Malware Analysis Report

2025-03-15 08:29

Sample ID 250214-ym9gxaxret
Target builder.exe
SHA256 e8e2deb0a83aebb1e2cc14846bc71715343372103f279d2d1622e383fb26d6ef
Tags
lockbit blackmatter adware defense_evasion discovery persistence privilege_escalation stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e8e2deb0a83aebb1e2cc14846bc71715343372103f279d2d1622e383fb26d6ef

Threat Level: Known bad

The file builder.exe was found to be: Known bad.

Malicious Activity Summary

lockbit blackmatter adware defense_evasion discovery persistence privilege_escalation stealer

Lockbit family

Blackmatter family

Rule to detect Lockbit 3.0 ransomware Windows payload

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Executes dropped EXE

Event Triggered Execution: Component Object Model Hijacking

Checks installed software on the system

Installs/modifies Browser Helper Object

Drops file in System32 directory

Drops file in Program Files directory

Subvert Trust Controls: Mark-of-the-Web Bypass

System Network Configuration Discovery: Internet Connection Discovery

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Modifies registry class

Suspicious behavior: EnumeratesProcesses

System policy modification

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Suspicious behavior: GetForegroundWindowSpam

Checks processor information in registry

NTFS ADS

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-02-14 19:55

Signatures

Blackmatter family

blackmatter

Lockbit family

lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-14 19:55

Reported

2025-02-14 20:04

Platform

win10v2004-20250211-en

Max time kernel

568s

Max time network

572s

Command Line

"C:\Users\Admin\AppData\Local\Temp\builder.exe"

Signatures

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\tr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Trust Protection Lists\Mu\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\vk_swiftshader_icd.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\gd.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\ext.txt C:\Users\Admin\Downloads\7z2409.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\ro.txt C:\Users\Admin\Downloads\7z2409.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\tr.txt C:\Users\Admin\Downloads\7z2409.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\v8_context_snapshot.bin C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\vccorlib140.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\edge_game_assist\EdgeGameAssist.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\pt-PT.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\oneds.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Trust Protection Lists\Sigma\Analytics C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\da.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sq.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\bn-IN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\zh-TW.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gl.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\BHO\ie_to_edge_bho.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Trust Protection Lists\Sigma\Cryptomining C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Extensions\external_extensions.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\kaa.txt C:\Users\Admin\Downloads\7z2409.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\zh-cn.txt C:\Users\Admin\Downloads\7z2409.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\be.txt C:\Users\Admin\Downloads\7z2409.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\prefs_enclave_x64.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\hu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\TransparentAdvertisers C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\sq.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\PdfPreview\PdfPreviewHandler.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\identity_proxy\stable.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\cy.txt C:\Users\Admin\Downloads\7z2409.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\ja.txt C:\Users\Admin\Downloads\7z2409.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\msedge.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\sr-Latn-RS.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\co.txt C:\Users\Admin\Downloads\7z2409.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\ms.txt C:\Users\Admin\Downloads\7z2409.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ta.txt C:\Users\Admin\Downloads\7z2409.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Temp\source1128_2040635557\MSEDGE.7z C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\sr-Latn-RS.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\msedge.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\sk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\bg.txt C:\Users\Admin\Downloads\7z2409.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.sfx C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\VisualElements\SmallLogoBeta.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\eu.txt C:\Users\Admin\Downloads\7z2409.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\gl.txt C:\Users\Admin\Downloads\7z2409.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\VisualElements\LogoDev.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\km.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\kk.txt C:\Users\Admin\Downloads\7z2409.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\vi.txt C:\Users\Admin\Downloads\7z2409.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Users\Admin\Downloads\7z2409-x64.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\VisualElements\SmallLogoDev.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\bs.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\ms.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\pwahelper.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Sigma\Analytics C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\nb.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\oneauth.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Sigma\Other C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\VisualElements\LogoBeta.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\ga.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File created C:\Users\Admin\Downloads\7z2409.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\7z2409.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\7z2409-x64.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508704002-2325818048-3575902788-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508704002-2325818048-3575902788-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\ApplicationIcon = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\msedge.exe,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.pdf\OpenWithProgids C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508704002-2325818048-3575902788-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Explorer\DOMStorage\office.com C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2409.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\CLASSES\MIME\Database C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell\runas C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.html\OpenWithProgids C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2409.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\notification_click_helper.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/html C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2409.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell\open\command C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.xht C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds\MSEdgeHTM C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508704002-2325818048-3575902788-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\system32\wwahost.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\shell\open C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\Application C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.xhtml C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508704002-2325818048-3575902788-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\Content C:\Windows\system32\wwahost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2508704002-2325818048-3575902788-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\wwahost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2409-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\AppID = "{6d2b5079-2f0b-48dd-ab7f-97cec514d30b}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\shell\open\command C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ProgID\ = "ie_to_edge_bho.IEToEdgeBHO.1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\ = "URL:microsoft-edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AppID\{1FCBE96C-1697-43AF-9140-2897C7C69767} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\CLASSES\MIME\Database\Content Type\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/svg+xml\Extension = ".svg" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\DefaultIcon C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\ApplicationName = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ = "Interface {C9C2B807-7731-4F34-81B7-44FF7779522B}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508704002-2325818048-3575902788-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "51200" C:\Windows\system32\wwahost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\ = "Microsoft Edge MHT Document" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/pdf\Extension = ".pdf" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\Application C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.htm\OpenWithProgids C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508704002-2325818048-3575902788-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Explorer\EdpDomStorage\office.com C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{1FCBE96C-1697-43AF-9140-2897C7C69767} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib\ = "{C9C2B807-7731-4F34-81B7-44FF7779522B}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationCompany = "Microsoft Corporation" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2409.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\Lockbit 3 Builder.7z:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\7z2409.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2409.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2409.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2409.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2409.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2409.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2409-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2409-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2409-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2409-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2409-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wwahost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\wwahost.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\7z2409.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\7z2409-x64.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\wwahost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1488 wrote to memory of 3720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1488 wrote to memory of 3720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1488 wrote to memory of 3720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1488 wrote to memory of 3720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1488 wrote to memory of 3720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1488 wrote to memory of 3720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1488 wrote to memory of 3720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1488 wrote to memory of 3720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1488 wrote to memory of 3720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1488 wrote to memory of 3720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1488 wrote to memory of 3720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 2764 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 2764 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 2764 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 2764 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 2764 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 2764 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 2764 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3720 wrote to memory of 2764 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

