hxxp://noescape[.]exe

max time kernel
1048s
max time network
1052s
platform
windows11-21h2_x64
resource
win11-20250211-en
resource tags

arch:x64arch:x86image:win11-20250211-enlocale:en-usos:windows11-21h2-x64system
submitted
16/02/2025, 17:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://noescape.exe

Score

8^/10

adware discovery persistence privilege_escalation stealer

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge"	setup.exe

Downloads MZ/PE file 2 IoCs

flow	pid	Process
43	4428	Process not Found
140	4428	Process not Found

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 10 IoCs

pid	Process
3524	setup.exe
452	setup.exe
3040	setup.exe
3860	setup.exe
2748	setup.exe
4572	setup.exe
4788	setup.exe
3016	setup.exe
3748	setup.exe
2756	setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk	setup.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\eventlog_provider.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\pl.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\881529dc-f5a5-49f5-bd3e-7c98ab95684c.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\MEIPreload\manifest.json	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\ko.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\microsoft_shell_integration.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\msedge_wer.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.69\Locales\sq.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\identity_proxy\internal.identity_helper.exe.manifest	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.69\AdSelectionAttestationsPreloaded\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\vulkan-1.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\ro.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\AdSelectionAttestationsPreloaded\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.69\v8_context_snapshot.bin	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.69\vk_swiftshader_icd.json	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\identity_proxy\win11\identity_helper.Sparse.Internal.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\identity_helper.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Mu\Analytics	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\el.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.69\Locales\zh-CN.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Mu\Entities	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\VisualElements\SmallLogoDev.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\new_delegatedWebFeatures.sccd	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\mt.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\sr.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\as.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.69\Locales\bn-IN.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\cs.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\kok.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\pt-BR.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\tr.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Trust Protection Lists\Sigma\Advertising	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\vcruntime140_1.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\VisualElements\LogoCanary.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\BHO\ie_to_edge_bho.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\MEIPreload\preloaded_data.pb	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\ca-Es-VALENCIA.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.69\WidevineCdm\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.69\Locales\is.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\msedge_100_percent.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\pwahelper.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Sigma\LICENSE	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\he.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.69\Locales\cs.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\zh-CN.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\EBWebView\x64\EmbeddedBrowserWebView.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\eu.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\te.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\tt.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.69\Locales\mi.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.69\Locales\mt.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\kn.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\vcruntime140_1.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\gl.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\ta.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\te.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\ug.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Trust Protection Lists\Sigma\Social	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Locales\gd.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\dual_engine_adapter_x64.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\ffmpeg.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\identity_proxy\stable.identity_helper.exe.manifest	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\mip_protection_sdk.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\vccorlib140.dll	setup.exe

