827e0b27bec345f57dff5d57f941dc0c065f3c12b6042106fb93257862faf30ed0b362bd79bc7c200dd9eb00b02bd57f30212e5a36a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
65060d395b4abcb54bd13a1a90358cb2

SHA1
be1a9917abda9a664b3c8abd619077095e2882a3

SHA256
b74b001bc92e47c9cc3a042cd5284563872cb9f1dc84c74cb48df9d304134223

SHA512
8e8ca681da08f12df019c753e1b03d967b7a104ea9e19c0a5c9a8a1ff5f83f1306d9f86f06ea1f4864a201dee6f581920701a5c9ce29aa1f556c72eaa0b60886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
7dffd7e830287509c5ce78a48be9ed8a

SHA1
08d1ccebceee336bb7f9c42b777907247e09fdba

SHA256
d3e890a9be6930d4d27886ce1e2f36457916795e83e4aba9af73f0585fbfebdb

SHA512
8e1483f5beed78b4c56544ff7c3a52d34bc8a09e4f0d18e5e4a611702dac3f000d649b132c0d880096d5a6a7895c18a0a67e6a788ccb46a8662326deca4c7937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
636B

MD5
31264cdad1baa8216c39c3a5d74ad35a

SHA1
8ac0ccfe322d99a4154c32693bfd8458ae502e16

SHA256
322e2e2db6290fc3bc6214ee3d6b7dfdda2605ed63c0d2255e75dd64329a0504

SHA512
0404917fd7f2e0385f27bf9da24d0ce6672e52406881c4cb14f2e9c9136f280c120d16a41f0673e4924a7676b4b746fa8c575933fb8110dbd49627b5a84c0344

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2b75ca8cea6945e198edfa88d793af8c

SHA1
52017182c9c13c86411b324553043c6594759594

SHA256
300e442f4008077b3a184b5af16e07eb56cfbc9066cb3fba8b8fe90b0588142f

SHA512
40c2c2fe67c6872b568ab8ccd43a6fee21c5412e3f255cd2faea94fd7a5a98871a9dc48e582dcd795f3736a2ec61bc50b99dd5ba9483b0ea6212158f36d3d994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
112d7624a8694b959d07fee303121b91

SHA1
c98dc271b7c76fc0ab3fe8828e8be259c4808075

SHA256
fbffdac5eb36ab38d12596614b68ace1a135c19be8552e4409e561e4bbc314fd

SHA512
0b481b0ee9a987179b56d7cae9314e321250413f38c496bf31524590feeec8a88511fd94d02bc65198d97283dff08b93862dbe3a8bce4141370f5605c1637324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
702b8f59470d2665dd7150721f803135

SHA1
cd3992e7a23792713fbafdde28eee1ea1a18be2a

SHA256
d0a1ce65c9dd9df8cc96fa84248561db3491d06a8dadb1e55274efbda7504795

SHA512
6a769230e27f27f2c6c0488c6597e0cac683ac4b9a113f6c685b1a015511d02a3acb186d5115cd0a22b5f057c0fa0e17dd8e476c6265e2cb30991df317e874b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
46d81a4b604a0bcaacb9592d0c2b36c4

SHA1
1ed9c335c71c3c186371dcb0dff207fbd5a7f584

SHA256
19c7d36d6bc64a17a87bd9b9b7ae4103c17ec716ff976564ddad8ccc0be635ee

SHA512
92e4c7dec99a1e3592f44bd9bb1c7c6c872e5b8e731ef717db2baf3f40757717d268da0f64b1f3d27be1498e5bd7d303c50495353522029c89d5e8b5e2b3a258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
53f663180838da13151aee78122ae430

SHA1
292777fe8214136c9da72ee00cdc8f01df4f7148

SHA256
230e7233a465db4e412f187518a5a3912c6a2655785d28eb565313b513f79574

SHA512
401e8071e8b57cff983ceda6395f69438bbb1c455aa37a7b11283e915f489381bf8103b326c7711df165f6be69415b9b655a4398bf7eaf40d4ece074404e1e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d5269f01e5d71605a82adae7153123ab

SHA1
67d8acf2b13d7225d065d09aaf96fcaef9316ece

SHA256
58a52d7167c50a4c1cb4f638f25861ef7939ee513031417b7431c6252ecdd189

SHA512
df87111fb886eb45d91db35f73ccd19f1fbfcb65cafc1c693c13772274be04f83567e7ffb66447aa9ae7845ffddf1864213e3e59a2c4d03ff34618e8940bbe29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d41c948b193fb853f2512f3a59e31052