System policy modification

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\builder.exe

"C:\Users\Admin\AppData\Local\Temp\builder.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 27345 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a7a4995-63bc-4011-a160-5f1a48bcfdd5} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 27223 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {719dc5d2-e202-40c4-9256-c979da4d0cc7} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3036 -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 3080 -prefsLen 22636 -prefMapSize 244628 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b65ede3-6a40-452f-b34b-8d12befb3203} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4092 -childID 2 -isForBrowser -prefsHandle 2584 -prefMapHandle 2632 -prefsLen 32597 -prefMapSize 244628 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fffbbb7-a902-4408-8d62-f80ddb8482ad} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4728 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4716 -prefMapHandle 4712 -prefsLen 32597 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d771938-57ba-4393-a60c-3d2508b2a668} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5296 -childID 3 -isForBrowser -prefsHandle 5324 -prefMapHandle 5320 -prefsLen 26928 -prefMapSize 244628 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d714054e-e29f-4a04-9ade-b120a9ce11d4} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 5164 -prefMapHandle 5200 -prefsLen 26928 -prefMapSize 244628 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3218fc81-0931-4fd5-86ec-9012f7083246} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5664 -childID 5 -isForBrowser -prefsHandle 5164 -prefMapHandle 5672 -prefsLen 26928 -prefMapSize 244628 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9625a385-b1ca-48e0-8ef4-36f76ed617c7} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6092 -childID 6 -isForBrowser -prefsHandle 2956 -prefMapHandle 3088 -prefsLen 27114 -prefMapSize 244628 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be6d867e-8e3e-4423-b07c-8ec7ced705df} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4344 -childID 7 -isForBrowser -prefsHandle 5244 -prefMapHandle 6100 -prefsLen 27114 -prefMapSize 244628 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47e1cad0-dd2c-432f-a7b8-bfff105863c7} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" tab