Drops file in Windows directory 37 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\96ec2657-2e93-4db8-8b23-bb8e0a9497fe.tmp	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\447e823b-5cff-413f-af22-046878007d62.tmp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3208	MicrosoftEdgeUpdate.exe
3544	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\BHO"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\BHO"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1"	setup.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge	setup.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0"	setup.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationIcon = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\msedge.exe,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.html	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\TypeLib\ = "{2397ECFE-3237-400F-AE51-62B25B3F15B5}"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeHTM	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.shtml	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\CLASSES\MIME\Database	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\shell\runas\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --do-not-de-elevate --single-argument %1"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell\runas	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids\MSEdgePDF	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0\win64\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\elevation_service.exe"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationName = "Microsoft Edge"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.svg	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\AppUserModelId = "MSEdge"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\runas	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Programmable\	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeMHT	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\ie_to_edge_bho.dll\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\VersionIndependentProgID\ = "ie_to_edge_bho.IEToEdgeBHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\ApplicationIcon = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\msedge.exe,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\runas\command	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\ = "TypeLib for Interface {C9C2B807-7731-4F34-81B7-44FF7779522B}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mhtml\OpenWithProgIds\MSEdgeMHT	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AppID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\open\command	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\DefaultIcon\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\msedge.exe,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell\open	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ProgID\ = "ie_to_edge_bho.IEToEdgeBHO.1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/html\Extension = ".htm"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell\open\command	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\BHO\\ie_to_edge_bho_64.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ProgID\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\ = "PDF Preview Handler"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/svg+xml\Extension = ".svg"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\Application	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\ApplicationCompany = "Microsoft Corporation"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FCBE96C-1697-43AF-9140-2897C7C69767}\AppID = "{1FCBE96C-1697-43AF-9140-2897C7C69767}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{1FCBE96C-1697-43AF-9140-2897C7C69767}\LocalService = "MicrosoftEdgeElevationService"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\shell\runas\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --do-not-de-elevate --single-argument %1"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.pdf	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.shtml\OpenWithProgids	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell\runas	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\shell\runas\ProgrammaticAccessOnly	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.69\\PdfPreview\\PdfPreviewHandler.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\ie_to_edge_bho.dll\AppID = "{31575964-95F7-414B-85E4-0E9A93699E13}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\shell\open	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\AppUserModelId = "MSEdge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\AppId = "{628ACE20-B77A-456F-A88D-547DB6CEEDD5}"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AppID\{1FCBE96C-1697-43AF-9140-2897C7C69767}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\ = "Microsoft Edge PDF Document"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell\open\command	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AppID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}	setup.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
2212	msedge.exe
2212	msedge.exe
2908	identity_helper.exe
2908	identity_helper.exe
3020	msedge.exe
3020	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	1484	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1484	AUDIODG.EXE
Token: 33	3524	setup.exe
Token: SeIncBasePriorityPrivilege	3524	setup.exe
Token: 33	3748	setup.exe
Token: SeIncBasePriorityPrivilege	3748	setup.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 560	2212	msedge.exe	85
PID 2212 wrote to memory of 560	2212	msedge.exe	85
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4184	2212	msedge.exe	86
PID 2212 wrote to memory of 4636	2212	msedge.exe	87
PID 2212 wrote to memory of 4636	2212	msedge.exe	87
PID 2212 wrote to memory of 3832	2212	msedge.exe	88
PID 2212 wrote to memory of 3832	2212	msedge.exe	88
PID 2212 wrote to memory of 3832	2212	msedge.exe	88
PID 2212 wrote to memory of 3832	2212	msedge.exe	88
PID 2212 wrote to memory of 3832	2212	msedge.exe	88
PID 2212 wrote to memory of 3832	2212	msedge.exe	88
PID 2212 wrote to memory of 3832	2212	msedge.exe	88
PID 2212 wrote to memory of 3832	2212	msedge.exe	88
PID 2212 wrote to memory of 3832	2212	msedge.exe	88
PID 2212 wrote to memory of 3832	2212	msedge.exe	88
PID 2212 wrote to memory of 3832	2212	msedge.exe	88
PID 2212 wrote to memory of 3832	2212	msedge.exe	88
PID 2212 wrote to memory of 3832	2212	msedge.exe	88
PID 2212 wrote to memory of 3832	2212	msedge.exe	88
PID 2212 wrote to memory of 3832	2212	msedge.exe	88
PID 2212 wrote to memory of 3832	2212	msedge.exe	88
PID 2212 wrote to memory of 3832	2212	msedge.exe	88
PID 2212 wrote to memory of 3832	2212	msedge.exe	88
PID 2212 wrote to memory of 3832	2212	msedge.exe	88
PID 2212 wrote to memory of 3832	2212	msedge.exe	88

System policy modification 1 TTPs 4 IoCs

defense_evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\	setup.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://noescape.exe
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe39cb3cb8,0x7ffe39cb3cc8,0x7ffe39cb3cd8
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:128
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1632 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2156 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1648 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2892 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1704 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2972 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,4836466424514892272,15950791537921306232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:1
  2⤵
  PID:4436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1640

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTVBM0YxRUItQzRFNi00RUY0LUE1MkUtNjQ3MEVEODJCQkRGfSIgdXNlcmlkPSJ7N0RCNEM1RUYtNDE4RC00MkVDLUE0NjQtMDU1NUUzQzk3NDgzfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NzI3RDY1ODEtQzY0OS00NUFDLTlBQjgtRkU2NTAxMDU1REI1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RSt4YkF6Nlk2c1UxMjg5YlM2cWw0VlJMYmtqZkJVR1RNSnNqckhyNDRpST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjUiIGluc3RhbGxkYXRldGltZT0iMTczOTI2OTY5MSIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzgzNzQxNTU5NTI1MDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUxNDE5MjU1ODYiLz48L2FwcD48L3JlcXVlc3Q-
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3208

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004CC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1484

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3928

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FC12033E-DF81-446A-B2C3-D212BD7E237D}\MicrosoftEdge_X64_133.0.3065.69.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FC12033E-DF81-446A-B2C3-D212BD7E237D}\MicrosoftEdge_X64_133.0.3065.69.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
1⤵
PID:896
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FC12033E-DF81-446A-B2C3-D212BD7E237D}\EDGEMITMP_2D752.tmp\setup.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FC12033E-DF81-446A-B2C3-D212BD7E237D}\EDGEMITMP_2D752.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FC12033E-DF81-446A-B2C3-D212BD7E237D}\MicrosoftEdge_X64_133.0.3065.69.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
  2⤵
  - Boot or Logon Autostart Execution: Active Setup
  - Executes dropped EXE
  - Installs/modifies Browser Helper Object
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - System policy modification
  PID:3524
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FC12033E-DF81-446A-B2C3-D212BD7E237D}\EDGEMITMP_2D752.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FC12033E-DF81-446A-B2C3-D212BD7E237D}\EDGEMITMP_2D752.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FC12033E-DF81-446A-B2C3-D212BD7E237D}\EDGEMITMP_2D752.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff6326c6a68,0x7ff6326c6a74,0x7ff6326c6a80
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    PID:452
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FC12033E-DF81-446A-B2C3-D212BD7E237D}\EDGEMITMP_2D752.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FC12033E-DF81-446A-B2C3-D212BD7E237D}\EDGEMITMP_2D752.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Modifies data under HKEY_USERS
    PID:3040
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FC12033E-DF81-446A-B2C3-D212BD7E237D}\EDGEMITMP_2D752.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FC12033E-DF81-446A-B2C3-D212BD7E237D}\EDGEMITMP_2D752.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FC12033E-DF81-446A-B2C3-D212BD7E237D}\EDGEMITMP_2D752.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff6326c6a68,0x7ff6326c6a74,0x7ff6326c6a80
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:3860
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    PID:2748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff72f266a68,0x7ff72f266a74,0x7ff72f266a80
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:4788
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    PID:4572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff72f266a68,0x7ff72f266a74,0x7ff72f266a80
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:3016