SHA1
8fe14afc966525156211dc46198b400a3fcbdbdb

SHA256
dc4d3ca08cec893e092d610b10191c24ccd3f4719b1a5d7545ade2872ec8fc79

SHA512
036172bcac13f15375044f766ffe41781e3aaea18669edad2f444eb2e8dcd0e5d4fd88065b4457077a6335e6aebf40947f528da1e89a0d18ccd7d86ff5153804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
94ace6bf9503ddeafa4dca496ea75f89

SHA1
f8a64a7de0e41996bd5710db24c2767d88f6ecad

SHA256
40ee93940ca0f2b6a295eab62f0acbfcbca3fbaba9ea898127ef5cffe3f93d7c

SHA512
24b2d87a1f06879eeb6beaf6743a243c47ce9fd55739be14235122580c2c54f424a0bdc29bf8d397b8a588a326546671c1203a22daa055fae655b45aaa7cba84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
420efdcd42296129963fd3fe5b6fc27f

SHA1
c68fb308980849a78735e96b2aad73a8a6c87762

SHA256
5c492d87a6a36369977c317842dc7c6901d4ecf33cbfc7549306c2f6e1ae9b80

SHA512
230526c413a8a65e68fd81499b524363962da502f24a820e75aa0eb7bc61df8b2bc7134aa285dee902a5bfeec3c55383d7ea561a12778cc387acf904cd79f65b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d4b037ebf7b31ccb42d2f12c45d4a26

SHA1
6af65c4a29d4610f6c301f747fd492c7ec4c75dd

SHA256
5d92a9b435495a18e365daeab835ff98b5290474ad6d2032bdf9ab0e734da731

SHA512
8c802a6536892d9a3fb3e3c39c95dd8435a6c9dce3f1b03fb769e1cd40ca5264bbb14b9419ec73198aefeb114b5e63485dfbbabdbe08d35907fa907b6cf839b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
beb12bcd04fe81179d5d19672aeb4c21

SHA1
5f2997beb257d7c636af85c06ea92d85af0a42c5

SHA256
adc789d6883965f75601164abf2776f7137bd789447fbf6f9ef32dcf217c1875

SHA512
005fba46be4992d92ebdbec7e3004096cbdbbb218d373c3f8e150c916ed64fc06111ec3caf8bd0a194e1ab68dc17d13af595c485423a11e708f9a31036292eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
11302d60e18e93320be4479aa1af3b64

SHA1
d48a5a142fe586decc99c998bd7aba8e978ba73a

SHA256
206db8361a8f8a4cf89fb364e954d5f9e9c81b2a1e25ba5f505cd21bc98839d3

SHA512
309602801b5c4a47b463c754d3b9e56f34a1256f1b001823a530a0e75fde1b7e0048faa9fd18fd60a6de95df0adfe50cac4d5e4d7fe5be57f1fba320625dec59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7864af51b1f6a3373cc93a6d6f2ba582

SHA1
65a2b190c8f724acdce894c999b6585a6b1abb24

SHA256
0c3c359023c142e64aab422e3f0b60b88a0b76a96966ec0c53fb75203d23771d

SHA512
eab8dcfe3cd3cfd76c4550a3566f7eea22ac279bf0c60e54b8fbae94b3ffe640c816b12d3c38d5a408178350a28b5079eed69517eace6c844d8c39f9ed3cb583

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
78d4b47686865f8fb49838bc6dfcf665

SHA1
a4ade8e079720bddce0deb38a56eb5c48f056bfe

SHA256
6df74855eada5d04c058771719e1e25918fc8663e2ffc7303799374b42b25569

SHA512
c01fa3e0ff26e7a3462b64a65b928fd2e2f93d411f2e41bc3d2f5451f248aab3d17271966137cf343fac25625d1d6582b0fabcecc3ae12d537373244b9589029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
192B

MD5
ba383062bda159e08bc32f1580cd3f7f

SHA1
5bb7431257ebdf1917b52aae79faceda2f037e8c

SHA256
7673dd4e54267a223e6e5c7e485d29bf351905cc53fdb96980dffbcf2fb2c502

SHA512
10196c8c52b1322cdbcbcf7f5aa9920b3d3fd732653d616caf711f3fb7ed800f81d74fe351d27622c510f2cd587f2facdcb395798eb486ad61835965c9123193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ea834.TMP