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjE0NUMwNzEtNEFDQi00QkJCLThFODAtQkUxN0ZFMjg1MzQ2fSIgdXNlcmlkPSJ7RURDMUFBNzctNUVENS00QjU2LTlGMEEtMjRDNzdGQjcwNjQxfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QTMyMUI0QzYtQjI5Ni00ODRGLTk5QjktMTZBRTQzQzE3OUIyfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIzIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODMyMzYiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1NDI1MTE0ODAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NDA2Njc4MzkzIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1740 -childID 8 -isForBrowser -prefsHandle 5980 -prefMapHandle 3756 -prefsLen 27941 -prefMapSize 244628 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed271f73-086e-479a-91e0-068b7a52fb20} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5324 -childID 9 -isForBrowser -prefsHandle 5652 -prefMapHandle 5648 -prefsLen 27941 -prefMapSize 244628 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab97af52-8990-461f-80b8-b20f32db3186} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" tab

C:\Users\Admin\Downloads\7z2409.exe

"C:\Users\Admin\Downloads\7z2409.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\Downloads\7z2409-x64.exe

"C:\Users\Admin\Downloads\7z2409-x64.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\MicrosoftEdge_X64_133.0.3065.59.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff735406a68,0x7ff735406a74,0x7ff735406a80

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff735406a68,0x7ff735406a74,0x7ff735406a80

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff6466b6a68,0x7ff6466b6a74,0x7ff6466b6a80

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff6466b6a68,0x7ff6466b6a74,0x7ff6466b6a80

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff6466b6a68,0x7ff6466b6a74,0x7ff6466b6a80

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness

C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe

"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub prelaunch

C:\Windows\system32\wwahost.exe

"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
GB 2.18.66.98:443 www.bing.com tcp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:57622 tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 151.101.131.19:443 www-mozilla.fastly-edge.com tcp
US 151.101.131.19:443 www-mozilla.fastly-edge.com tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:57630 tcp
US 151.101.131.19:443 www-mozilla.fastly-edge.com tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.107.152.202:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.200.10:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
GB 142.250.187.209:443 csp.withgoogle.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
GB 142.250.178.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
GB 142.250.187.209:443 csp.withgoogle.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
GB 142.250.200.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 142.250.178.14:443 play.google.com udp
US 8.8.8.8:53 vx-underground.org udp
US 104.18.7.192:443 vx-underground.org tcp
US 104.18.7.192:443 vx-underground.org tcp
US 8.8.8.8:53 vx-underground.org udp
US 8.8.8.8:53 vx-underground.org udp
US 104.18.7.192:443 vx-underground.org tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 consent.google.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.190.72.216:443 location.services.mozilla.com udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
NL 2.18.121.72:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 142.250.187.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-aigl6ns6.gvt1.com udp
US 8.8.8.8:53 r2.sn-aigl6ns6.gvt1.com udp
GB 74.125.105.7:443 r2.sn-aigl6ns6.gvt1.com tcp
US 8.8.8.8:53 r2.sn-aigl6ns6.gvt1.com udp
GB 74.125.105.7:443 r2.sn-aigl6ns6.gvt1.com udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
NL 4.175.87.113:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 104.77.160.86:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 mini-01-s3.vx-underground.org udp
US 104.18.7.192:443 mini-01-s3.vx-underground.org tcp
US 8.8.8.8:53 mini-01-s3.vx-underground.org udp
US 8.8.8.8:53 mini-01-s3.vx-underground.org udp
US 104.18.7.192:443 mini-01-s3.vx-underground.org tcp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.187.209:443 csp.withgoogle.com udp
AR 216.58.202.99:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.200.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 www.7-zip.org udp
GB 142.250.178.14:443 play.google.com udp
GB 142.250.178.14:443 play.google.com udp
GB 142.250.178.14:443 play.google.com tcp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.111.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 104.18.7.192:443 mini-01-s3.vx-underground.org tcp
US 104.18.7.192:443 mini-01-s3.vx-underground.org tcp
US 8.8.8.8:53 www.7-zip.org udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
FR 95.100.133.70:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 www.office.com udp
US 13.107.6.156:443 www.office.com tcp
US 8.8.8.8:53 res.cdn.office.net udp
FR 95.100.133.92:443 res.cdn.office.net tcp
FR 95.100.133.92:443 res.cdn.office.net tcp
FR 95.100.133.92:443 res.cdn.office.net tcp
FR 95.100.133.92:443 res.cdn.office.net tcp
FR 95.100.133.92:443 res.cdn.office.net tcp
FR 95.100.133.92:443 res.cdn.office.net tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 51.11.108.188:443 data-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 data-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 data-edge.smartscreen.microsoft.com tcp
GB 104.77.160.86:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp