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CBA903C7-17CE-421E-8743-7DC045EDF069}\MicrosoftEdge_X64_133.0.3065.69_132.0.2957.140.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CBA903C7-17CE-421E-8743-7DC045EDF069}\MicrosoftEdge_X64_133.0.3065.69_132.0.2957.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
1⤵
PID:3236
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CBA903C7-17CE-421E-8743-7DC045EDF069}\EDGEMITMP_28E69.tmp\setup.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CBA903C7-17CE-421E-8743-7DC045EDF069}\EDGEMITMP_28E69.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CBA903C7-17CE-421E-8743-7DC045EDF069}\MicrosoftEdge_X64_133.0.3065.69_132.0.2957.140.exe" --previous-version="132.0.2957.140" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  PID:3748
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CBA903C7-17CE-421E-8743-7DC045EDF069}\EDGEMITMP_28E69.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CBA903C7-17CE-421E-8743-7DC045EDF069}\EDGEMITMP_28E69.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CBA903C7-17CE-421E-8743-7DC045EDF069}\EDGEMITMP_28E69.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff642986a68,0x7ff642986a74,0x7ff642986a80
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    PID:2756

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTVBM0YxRUItQzRFNi00RUY0LUE1MkUtNjQ3MEVEODJCQkRGfSIgdXNlcmlkPSJ7N0RCNEM1RUYtNDE4RC00MkVDLUE0NjQtMDU1NUUzQzk3NDgzfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins1MjI0RkQxNS1CODU3LTQ5OEEtQTczRC1BNURFQzM1NkE4NEZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjQzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNSIgY29ob3J0PSJycmZAMC42NCI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSI1IiByZD0iNjYxNiIgcGluZ19mcmVzaG5lc3M9Ins4RjQ4MDZDRS05RTE4LTQzNTItQUQ0My00NjU1MkU4OTJGQjR9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iMTMzLjAuMzA2NS42OSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSI1IiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzODQyMDE3MTg5MzUwOTEwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTc5MTM1NTA2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUxNzkxODUzNzkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwODM0MDA0MzEzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvYWY4ZTVmMmMtOGI3Zi00NzhmLThmNmMtZjFkYzU2N2UwZDY1P1AxPTE3NDAzMzI5NDMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9bUxmSVBtY2NXYmNEVGJTQXgySU4wRGtZJTJiOEtqeWZZNiUyZktTYm5hQm5pUkg5ajZyTGx4N0N2eHpyZkxjQm1Ca3l2cUpoTkxWaVRKUUtkWDE4Zk1ZJTJmTUElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMyIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDgzNDAyNDI0MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvYWY4ZTVmMmMtOGI3Zi00NzhmLThmNmMtZjFkYzU2N2UwZDY1P1AxPTE3NDAzMzI5NDMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9bUxmSVBtY2NXYmNEVGJTQXgySU4wRGtZJTJiOEtqeWZZNiUyZktTYm5hQm5pUkg5ajZyTGx4N0N2eHpyZkxjQm1Ca3l2cUpoTkxWaVRKUUtkWDE4Zk1ZJTJmTUElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzg2MTEyODAiIHRvdGFsPSIxNzg2MTEyODAiIGRvd25sb2FkX3RpbWVfbXM9IjU1ODIwNCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDgzNDEyNDI0MiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDg1MjE2NDI0MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE1MzI2NjcwNDciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMDQ5IiBkb3dubG9hZF90aW1lX21zPSI1NjU0ODgiIGRvd25sb2FkZWQ9IjE3ODYxMTI4MCIgdG90YWw9IjE3ODYxMTI4MCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNjgwNDgiLz48cGluZyBhY3RpdmU9IjEiIGE9IjUiIHI9IjUiIGFkPSI2NjE2IiByZD0iNjYxNiIgcGluZ19mcmVzaG5lc3M9InsxODU4RjM2RS1FNTU4LTQ1QUQtQTIyOS05MjA2RjI0NzI5MTd9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEzMi4wLjI5NTcuMTQwIiBuZXh0dmVyc2lvbj0iMTMzLjAuMzA2NS42OSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjUiIGNvaG9ydD0icnJmQDAuODUiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTE3OTE1NTQ1MCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTUzMjcwNzE1OSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTIzMjEyMDY0NDkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9iNjI0MjA1Ny05OGQwLTRiYWItOThlMS03MDE0NTYxZGM2NjM_UDE9MTc0MDMzMjk0MyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1iTUZiMUlVZGU3VlBCTTVVJTJiTHhZNEltZmF4YUZXTlI4U0JxaHhJaEpFa1JkTHA2bGpjc1JmdGYxYzdYa3Jxd29Za09IM1IwODZlQVpDdXN0a2JVQk5nJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTIzMjEyMjY0MDciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2I2MjQyMDU3LTk4ZDAtNGJhYi05OGUxLTcwMTQ1NjFkYzY2Mz9QMT0xNzQwMzMyOTQzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWJNRmIxSVVkZTdWUEJNNVUlMmJMeFk0SW1mYXhhRldOUjhTQnFoeEloSkVrUmRMcDZsamNzUmZ0ZjFjN1hrcnF3b1lrT0gzUjA4NmVBWkN1c3RrYlVCTmclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSI1ODQ5OTY2NCIgdG90YWw9IjU4NDk5NjY0IiBkb3dubG9hZF90aW1lX21zPSI3Nzk2MSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjMyMTI5NjQxOSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjMzMDU1NjUyMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI4NTYwNzY2NjMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMDQ5IiBkb3dubG9hZF90aW1lX21zPSI3ODg1NCIgZG93bmxvYWRlZD0iNTg0OTk2NjQiIHRvdGFsPSI1ODQ5OTY2NCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNTI1NDkiLz48cGluZyByPSI1IiByZD0iNjYxNiIgcGluZ19mcmVzaG5lc3M9IntFRjUxRkNBOC00RDk0LTQ0OTgtQTVBMC01RDQyRjQzMzQ0MzB9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Browser Extensions