Filesize
48B

MD5
f437a5f51efbd72ecd0b304b451f9d5b

SHA1
842bfdb1460c9369f49e8fa58f83baf4cde39e00

SHA256
4d21d9f1a2ccabddd24548f152b9ca909fc04900b19b95a910820134b62dc465

SHA512
fbc2abbc545e0e765a02cb21ec1e994acf8ce1d040d70335e6810370a858c26c29f42cb89e8b8293a84bcb78525834d98f8ba107fbdd2ec39ae74b2d623221aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7c4e1903ab7ca4ac76ac8a9fc5b3ea9e

SHA1
df9f2241f908bc8b25be86fd00ab975c2f090668

SHA256
de19aa44f8aeab467a16475dbc80461e9bae0600ee6667dc249788d9d0fe728f

SHA512
232e169d6a66e80f0db78273b960c76fce1afbd4ff4b78fdd0840afd10d1eacdc44612d3f2958da0f1ef3467dec0cbfdcfb51e066483ba91d96c82889e36a1e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
24a55fa762f67fa1ef607da97392ab2c

SHA1
013d54133fbc8c0c9bea65ab4d9fc3ad71e55c50

SHA256
7e553ed90ed37c8f435d706b05f332b93887b620dbb4b7cacc65f018a9cdeee6

SHA512
b2c442a4359a0e2d67eee5dbb0893009960f8f30944a0cd2a36a5d0ebc467df9ffb2b4cddf9e50b46096570a39e2862a6b8bea389ca6174a64362e75c437951a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fbc1796ab319b6e7eac0326536f83761

SHA1
368166034e057b25631df52cd9dc8167ee5b84e3

SHA256
f348870838f7d04813d50e10061baa6afefb404ecd56ce550f1c9f236479899b

SHA512
1e697a2c30435bb1eec71a6b8c56ff326631b088a745fcf6e85e4e4f569d8cccfd8b6155ed9948af26be800695d5521483d21889cf2146137c8d9e38ed6638c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aac439d3619a4781def72be8c02d4ea1

SHA1
0b061f274fe49dfe56547fa506afdd5b828c2804

SHA256
44277f2b48b324d21afc8a8aca589aeb2d2321cb9f4f680c81ad3bab21be2fa3

SHA512
e5bd302b8a4d4ec26715471f0921463d3e2fa27355acfffe8d19fc7964c0defc56e6b7bf3b5bddf809e901b63269f34271b665376e707175ad8e82ad43a50cbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2e13f46ef5bf2059187b1f6d798fae8e

SHA1
e92d2be4e5cf775d43122e04d47e3082e5baeae4

SHA256
a37c7ea0f93589d5be8810370e159aca106e2729001f8afa4bf494ae2a6ac23d

SHA512
befba964833b89b1640b74187da5532aa10e4954e1acac5ef0226168370939cdf90eb381b2f10d23bc76ef0580acfd026098fab6ac93b50a0379870b44539a2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aabfb5c9fcf4a3171ebdbc7337a2c43f

SHA1
3406e31fdd1797db808e6fd6f2e56483befaa4c8

SHA256
a8ae115a86e2c5e18a0a31e451de92cda5d394051e74b888b5db85dc2634ed2b

SHA512
f2c67ea13eb001a566142978f33ba613e133093fb95fc1d37c16618b5e712786ccff520c2aca059caf8fb511cb8b3099047d03ef955380dc12c7ea566649dfd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
80db410e98c415d301ed737d59bbc0ea

SHA1
bb6d1543a4ed70368d3515f10899da494020cd26

SHA256
0317fad418241de0f166ae7cdebfb6a726d56136b73b2f0f0d00f0ddaf76ef73

SHA512
7feeee85cc4f71f6d270f28038b60b2991507e7c48609be238e861f5968cb277cfdbe96171cf37edb50bb4dfa5413a65ed666acd0e82568195704a7e08b45a61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bbcb660a32256fb1936cb6f572bcfafd

SHA1
90a03a80f85411320060d9b9231b63c97796ea92

SHA256
6b2c811d2ff6509cafd5bab7461b6c2a1385d2c0937809debb56b9e204385b5a

SHA512
f2664e303dc7f7df4e584740e8e87975ceac7d3d25616bb1a49f4f3f6d24b5727e4cc4ee69f1bb469146f9d779a574be999ca3e2c1e8eebbba90cd8774ca4bd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
91406b428eb7256164bc6314f9bad495