Files

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\activity-stream.discovery_stream.json.tmp

MD5 83254636f460265576da5c593629fd7d
SHA1 60e2db83f20228bc6fba80668ab92551f4337263
SHA256 aa18a62891b57c4e55627d2e56c1298bc83596a9815f338c01784589efc1f63d
SHA512 1a59b6e0c93ff6e5766a854603c58747886972b8d91537b890b3651059eb1a7c62caf4d073e3fbd376ab6d895f50243e39be7d6e79f5d5c87dfad260818e7b96

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\datareporting\glean\pending_pings\30944884-5750-47d9-adf8-4ea17fc53ff4

MD5 0dc48cd3adf0c2a4281dd0d3eef00adc
SHA1 466e18ab4de561835bcd482ea63cdc353781cb01
SHA256 d61edc1f14f88204737477e652e815e61adfeecb6641177bc2b8e91834b92aaf
SHA512 f53197c0b9afa56c012ca7fdd48b4cfe6ee9ece6505e3af84cdd91f8712f3048099afb1a02b557dcd21ae7a6548ae88a8ddfe32e59fd1c015062b8f6bd63fe00

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\datareporting\glean\pending_pings\e5a9cbdc-e09e-4060-ad5e-4edb657b61dd

MD5 2165f32c17695589ffc6e4363c74508e
SHA1 7a3b5d3e22442f092d11b8000f8284679261bf2d
SHA256 11700e4ac8cb1519a3b85cc174ec467ec81eb76d987fd7213b3809b2fc420638
SHA512 1293265d7a6f32a011412013f142c183f254c677209885e01ea3fcafd17ab4ed65afe1c64272a4bdf3f9dd83c775720e132f78597b6091384ac15bbb4994407c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\datareporting\glean\pending_pings\941e45d5-89be-40ea-b4a2-96ffc7c334a9

MD5 fb2374fa574d6f38854ebbf51aaf80a8
SHA1 febcf6a0ceae93ec873e7bcf47f5b345a1073527
SHA256 bde2641e148fd98a2accee5e61d6fefd1bac9c028206478f21020e9ff5c20643
SHA512 685263ac01bb2d8d1650a3db9940768cf276bad11f83260955b79843a37ed5b9efdd1da83d12805b7b31a3fde82ae5b7d6a1acbb71a6b7ef69f4e3655b5447f6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\datareporting\glean\db\data.safe.tmp

MD5 85dea57d8304e9e5e796b9180208b597
SHA1 5bc158a15ad5c4c64a5666b18237b98443610cd6
SHA256 f25f7e1f0a2336f3bdc380d117db6caf879fce7faa43f75b28dc7dfd8a02f6b1
SHA512 6dd42a7fc7243a2afc3fd18e38f193732d9fa50be783c5120e643afb49b7aca9baadbd07a87234ed73dbb33f21bc6752d7b34840af5e13756af7760621a267d5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\prefs.js

MD5 df261c75096a2635853f9f532df160ad
SHA1 cf3905b3aca43b722f46643a28b3cd50ab3c96e5
SHA256 04ddd43b9f1246c9a442647be32bbe64ebca824a90ddf0e7e599ae55cefb3127
SHA512 78d39ba1cfa1ef44726f0c6cb575752c8e31a07303832a54881f2117c2367fd7b4fe68bcf3d413fa4149b1485feab1fd3a6a18a413a52a85d5eefbc953cba451

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\prefs-1.js

MD5 3dc117c6e9de19142a1235e00b9ef81f
SHA1 bc5a296d99990440ac73145b550bfd0de3df22e7
SHA256 2423140917ea5b39111ae731b5ec3047b5e5dd0908795d2867c600c5a4a3480d
SHA512 6542cbe3400215e95d9f82d90e4304c592fbddad28082c538b27250adca4956c19396dfce1bd5a9a3fc9313ef69fb4a5d78e9cc8423e5321ce007bb1625f7545

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\activity-stream.discovery_stream.json

MD5 368e146347db6b807558baad7436db9f
SHA1 0195fc5722c26f993a49e79289c0b713f9c49648
SHA256 6317c5105a5bc9dd00df42f3f6093afc0b7c5d321b71a2c6ae68684e8987a952
SHA512 d47c939521bc162131c7bd7ea6d848ba539aba1978734168c90c5f14f946a0688e6a3f8de164c6ece854dd86f23c68fb2dd76d9dffc595faf2b71ac26e1f9358