T1176

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Installer\msedge_7z.data

Filesize
3KB

MD5
fdafd3d3a736e5c75d913779fcfd942c

SHA1
712989296d8bbb3990f000a16e1a9808fd2c3393

SHA256
97be491fb1b44a105e615cde0a08d3439e3ab5f311216cad0954366a3d1a71c6

SHA512
36317b8cc623aef13aaa00c51bc7906fd6e93a1c9836051ff7953ebddff1ed2e165b44165a402ae1fb62eb6877a0477966788eb4967b820d4d9049d3fc6d85a8

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CBA903C7-17CE-421E-8743-7DC045EDF069}\EDGEMITMP_28E69.tmp\SETUP.EX_

Filesize
2.7MB

MD5
8b1abae1ce12dd175032f274dfbbea25

SHA1
b22d211f9819cd791b9cbfcfb13a1f4922ce3f1c

SHA256
121f1d31e93c40320699538153b201ffe9d47bb281c7841fac111da2f6fa44c0

SHA512
f1fd5fa18d687a629144b018db92327e50f0c8f6fdbb3c4a4bb46090b2bc0d367efd7bd3e85eeb41cbaf7a24c9bc943c755f87cb4f511b2ca3393d4a064c937f

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FC12033E-DF81-446A-B2C3-D212BD7E237D}\EDGEMITMP_2D752.tmp\setup.exe

Filesize
6.8MB

MD5
bdb1aecedc15fc82a63083452dad45c2

SHA1
a074fcd78665ff90ee3e50ffcccad5f6c3e7ddcb

SHA256
4ea0907c3fc2c2f6a4259002312671c82e008846d49957bb3b9915612e35b99f

SHA512
50909640c2957fc35dd5bcac3b51797aa5daa2fb95364e69df95d3577482e13f0c36a70ae098959cb9c2aaeb4cfe43025c1d8d55b5f8858b474bcb702609749d

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
981KB

MD5
10eec32d4c9e4b2bd6ae3723397adc3d

SHA1
b0e808056466c7b26ced7c5350f7ef6b4d481528

SHA256
610fe18d87ef84c027527f7503323acadf998432c16149fdb85d29fb89623c20

SHA512
cef4c39effdcd730f21640c06bd8d2f23c5172534996833520217280d901f4f9641d17b1e4a424ffbe4fa84e9276199d583aa732741162f373b476a09b023eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fa5b204c3340b9d53a69d7c6addb7f9f

SHA1
f2932b2f8177850ca763265a8083195caa8d4485

SHA256
63fcbdb8a8c1b661d96d34df23cbb458b663e6ae59fd6d532e186e07b27c7877

SHA512
2a756886954cbe55cfc471dedec1b4a1cd95d4b8508720b7e1eb994ca51cdcae66bfc9e99515cd730cdee17f1809398af94e870e5938774f7bb5c2a097fe4d14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
43614630cbd59e064dbc4fd0acd5e19b