SHA1
91bfc0278d0bdb27f2b90ed10676f6611e442f27

SHA256
b87e7c71f35d9d11195d9f6cce40f7d0f6a45018951c458e93c5e38f1fe74e19

SHA512
6be5ee8a28cd607f5ab235dfef5d38b1da5a040dae51685b1d53041d37cc40dae9e6d6f5f9d867c1f3af704d375f56eb08c7cb3c29701ff7274f5f970550d6e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d26d2d3547f3032a39d892bf54e9cd29

SHA1
ce823815a9fa6709b3f9e8f11d5a17985c905ada

SHA256
d8aa42d588374feec16c36bb990235dc33e9f8ee2e46cf0d28d941e8682dbdb0

SHA512
b768264b1b6717270b0e07996f0df22bb16117d200f5103a71028e2f0696c6c0751ebdeccb1ed5d96cbcf06df05b99c6bfcd218989c892cbca9f6372eb3ccefc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3886155878737e1f4c20109bfa2ccf4a

SHA1
1474a5517b02b420df8f5e15f1f8a251f15e71ae

SHA256
ba9e2bef0140eaa093d69be05e4c7f741dd0f827c8f5aa19819f6dc6a152644e

SHA512
e7cfecc4c65c1d5cedea478a3a615436ea08c85d79c078f99f4eabaa4d247171f2e5a68dc3fc078551d4a5934e93f52612da41bdcdd1348f88d9265cd994ab68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f09bcb6df9ca2a7551045124c24ab671

SHA1
229857b57e7197a73c97d954282c0807771672f7

SHA256
5a4ea544ad80d4b72e2af6d4fbb2f6c0b5a6a607c7d9e1ea1283cb8693043b41

SHA512
21e47e5c7695ffc8e0d4ff00752bfdd8f60b7438fcddabfee06fd8db8e5b490eeb825d7276e5e269ce9dfcd6bd00b1f32f17f478419d32403dc48b3555a4768e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
20d842232d8e5100a7ffcc95aad71b5c

SHA1
f4619f80199284c258a6c96701e82c13b11e3b91

SHA256
4ee0bfa51267e1071f69d9851d67997319f1f7bc8c5af1932d9889b7e1afa4e1

SHA512
a25f46ffca403ca3c818f950a0f08b3b580688a661897aec2acfad73e9e1453fda8bdd7b5054c88db05bbf3bf102a781ca8b3dc508148f458d8aa75269d2a6a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
01b583b144b12337f5e49781cf5a6875

SHA1
22d72f434f4f63188d682949a50eaedbacd208fb

SHA256
3092f7916b35e7db78c612e35a1c81f6f2ca4b9ed504d4a65e0cbd046a720a30

SHA512
57d245095007fe094d765714d9bf59e70c6ab145caef35b7c46cfb93dea12bc979a8b94839f3f757ddb8a8105143f5b55de29b92b289d50f86ac968cc3520067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0a604dc7bb21944ccb5ee095be792c55

SHA1
74455fedcbac6fd482c39ab6d9ee874225d8be4b

SHA256
75e610741a34967c8e3e553e542d34e783f6206b54ff12c800dea6d365a803a9

SHA512
6464acd88ec4b4f9a67d9634252d8e32c92942f04a5945fdf6f03733745178ebca4edc8d4cdaace04a1896cf134698b62ebb3bac9c03821f39d2bd30ad9920d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ffc190a24d86d9a5e1b63c4d420f315c

SHA1
d012a98dcbbd189b8ebd61d2bbaae631f028f80b

SHA256
ee4751bedad6547ffdae28e581ce85c5df711eff119bc988203973b67eecd0ed

SHA512
8cb27973bae272053777201c7d2cb00dee136ae1a4caabcd8d42577fc04908ce44578b82c50b401ced5d8ddbbe90c16f1d9d8a993c8bdc0dab4cf2bb33d58797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c085dac8e00726b3a0d1f26a72bbf5a2

SHA1
af49928f2949e8ee0dd69cafb39853a6c6b3260b

SHA256
a2501d0509ac61055f7ca15a4f5d40dd93437bc6de7982fed27716a87660c2ed

SHA512
53867d0e8e8dc2007f37362c538094666de7b5d24aa507bf410ac0577fb4f03b32c5191bef6ecc0fe3614846a66d644a50527917a34dae570d5cc016e08ecbb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
93f487c3cdf96fe36da792e3e2bcd264