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\prefs-1.js

MD5 aa13dab707e0898dd3169efca978b246
SHA1 eacd313d86b9836061236b7b2fad268bd448d19f
SHA256 6a36423e759387950e08d6ed6ea01ebeb9c214dbb60d277d3b06e0656a81d884
SHA512 dafd38b7d8afaf0a5fad99a1054b3acf2f83f7e4f58bf156bf80ee1d433aeab63b85edfdc1e7f10991640c6b706d825bb5d44b8706ad3f8fe00aa10908e8c748

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

MD5 96c542dec016d9ec1ecc4dddfcbaac66
SHA1 6199f7648bb744efa58acf7b96fee85d938389e4
SHA256 7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512 cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\AlternateServices.bin

MD5 c98d4e14ecca985d76784d03e2c8d839
SHA1 e6f800684ec2c5a22b92d2d985fced48a6ff8849
SHA256 c2779ffdd738820c9386cefa9f79e8686b7b7a92be2d622d4b9cb0c9b76560b8
SHA512 76d46107fcaaa98e75aa7890467755c88a43b9b4f88ae9d7cf0fcddd7f74ca0dbdd20b123f88f16439f78c12aab77c56d7de4389a658ab2106784c0d3918c067

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\sessionstore-backups\recovery.baklz4

MD5 20f4737e1bcb774aff1f8a3f663c8c2b
SHA1 ee51a46603329aa087395f8209523ad2cbfbc5ae
SHA256 f05176135c4580e2597c688e9cdaf91ed6a64aa69f9873d036cae1be02faa296
SHA512 a96acd4661684861d6f3757b6ca53a9eec7b9357e262c6f4e2792e3d1d03d2fa4a4bc78ab2ce5a9e7b2a93fd59da7434b499158d0a740c485c5e446bc879ea7d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\prefs-1.js

MD5 8ebcef0da807451eecc308929e65f2dc
SHA1 6c5817be49c4cfaee5943ba29af5b1f3fa11ffc5
SHA256 007d7c969a4ab86f181c89c8459eb7b7f326be59c1c54d30d6aa4c0f4976fc92
SHA512 24490c14eaf7d80dfc25f644781dac8ba08b51cbbfe5ba00f8b86cc1c718f7a9c54c1c3293151b565ed17ce56f868735fdb30efe68010eab19ef5383813038a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\sessionstore-backups\recovery.baklz4

MD5 b5d3f782b7d735485565c769ef16c547
SHA1 2ca8a84e9b3e697d48e0211d70fe66b98ffe9597
SHA256 89fb2fded5cb3ede0bb2560b14914fa16902fab97763016fba2efafe356b8702
SHA512 7456b4f28dd743cb148edafd20c2dd6346107529d47967f42c7d0d49e44055d7ff6fa795646331119189fbd0813d5403315317e4f566963e890fb06d788f3f0b

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\AlternateServices.bin

MD5 92a07d6e50540cda31f9307071a0d2ca
SHA1 43421f691792163969d67c8ba40e07fe757cf5d3
SHA256 1ca772b6aa6abddf1593cd572110e24ba97ed79cdc4fa03ec1227a268a729591
SHA512 9925e6626b0a193a6fde8051216b1da61c376ce2c0f7c44940769153844dd1db75b3f9f95c01323a06b855d76ef06e1cb19afb8884976804cb0426ca61620a14

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\sessionstore-backups\recovery.baklz4

MD5 cf1b0a5733cbf282003be160bbb674a7
SHA1 0dc5bec6db2f134d7c1689325789b74c45296285
SHA256 1969fd690c460fda938f74e4698c47086de586870130e698f4086a1d7624ced0
SHA512 11e7261890c0b71e4414272b1a452c8c4aced1d74016e29e8a03f9f903c76df9229bba37342241730d3f10a85df454b29e6a2ea665f449f6eec0215a882d29a8

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\Downloads\G9Md9ss3.7z.part

MD5 c9c2f3805f0012628e9d62e8f75af4dd
SHA1 b6269b1fc8813b93c11ec6066dc33d9f99f2e431
SHA256 b2c3beda4b000a3d9af0a457d6d942ec81696f3ed485f7cf723b18008a5f3d10
SHA512 ed4cb425807bbef4da92fe9e17b78746e096612e6006521279162379b2fc65f8dec7647e9c5403c6a74e6eb9b61dce7ca1c74c65d77aafbd0719be79cb1d70ff