SHA1
26e2ae565be83de6c5dc323fc72eb5642f737c89

SHA256
22834e9d41837af8d4ed623f55a9f895e8bfe7acf8250802c67a12766ef67a8e

SHA512
ebe7619279b003a1cb96d6c89b82604b5463543f6aecbde7e5696389187781bbd8549b5dd820c23ac222d414d7c7722e04949d201eae8db7d18fa49ee359813f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
48KB

MD5
df1d27ed34798e62c1b48fb4d5aa4904

SHA1
2e1052b9d649a404cbf8152c47b85c6bc5edc0c9

SHA256
c344508bd16c376f827cf568ef936ad2517174d72bf7154f8b781a621250cc86

SHA512
411311be9bfdf7a890adc15fe89e6f363bc083a186bb9bcb02be13afb60df7ebb545d484c597b5eecdbfb2f86cd246c21678209aa61be3631f983c60e5d5ca94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
70KB

MD5
3b06aa689e8bf1aed00d923a55cfdd49

SHA1
ca186701396ba24d747438e6de95397ed5014361

SHA256
cd1569510154d7fa83732ccf69e41e833421f4e5ec7f70a5353ad07940ec445c

SHA512
0422b94ec68439a172281605264dede7b987804b3acfdeeb86ca7b12249e0bd90e8e625f9549a9635165034b089d59861260bedf7676f9fa68c5b332123035ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
47KB

MD5
abcdc719204b75b443849e662c50e331

SHA1
e143b1671d4e72bb249c6d14f19429fef677a6e2

SHA256
0e5af9beefa2af0ad9e8da592b4f9de8f29cce2adda77f6bbd5b41d21ab550d3

SHA512
0f757179eb3937f1f610e8d629d3b5263a291ce975157afe364f13283e9e34c58ee2450e80f2d27ff12f8becaa64808e7542329663ece1064a15fbde1727d2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
1024KB

MD5
1f848a62e1aaebc2795ca5dad08aa0d4

SHA1
a1682e987a5041ed231cc9e7ab75abfbe479ba48

SHA256
b4101df3d8aa04b9da14ca2ebb1a0bdfe6a3a5766baf1f7b4adc6ef36d76c089

SHA512
4643f5f364e6568a59c1531e80dbe096473cb13adc860f4a4ecc2a75a2fd85690354d526b97bedcace8b9f240c201064a1c6ffdb5b7bc88c8707131236f30263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
1024KB

MD5
f5819bff340d09963adbacda911cb4d8

SHA1
c6c9d1a3019a325852f938fd536a0964197c0e39

SHA256
0c7e01aa904512396ee99a342d25a48ef3a911585796972b47caa036722339f5

SHA512
f329eb6724133ebc07942bff22d5de4cb44c322984652631cf91848d2c20ac85529c06d5146e7ad867f61c27b6190a48eaa3af1ecf139ebeda4392b6aecb54b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\052d5fdea9272438_0

Filesize
3KB

MD5
d6f2edc36ccc2a55402a67eb97cfe9b5

SHA1
62504e20d53143d23e1a4ccbf2e9422445918922

SHA256
1c35cbb6f718b4e74e8561a17abf9901b895f640f26d75a42380ec0a1d21e998

SHA512
70243254846e6d831a31076da1f3eba131b59f08c5aa6873109300fc8ffc4b77a5d2ab5493f9a1cbdebfcc021f9cedb6d4c93b475aaf45a426967f80c57caf92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
8bad208941eed39bcf5bd9d2a74c0763

SHA1
e9df2b85b21cd0979228c7122d5d3845dbb8ebf7

SHA256
005589bb43acb7680050bef5e7bb90099c66f312759eea7771d9bc43c92ad0d2

SHA512
8f90e05a52d736ef7f790902e8b42e483d0287a7350417e51e96f3301577faa9dc3ca896796116f1ad255a8f19f8654d36b8418a40285ca3876c026df03418dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0d1e87f645add67c_0

Filesize
38KB

MD5
bfb4bfe95e9239a41614713edbad0e0f

SHA1
91bc4e5023eb4fe0f3cc7b6ab9b73e122691879f

SHA256
48537d0851d0c82df1c1be55d7dac249640986b959f7361ba8b8dbfd842c217a

SHA512
5aba654a49fa256501160d93d34f8b8cc6b953ef57b1eb1dd94ae7432e6aae1002ef5eb142c0755ccf057d15a36b9cbca496a32e82615055cac4f969a08a207f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\11b9f5bb10aea018_0