SHA1
481c95ab96531c34279f5b44e1614659b361bdf6

SHA256
153b97b3f6cc281811c55ab529f775b85e93b90ce25021867ddeb389b7d8717c

SHA512
e96a3c6ab55d7196289905af5942600c3aed17e820cab693bc44a58a0468ec1906631d6469fc040efd7ca2c04f48dd927a3959d68716ce1abb8b4491afac1a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
690d2c643753555026ed9deea11cf0ff

SHA1
2cb9acba3aaa7eaef75f1e46d6eee7211640d172

SHA256
a5fe860febe3c9fcfada7e0aacb77570fdddad0c8c1edb9bb8da4d9a0016197c

SHA512
054ab79827ab48ebd956fcd86ffcac2b94c770d8c094854b04d4e2b8d2e8d664a1847a40b5fc07759bb5e9aadf8d726938774f67fe9d2a42f7800960b55c889c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d5062a4c3adb0c88aeb09fdf4b47a7d4

SHA1
523507d204ee051c7800212c9a12aeabab0496ed

SHA256
07ee78a6d2d8945a82c3e78bc73a474d643e4b4fc606739f7e4e299e94696f41

SHA512
66db5b1802707cd3edd4bb194d1a1b6696d9acd079ed8ee194fda19e08fea91807730eea6d879eb3d00797016d8e1ad6cf2d958e84ba965b248ff25a5b589f3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c4f6a82d6cfbaad68b853ef76ab42d7c

SHA1
0de471e457829f48388f4fbe2ed869f470f882a2

SHA256
5276fbb0320d32495ef2e0097e81ae38e1944a60b3546f8c004c60bc2cdd5ebf

SHA512
226c5a1028bd4f2430d849366ed4989ab346c36128458f1960545ed1e918bbc9b2ada37444a4356721604bb1ef377d427b242f147c4ee0d782e32f3794e6ace2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
abbcf0f978c8c28766719a03f15d3389

SHA1
abd96df383d87563ddc508d97bf17b04036a57a2

SHA256
760c9b8371fde96a7691128349cb6f94bd83f7b823848dd7dea33664a7e382b5

SHA512
b8a472fd7737c6dbee1cd50aae81aaf73c68a8a96a84ae24d1015f1e614d9bfce7ca0d9188ce6f8edcc574edbeca7833d35fd480ffad38061ae7c653e464af94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d5448bd764749b68ddeca0b40553853b

SHA1
2838b20d8b5ba83efd270da2b0177df05ac08f3b

SHA256
18897445eb9f45825203cac404333f29953b93b131e671ce88acd6191c084862

SHA512
98a5936d68cbabfdf42a58fae30212f81bce70da699248843b5bc474498cad65b7eb8c723dcea1eb9a4d32a646682de4806e8bb180d919ac1b89b97d4b06749d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d227c5dced974c3b26d7cf87f5f2dd7c

SHA1
46a3c82ab1f0909fcf5935ea6569e86b014844ae

SHA256
881832886633213ba2fcb77fcca7dff983a60c871dfb21a52272b6c0edbd71f9

SHA512
4d75719ec40329899a3cfa0a3a8ea4bcf43d70d4b30ef31d8ca67e410864ea6a1fa90affb8af68a2dd096dfcd18d647c66c8b9a83e08318c35ea25242c0d4256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
155d192df29def211242c1b95cb054a6

SHA1
d728f926f7d1f39be6bc36ac8ae4aba053bba4e7

SHA256
6ad5323d3292e47aa08ff1f239ed427f72352d99860f7b3d45afc0603039986b

SHA512
ce3db913078fb819ba8e26f5f75799431553eed041b2d3ab95c87a6ba6e1cc9a0f15754c70817ea524da3950134d04e9a1877ed9966254486ad6a5c4fbda410c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d350b95842e8bc1165b766c55225d71b

SHA1
cb9ee372f1efc276e9c496ed0d49b001e771b80d

SHA256
460a59999e2d4bac859f10fdd29e730951a23f8472056918c159449803cea11d

SHA512
5c029060ce2b73e15ede80bd7976208b5933fbf2a2ec23d11ccea3ec9f741d649303b0ea880f6ea35f74b171d8224da6e9dccccb2a3094273334fd4bf466cd33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
090bbed9654862ecc75e85e2ac0ec70a