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\sessionstore-backups\recovery.baklz4

MD5 53cdde0c56713bd995cbc9d8b444ec99
SHA1 4280adc6e9b19c3810e8ad4bd08d8181cd969247
SHA256 a51c60efb1ad3d356dbf29eec4adb9d04f96a3df3472e06fe828253276723218
SHA512 cff0dd59732e4b25bbcbc634cf19ef4ed6314fc682fca27af87a5504bd16b7e92f228f9e1f7e273ffcc1fb1ecced370306c3750fcf3ff7f9824e6bcb7ca43d5e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\sessionstore-backups\recovery.baklz4

MD5 7d3e6ab95352e9028918c45dc2c77e64
SHA1 b11ca005da3f36e3bc784910e9fd4e08f0d387d3
SHA256 f44dc2357d5ad259ec4b65de20eb7913bdfe4054afe2737b7d8ce8467c66f5f5
SHA512 b2e00b9ebebc01fcae44a04c2f0bca414d58a25f821307c7bb895816e464c4ae96eb3f5708b88e059acd91b95fdfe48ea4128ea572d529c096b49420aa0003ae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\sessionstore-backups\recovery.baklz4

MD5 99d3e2ea02e3c5c333c5792f49d395bb
SHA1 7d7f060327303ae4c50d49fbe3d5a8e4ddbd2137
SHA256 c220cef860db8ba5fa3f500a988081bdbe2b8d05773a6535a30e88e6bd16762b
SHA512 e14bef000995212d932767e4c6ef7b2dc0d6c27719857c199d857a9d9d9b3573b558ba268d531d006fb34f4b1a4b3d1fbcfecc9cc786b7ebc6c47d9cc6dd1e79

C:\Users\Admin\Downloads\7z2409.-918rtF8.exe.part

MD5 00cbef9691efad7a56332fbcf51aa762
SHA1 2135a90a9f6c3202c32a87b1c5cf805ce294a497
SHA256 e35e4374100b52e697e002859aefdd5533bcbf4118e5d2210fae6de318947c41
SHA512 a39a84b13b383ac5fca20eb6d92ec6b8bc85f1b6a545c441efdbe054d8d12c9ebe97d366235bdf1383bbdb2a9666d18d0145b10b6e589180502c0c2dfa26ef14

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\sessionstore-backups\recovery.baklz4

MD5 b32596c8e858655fe6973b6ccc0f296a
SHA1 3c3b5c5b6ec1add14e974b831a3125ed62ed0081
SHA256 a139e9ec5881b137926827e24cbac206ec314875fe125f9fdaa4212b05ae737b
SHA512 cc4518be802906b9c076ad4815736832572836c3a63d672598897607c97af37f3238671e0e72b75ab3f4fb2f5decdfb6315196611425838c8d9b8de9173ec880

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\sessionstore-backups\recovery.baklz4

MD5 6e6bbbc2cab68d408b4126b0e18a274c
SHA1 263ba927d4003b2ff5f711d5961cec0cced5fdf8
SHA256 4026acdbd71ee87f51b69f9e47fab9285f43a52180b126c171a38db854ff685c
SHA512 a8f5a610950283955fd8773be232afcde1ec0befff48978d6125c681c8df3e2cdcdf237fee0c3f9f8e523df750245e5b32e0990a9c37f15d4817b4b40a4360d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\sessionstore-backups\recovery.baklz4

MD5 e6182f50b7d80fb8dd16c6b0c13e1b45
SHA1 7d2849973cd080b75766517592e01994e263c4d4
SHA256 f52f700af3e65188a62b7c848c7c162c3a8f25c46d3e8ef6148a15014e1e8a0c
SHA512 5b7764c36571c3afed30928b84e4c8ffde95afa33bbc0dea442df46a159d72105a2965e26782e2e80062c0dd19340a674076ba735796be5438ff71b32e5a3892

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\sessionstore-backups\recovery.baklz4

MD5 06e56b2415a62b6fadf79590971bd070
SHA1 752428b31fbcd84ee88d0e1b4a60ba6b9805f86b
SHA256 e0c733417c680845720b7e97aba4ff4fedecfbda80e3cb94bca438a6e82f96b9
SHA512 f352ce28a78d3dace64723db2a72bd4463a83d896f23eb41273190bc896587d8e356ea113deb84c9a4cef4eb2123847d79ca2568a4cb348938de78f5bca31f3c