Filesize
10KB

MD5
cf7d7ed5e48281399651618bf416154e

SHA1
35faeed3ca3839b0d42558ad13f17734f9c7c13a

SHA256
81beb43e40729bd548a2cbeb76a98b4dcf19c5e80c93cc09d1daefb9ef182f11

SHA512
b5219b06fa62473f3716982ee3e47d6f6cf129dddd7eb47a3dcf6e67efcd2f7976b1ef371cd566366dc89223de59d649ed1367e773b814468a2df5756cf4da84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\165ea510aa7bffcb_0

Filesize
1KB

MD5
becdf58bf669968fe5e0a68d1374cd51

SHA1
ceae0bc95ab33f3e67f822e27758f8fc3d064625

SHA256
dadcb5111c3eaefe780c7db356d2bea439e42b63d99c9d3cf01b3df61159ed8f

SHA512
2d2a0123cf6dcb4cef2d9f0468f1ca5dd98a8485c0273f241952d95b3684414d8b1425fef1740de367a26808f7d37b5bce69ece61f4b0037bd0f56b78622c2aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1a914eb5fc51fb84_0

Filesize
5KB

MD5
6cde66ef4fc1badd16c7401e72e9f18c

SHA1
a226e11d1b2e395cdae171642ab9d31ec2bc5313

SHA256
b3513c059530378888c6bec2fbe35367c4c0f657257bf5262fd9e9225262dce7

SHA512
4eb8e82751ba45153bfc10b472fbac7683808f2d3f74030a9ef860e738ad6708fea2cda83a8f7e89c5ca4df1aa9415a5786a6a2791acf0e4e24f2336a72d3007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
9a02dd6ebb0dd65442fa5b2d04adad52

SHA1
cc4da48e4fffe6635c252518fa3ab4c64eaec087

SHA256
672afd8929d3c1e1e620110a6277d17448033e07b9e806f12178bdc326517332

SHA512
2d658bcd2e9c3a410c76a0154157908331ce497c24e482717d42d6dca1b7d1ad762d0f5ce2055829ec5a41e18c5e225ca9a7cc0134da6f3de4326acb8941a5b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2692617678c042d9_0

Filesize
3KB

MD5
87c83631ceb25d96bbe5472943d4416b

SHA1
5f61d9d435c145aef40357548144e81979eee195

SHA256
cb5808f7e89c9d262aa489d908637417e17d8442a747bf89cff5ef16812b20e7

SHA512
de64f64c84d9ddc448f54b2784f95a8df13876caa85a7bcfb971597806218864b74fb0f5e6aefa7bf1a48bfe2ad7193566ab5872d095edc387a648f53a7014c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37afe38eb817b647_0

Filesize
27KB

MD5
3717a9b9afa373f1607757829eecd339

SHA1
317361238433eed31007cb04c8c9082bbcfc4b1f

SHA256
886b9910ed6127d9aebaf1af67d07f472bdc279c1ca49734a55add35378fb5e9

SHA512
758081689cdc7ee67da4853ea53913fa314f7f6e5157958056efad636c8b1a3f7f7989eaa7d5db6f08fc3a1da16510811ae5efab8a159af9de67d545d0d09c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
7KB

MD5
a84d7688c57c5060842418cd3919823f

SHA1
b94ace2614ab7ccf03ecc5d727a0afcf8d4c7751

SHA256
e4a1b1e34b7708f969377c47bd2bd00561ff823c8503c35c9f75a3f25472963e

SHA512
6c0afe6c44b319109686e9947744e58748efc18cc525259be356a44fb7885ea53f4f306ab337d991a2a763d550ae5d8cb2c54ae0d9b4d8d8ca1086100aaa5100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3d1ae5ef464bd7d8_0

Filesize
291KB

MD5
b0aaf26a99ee1036b7e2c5e5f618d078

SHA1
5176fa27f0963bf9cfb703761c5c7b7a378d346a

SHA256
fd429136509f33fc672d38d794cee2a79b26d3a098373f57105c1fab80dc1096

SHA512
cedb8bb17a668378aaffcd78ac1289be4f9922e77638e99b5f725619feb56a24110f25c67a9966f7331999ad4661ff0cfe7309fc6896e8c685e8edd056270a56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
22e9784aaa350090db4a31eb03527687

SHA1
8eeedad90052b1e19fde53e64c2ff14300f06756

SHA256
381879b0d26039369c1e467c33aaef98935a63267f89571bb326442dd58ee36e

SHA512
866fed4b943ac157e4b28e43027aa7ee5b060a34a9f32f35792f5185d1ff066ccbffde33a0cec41b41d6415d19490152f5f93684cb9cfee24487bd4181b33803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c3bec9953de2f3b_0

Filesize
2KB

MD5
85b97f8eed9498ee4c4da518dd7c9616

SHA1
2d6756d95678db44389d0a7ad554c1faaac3aced

SHA256
e7e9f9a488c9ff5c4a32d147995f2bd01366ac0e746bc590d25dddcfa95e0bdd

SHA512
b260a327b366649cb525fd8c7ea2422524d62fc65118b685ea926e3125e0367b4d9a189aac2febbc8e9773d94a17064ea65fc753be954293fc84d5878d4b3229