SHA1
403799af439d104cdc28689415d7c914622b78c7

SHA256
ca7f64fe6e88c9e2e08fa8db625bacaf2a5eb0f4b48c42c628b0adddcef680a2

SHA512
0cb3f9197b7089c5a4251421fc72191a3b10147931b91f1f6962fc92ecc55b57fb244166a8833dabc1ea7527e097901c282f14673ed46ebb68ebd93bc4c6396e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
27a829e20a02da77bbbce52c28b69f33

SHA1
144de4c5704e58e89b21d1900772476ec4eb7974

SHA256
42941ecc266fff616f4de960d63ca654bd5ca876a46220b25b1968917b6c0773

SHA512
c6d7476b86680bb240c55d57943587a05148bba5f430966c0482ce87d71b2d76109e5d9bba5344839820723b2675480a8e382cfd04b2c59f5030781fa7b7477a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
73530333da8fb9ae79d208a82126a1c3

SHA1
4b076a8c4c272413786100b6ad021af3f3350b3b

SHA256
491e3a0407113629152bb2ceb1d39e9db5434a02ea4ceddc9231599a627d6f5e

SHA512
16aa6f2aebf3b1d184400fb2b007e34d0acd7e97a17b5570126432d6bf95c0bb08d4c877163edcb1d16063b3b8fdabb06f3985a97b5ff79b4ebf6990bc44af69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b87c51b32fb2263e95b432c4bd9ff9c6

SHA1
a20c54ffd67c21b179194a89753aabbbc55463a4

SHA256
69ca8fc264ab2fe92993889dbb2ea86f09b4a9e91eca64c340e1c570999adea5

SHA512
6fdd8fe8e9ae3069f7ca6c0a3bd7e029cc0b2ddd6babf0731797b4a3e53666f0f37dc11c42651c7157cd54a25e90f5c6afeac965e2ed44224203aac462a893ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
d1f55a668d1679e6d222626e5c7ee5fe

SHA1
b725a7e2798803d0d7688318bc5b411adb181250

SHA256
0720075ad78edfdc3565e36819a309f18d77af9ae83a30ff0932502a65bb2946

SHA512
04e8ae5333a2f9e4821502ff1b03e1d6a0b33cc57ab70ea2cc62fc8c230062cc7694441e412b18775dcb0b1487b127559d0a8dccad16654256242dc1eeb517ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
97a6a4f598da1d52d766e38a22c26317

SHA1
88658ba132c2a410e0442f30ceca4860cacadfbf

SHA256
c52ed99e08f66287563d2309bb620764cb7e5eb024142529ff8461be69d661cd

SHA512
d2953a8c4f6b1e8fbb9d6e41d64bc5dc1456c75a82e3173083b6343d3e963477be9786ca7856afd68cf596759ec0db35213a60ebd42c618f1944c28778a88fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6ed3fa166c87600fe762f6699d08f62d

SHA1
beee908ae6870d8ec9d55085d21b2da0fa0e6c18

SHA256
10869d83de50dad2724f470c5b3a5e90f1e6a7181a25c77d7bda8972d00b4be6

SHA512
a85d58bea873643086f87f05130868c3643a29ddbeb03fe6a0347f336dd3d3c24db9608588757569f397618e1b99c9566026d7c0d850e04eb3e34a369725974d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
37d5ec7b934df8a35d958200d4132d81

SHA1
06dd7f660ec1806ab7993a4ec96d5aafca2fc1d9

SHA256
a282248bb0b51feae68bf7d6aca0b76c1e81a820f1add4d70f818b177e64c0cc

SHA512
b1c95fcc4fc38668bf2d5994f5fb32f931c79e73c877a284ba400f72d9fb9a21b072a446d114b7556119c5a40f01fe64ac81fbbd0678b1d1ad27b192ad93cf37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fb579b9491465e990a2e17793ae0e45e

SHA1
55da1ac412282a5bc6ac0f6f4fff87ad3bada812

SHA256
0c2bc0613c36bce62c58d42884a618b4abac7a7f9d73f389afb11dcf1eb7ed69

SHA512
c0cbb9923b45889466fae01e54be18f5719ebc637107175e93bcaa07aefbc668a4171e50d762cb48a3082e26a0fc8b4ad5cba045ea0d1ee575daaffe93e1f8d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
74b74b552ad4d975014f2e1e829ec9d2