C:\Users\Admin\Downloads\7z2409-x64.vbPC7uqq.exe.part

MD5 6c73cc4c494be8f4e680de1a20262c8a
SHA1 28b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0
SHA256 bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e
SHA512 2e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85

C:\Program Files\7-Zip\7-zip.chm

MD5 a7ba50e8a23bf4a17f827c69bdb8f6ab
SHA1 17db88d7fa4bdb042897cf1b8a8d6620dc4f3b07
SHA256 94561a6dd2e91b42d566846270b9d8915c30dd9200e7aab3a4e37547c0042491
SHA512 16598f7fe5dbad5abac11bbf84fce5a26dd686c1786ddeea7b86ea239fd1fd06587755eee7d376f4ca01a0c61f8b8babf5928222009160949a332fe5e985964a

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk

MD5 d4ffb365de9aa43a9cf776c20f79c0b4
SHA1 bafbc48e378f8e1047623e700325710a6d65eac9
SHA256 5c18ccdf711c0bf3c73484cde8d194f14b8cd72aad1a64b7ce20e484149121f6
SHA512 f33f7c80366e127e16a5373916ba31bf6ebddf165f52b0cd338102e1cbb1485dead3eefe591213b3d65efa536233927e016af7b653d49f525d653746c8324fea

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk

MD5 2e48bf510aa2313ba641150dce397bb7
SHA1 ea2ac921a65a4224ce05a89fd79ba137be194cf2
SHA256 668e8fdac462fe002c36b0c9320aea1543f30d61b2db4c17d7fb928bd5934cf6
SHA512 951d5ef054feef3cd60c31c688641f152cab5aa05189b3c6caa3c0534574567bb3dac800bf9f17922fc78073a236ccbd9bc2722c6d92c8db6cfca14ce967c6e1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 569a25b81de2820dcd60f835db924292
SHA1 7834947ab793a213fe7f85b34acb1021c89f2e53
SHA256 eb805d4c9d8c34da6382cd7aa1ffa3fd9c44300d1ab3401f3aee54ec9bcda24a
SHA512 fc2151a7ffc9d85ef9ab5bbdab4583cb95ab15e3e30b93dd75f2ee76145a6c90aed8d2bd9b7fd1e00a692e0a9f17207dbe008af9a0c38df47afc1dc3a6ac150a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 ccccb7c8b6fd49dfe1cccee5625d23c9
SHA1 a3dcbd9577061b42f3efd63cc6084d256fb08f24
SHA256 2e3a7d8946f0bfe525da3ab4b28111b0ad977a7b6945e36d22149e9818ce9826
SHA512 8553dab0d6ba8c570422ff488969e0810915f4ed4ad339f7ad70c207b5b79ed5bc9e09a9609a157b1bf255ab72a171213492f1584829d18257f3902ce14c2c89

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\prefs-1.js

MD5 d0a51f4ae4b4f2647ebd5d7aa5e6bb26
SHA1 5d9a92eef23344182201abbc08142d458f0b57de
SHA256 343ea78ce014d2da36579cc9efffc6fe1f24e04ed77b4c99aee4d3d4d80ab591
SHA512 ead9ace5660fb6fa6c9cbbd5d76c54397eff7634cebbf930098db500f63d0df7fc1647c4f81a8ec9c5f7e56d349787c08eea10dfdcc630bbfa4fe899219733be

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\datareporting\glean\db\data.safe.tmp

MD5 86dd7fce8b13cc830dfa9993a3e53530
SHA1 61426675737cd9b991562169be3927b573755cf7
SHA256 25648d4fbb4f0ca0cba2361cc7a55fed4ea682bbbcfd56b0c83e1928ca3d086e
SHA512 40e168a0d2a450fe29e9b70bc986d48743fdf1da10ea18eaed1bc29bb8bf22ca73a41d573804515eedba43ac02c572f40d3349a08a2170ba03d374b45896ee38

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\datareporting\glean\db\data.safe.tmp