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
ddf2c3765121107497ffdfcd06b97919

SHA1
574fa0c271034d754ec8abb9ba4e87de5c4aa872

SHA256
bc4e1a8eec841c41e0e81672f0fa2a09e74a7a61737509aa36ffd35e32eb386c

SHA512
df389a5f0c5422105b8eede23ad0f02d2310c51c2158fdfb0737c73a356cb48db8b048bd60e970baae7790658087ba7baf7ea40a75f48fb325c02759a319a8ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
492f6887ba212bf52823a6a0296f1e64

SHA1
eddfb0eef695f5359eedbfc1c14d2c8e46b2acfe

SHA256
9c4beaae93edc233256c89aefd66b383dabd1165b0ea8ca297169f162ba8d46c

SHA512
aa77f0dae22bc3a1697f414060b2213d8d3d8e404adbfd39d88c713b75bc932fea86dc3dd07b5141d6bb8a1b58495eed20d79e3bf08afa9026bb41aa758156ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5e1a4c5a0228f65c_0

Filesize
6KB

MD5
68854be3d82adc8a48b51f52fca10f58

SHA1
1f84a4baa4eb267d50f1cfb147531ae0c510ed6d

SHA256
b1fb8b6857bded5bc72b9735beabd7cb8364f0b236cbbf205e44f2cb79eb84d2

SHA512
53a08ceaf48ff7c9c43cb1b90805fb83b4bab310780b1c92a25c9e8fc6ec07110e4f35b0d2bbd9e9d30ca61dbb70ac1b27d95263cd38ffc0fbe1d940435e67a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5ec9ce5631ffab2a_0

Filesize
202KB

MD5
543a63a13e8d47c9efb1ffd01481e435

SHA1
d31ab5bfbc1998521e519b24bc53cb17fde5da9f

SHA256
4238f8be07807b78d9d82bd7c05c4e61dfb9cb205014b6a6ed8febf72dc08e74

SHA512
92f5debe8c8f14499bc91f52aa7ec69a171da4dc113345e15d8f33d887c923de4e98e2a3707b402c36de678213b022dd2d07a9042ead7a7232e6aa4bc23fbced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
4KB

MD5
c0d8452230c4cdc6d4877d6d2f7edd38

SHA1
9ed692b37cbaa8878752feb6361674451f3132ca

SHA256
bf1b8278005ed8101ca6f2ecd381b1a54839bc451d4662e2bbfb7c1740941933

SHA512
31a8ffdc5929a73f0a72ff9a58c2ebfd2c3eacde0e46fae3b5dc166ffb26717c95e6ab41236509715ef9292f3854a5ba4f978b902388981e73cefe2af473b3f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\67c6c586f2245e6f_0

Filesize
3KB

MD5
90799433321c7efdee80fcdc7674bc67

SHA1
7d770ce99dd9e255e62d4497d4abced50af4fd00

SHA256
63ce62a8b3f6a09cf72e332ccac6523c92bcab1a7060652bd0097e49e7f9744b

SHA512
42dab077eb7886309270d34aef622c43cfd5a615205d2d486325f90d310aceb72d46feb9d71062642d6c533548a765799c53724ca8445c30065c075122466951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6db290dce274a012_0

Filesize
4KB

MD5
5e5d4a86116d93d51023a00e35e595ba

SHA1
1a05640a16eb7d46a893ca10dcb2b70bcc2bff01

SHA256
c2b88dbb0efd32d9f1319e3de54337a7de2d033109c05a56a89382ced2763a7f

SHA512
6ecd250d542e0edad41dcf0b342ca6096bf12a1bb8f09b0cce8eec07bebff08ac1bc887ada77e4f93766c92044bc3289c734a3b125ff63da17348fe1265946ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71da22abe269277d_0

Filesize
4KB

MD5
02280744dd0765045e0c96e4538092f5

SHA1
f81f48f9fe4175e8eb3c3bebf631111ddb5f79fc

SHA256
036acc8d246fe308c757df701879232bed13baac496c80f04e2e116455e61094

SHA512
c4a5e1c8ed862fbc2236caf89a4016316e8045a4ee739a0a41826ac772a6e9307fb9aa90c4e5371b1e06c79fa284e0ecad5219ff95392c5069f4aaf8f641122a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
d72295d76a53a2f45259cc5a468a0535

SHA1
326eea8a33a6739406913107f51be4ef1243dc0a

SHA256
6bdb21b5b43abe21b8ccadacde6007a938746002effdb38ee29c92f69ccf6de3

SHA512
1f47051660265d1320e26dbe8fcffca2e80406cfbaafc1fe694bf7bd25bf92868da09f8f7a7666d149b239aa957ca9c88a970f895e8373adcfff54a14a76ac4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78bc646c0524ce58_0