SHA1
8c6e2b910fc59bc0513459533c1814f395bf3f9e

SHA256
044347cfe288d8d8841a6486891b46222ced9be89b03a3939cbf124ab60daccc

SHA512
39db41bc8749d760ef7bff8a5098501f3d77a07db91e972efcead098635136881c9fa9f076428ecddee4c1e6b7ceeaa464afe06779235a0dc0f3242073139775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d2570db799e7802870a1c4cbc9b10708

SHA1
fce9b70f1b60b7f8bcbfd231b8e854ebf7c7e0b2

SHA256
183bcafba4cf201a6b9dbc86c821d6562a8058c45040ddac5f3138b79806669c

SHA512
7507d1fdc125541174fd3908a5801534f2e523c8d26580d85878b40743bb58c85e3bfadd8d542f919a2e7b7b90beb0a79310e62dc8eaa2fc2a319954464479b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58588b.TMP

Filesize
538B

MD5
637cb447c60864357762a0977c58edb1

SHA1
807588612f163083d56e45ad95c096145a7d535a

SHA256
85a88c4cc22d18058a9c035bf099162bc26c4b072d5ec48d4ac74c0299f1e4f3

SHA512
a36f0876f1cc791984f9fa4b91cc5f5ee6584fb1df0ea8df88471a8b24bf51a608e6b7e881aef06e87a615ad10d1e8b925d7fba772839f9fa3268f5f869b68b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a7d00d2849128812a082ae3b3a306c82

SHA1
5292ce72aff946f0da427173645bc27c1b194ba0

SHA256
64c59a4af3c32b0872f4a496221bbccfc84052d121ef7b6657f1ac8341b7dff2

SHA512
3098a0c44cf0d68ce9db9cfee87e823c375b8ab838f360c22177a9954737ed74ddba135f1c23ed6ec2476f0a1b25b287bb6d2df969302e0f3d23c14777fc771e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Windows\SystemTemp\msedge_installer.log

Filesize
73KB

MD5
a4ff111ea2f3b65da48e2350425d9322

SHA1
76aef6ac8f5bbe0b4ac384b3e8c4e6bcc74fdb79

SHA256
e165a27bdd983d530217ead1104f8a92eb26fca9bacb89d4ce8a4872d7186c12

SHA512
e23efc563dd08a9197a87c1f67fe81e9bbe5cbd2b61a8c1ce396b2d8cf2b1633d1b37831fdc4cb06c421dc7ef1962879803dad81399646f81340d8ed802b3d3d

Download Submit
C:\Windows\SystemTemp\msedge_installer.log

Filesize
104KB

MD5
982f6393b9c10706568c5b043aa5f123

SHA1
fda98e18b783b786b6d5ba0731fd821a8369bf10

SHA256
1e0f54714d6501d34f377e2538cc7ffafacb8429fdd10a4e628cdd052a1062ca

SHA512
9b8cc317fc87d1e89239afb31a41087d4e6eb7fdb0d8541a5e8c1fb441bf97c19a9aeb15d4c4913a3480740c41e69c457a6d855b434ebaa3a9399aa32c542ab7

Download Submit
C:\Windows\SystemTemp\msedge_installer.log

Filesize
104KB

MD5
865fdddb793d6cc735072cc6ff4d666c

SHA1
060cb59892c04c8424cbd6b0dc6cc8ac2a065c01

SHA256
a120817aaabeab79052e49dc79b84769d3659943a16e2ac2c1b9e0ea7152ff20

SHA512
e8f1fb12c9dfc76a728b788716c2b994062503e57be1511c40589df586dc510ddc1ab9307bf37a18633bc2262175ef05a83107c9a1d1c1b8323ff86cbe2485a1

Download Submit
C:\Windows\SystemTemp\msedge_installer.log

Filesize
106KB

MD5
3cbf623c7edc17dd5cd2fbbbbbcecdc1

SHA1
8b57d68775a1c4395a5792eb1454c585619387e2

SHA256
66c1341bba57ee77a7a64f6bb527720444ec03a5c9bed1b215cf433d3d7fcb54

SHA512
28dc96c38c7b5e7601dd25e197d033d51ada9dfcb3270c35a8a32f18e5d85e8eea18d8be8ad7fa8d51d21fcd02f8c8f0168eb9d32888618a73d56b59eb6dc4be

Download Submit