MD5 c51cf1af43c58fde39ca2533528f73f5
SHA1 b9c995a409cccc8cb47b5556699f26434e680680
SHA256 532da8eab4b4ff148b0445d92c0df0f9a57a3aaaac449b48eaabf45fac88821e
SHA512 ab607be9cfc26009ae69264db6e43826b6b9a2cf5c2d3a336f17c1c6c8e5a722cbf436d5bff7100fe711cc33f0674f86225b3b7299ac3bd2eb6fb174f26f5de4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 11fe783d7946f49c3b06a6896706ecc3
SHA1 349c649d9a880757c7505cf5cfce41febe6fa0eb
SHA256 04986772843ce478096136b5199482cc0a346904b3b281c4cd6c3537bc243036
SHA512 74a31c659644337642093e731a13d96b5353d42998e166618c7c68a0ba8009fdb3ae5567e7ce33a48a0bc5c39da0281d1f8889fdc52b1644d68d97abb4156f58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\bookmarkbackups\bookmarks-2025-02-14_11_uSUNLp-ZeEHYXgarcqVU+Q==.jsonlz4

MD5 87cca11c1ebf96a44c68a5dfc5786b58
SHA1 753f80ca768d541b47046732de6c1ea2f9373053
SHA256 dc5ebf99efc5fc5d33d55819a1e6b0b529fb17866674dc205a3dc6021dc06843
SHA512 ff88d1bdee91e2af497796eaf6fbab40fcc9efdae93d378afb8aa49a67d440c6da7e09a494219e1fec7d99e243cb576cab687f835792ec999f1ec6897fafb468

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe

MD5 1b3e9c59f9c7a134ec630ada1eb76a39
SHA1 a7e831d392e99f3d37847dcc561dd2e017065439
SHA256 ce78ccfb0c9cdb06ea61116bc57e50690650b6b5cf37c1aebfb30c19458ee4ae
SHA512 c0e50410dc92d80ff7bc854907774fc551564e078a8d38ca6421f15cea50282c25efac4f357b52b066c4371f9b8d4900fa8122dd80ab06ecbd851c6e049f7a3e

C:\Program Files\msedge_installer.log

MD5 1796983d64fcd5b7d45d151c0c3e529b
SHA1 1ef30fda1bc1b6e301a44ac75c16adfe29ec2486
SHA256 022b74e24ecc8f5aed938a0ab11b8dd7af9875d489d8e68e9c7ece7895d46e16
SHA512 bf8eccff8d4f62d82f0d192924b42646b0bd8e0e094d10c5d07459195fb1693edaa238a146bc00512b5450623316ba7c06206ba7e7d0283f90abe895184a7539

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

MD5 ad5f7dc7ca3e67dce70c0a89c04519e0
SHA1 a10b03234627ca8f3f8034cd5637cda1b8246d83
SHA256 663fe0f4e090583e6aa5204b9a80b7a76f677259066e56a7345aebc6bc3e7d31
SHA512 ad5490e9865caa454c47ec2e96364b9c566b553e64801da60c295acd570017747be1aff6f22ca6c20c6eee6f6d05a058af72569fd6e656f66e48010978c7fd51

C:\Program Files\msedge_installer.log

MD5 93d2f682a4a6c06ce557c215931983a0
SHA1 d139bfb07b25d603e05106938f012a671be5a7db
SHA256 52e1fa6f2d9bece29298e4ddb1e69b213e2e76ed31f2a5392382bab3794dc2b7
SHA512 20eb1bb4f8105cb2dca9c2e60dba4e6c6b3ec53dfd3e0eaa4ab790cb3c92c9c6e6f95ac95f172e56abf8bbac317cd6916a795f3e1d51c50ddeb54cc2834d1ba9

C:\Program Files\msedge_installer.log

MD5 9d7787ef62ea6d7c8a804a359f2dcaf7
SHA1 dae1c4077c6de9a93d01e37b5a9d2ddfee2815f9
SHA256 0c8ea40246187d31f1e8349bda0de3d8eb2455b6a69832a872481b5251046007
SHA512 56aefd325e205098f38c31d9b2e5b55ba3aa795998a53cf270f2d375c4302d505f343e17a23c41b596c2aaa9979ea4eeb0b05d39f7542e4b6e59ab1d5b7dd7d5

memory/4704-1599-0x000002AB69D80000-0x000002AB69D8E000-memory.dmp

memory/4704-1600-0x000002AB6BF50000-0x000002AB6BF5A000-memory.dmp

memory/4704-1601-0x000002AB6BF80000-0x000002AB6BF88000-memory.dmp

memory/4704-1602-0x000002AB6D600000-0x000002AB6D849000-memory.dmp