Filesize
2KB

MD5
9e9e96ccef2bddb3f7766f44c1251f07

SHA1
e00f0ae80da8b428c9524ee8d2da33d4abd33311

SHA256
7726c049711b62a6838cfb2927b9eced18c282726597713acd1a10431c165517

SHA512
d068464c25a9a5248bf258b4e1e1f69b8923e0586636402e8c6b2b87ab408ca9524c417144597b5d8895a9389aa08d6975c2cdb71a183c7bd0ea2dc27c18e0ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

Filesize
1KB

MD5
57304a4b85de073068e2ce439a4a5d6d

SHA1
9cb8d8e2c665b7421abe5ba98b80b293c82426b1

SHA256
cd0cac5a9a135715cdca3164dc73734d4e6da092a0000d065c1b4bb9a1705f3e

SHA512
3fe7a0eb3b61e7c0576e5c855ec74e28c4558bd4b915f2aa8b1040d00848206b024ab33c1f35bee3fc59279770babf12eb459ac0ff290352f787a1aa219d5599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d11df596af7121d_0

Filesize
3KB

MD5
db8f1775ceea188bd5052eb4ec7b86e4

SHA1
a9aa4ca6cfcee3a9627cac0ba988497e0bd2aff2

SHA256
ecab3929b46c4cc894ea8f110f8a56a1859d49e9dc27c3bc4886a4302687ea0c

SHA512
96bce271dd757ae1b06a10d38cd15379684c83c3a84f102b78bffdf5ea9f3b889826d2a7287eacbac5e26b1c16e569373eeab32a7a6b17c9b0528719198cb691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\82af833e9b5cc26e_0

Filesize
4KB

MD5
9ede7a3fe6412942c34f279040d9b313

SHA1
a27d689630fee2b5b4cd86de10bbbdfc08890ef9

SHA256
64fca77714fde53dd8c104636468ea1eb7d38855b56d07aa67ae5eaca3e98c33

SHA512
79b27cb0f937be4215093054328b21531c0250a048160ea8b402ebb97879f7f62c942a21471560fe7c94e06b96ea31256ef0bf5e8947a756b5e03149b1c068d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a02d6a9f66d5dce_0

Filesize
16KB

MD5
755cdb481af30e8d46b613676f753961

SHA1
eac31e78b0440457137eb5409015207624dacbc5

SHA256
e5c4f8bb261641115fbba2aa4c1c321f0b5844dd87d234164470615e888a755a

SHA512
7d0ed66ed9d396733ef7c018dd2bc1b38411ffdaeb82f4444c89b374accb19c630f6dfea8684483fe9c6cbf0e4bf046501759c35fcf4ed59d78595b34fd78895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
9b4123d6eb0fffe26a72bd4a343b6131

SHA1
58ae50db2ed366d41b5a01eb4843694e2a1110ef

SHA256
f058c6b4f4d044cd0f54b123d1adb5d7231ad7f202797bc76b10ccad7642f92f

SHA512
f5f0aaf66f52da276c207c6633731f4c288eb5c47ef42525d11c90fd5f90f730c0f88b6534a5f853fc5c1b023cc29eb1a436a08dac72aab7aca66536f5cafb38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a28b766f2e67bd61_0

Filesize
11KB

MD5
a2d92c0afd52a3456744622f0d0a03c9

SHA1
3e5c85cf792f16ec88fc98be129bddf7d602e94e

SHA256
6cd24f40cdd4be1c27b2e35b9b2c2da24c3b3c79faff91b937ab61138b37171e

SHA512
2f942cf64d83133bad9202952021aeeabe2ee9c2a4a7ab1e063dffc17b71f1705bdd2c62d1bab0e86109ec4e647ef400ef5d2574ddc3455cab9a0dcc96d57f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae1cbc3bcafb4f33_0

Filesize
2KB

MD5
fddcd116f4bc1682f4bc3963536e48ec

SHA1
c8a640eb6a0231deab0bbde5f76b5e915193c17f

SHA256
8650885fce91f37bc5fef246698cfd66087d55ea0941615e39a64b130f1886a9

SHA512
0a9f47448e4450ea745ec907442abfa3f69080b9f9a666d8c2a826f023c63407c53ba76e8a98f7da30d910cca399b0b07b38ead52d1593065d3b1c9d0cbc7a6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
1KB

MD5
c41a10f07a3897932be0013738b02147

SHA1
1bf4447a65687dd1ca4e753678b3b1753a713036

SHA256
1b8872dc0973a1576bdbf0a901225ee45b4195c9fa7f86d6c8ffb1ac8eacb631

SHA512
3343534e7a1340769b88215d20532e477d87bdcf1cd6419e009d12060907b876fdc4ecc93e7c92c4a829e3363c41c14e9c264aab4d311339c629297bfda0bbf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d14b77eb7bcbd2bd_0

Filesize
14KB

MD5
d0224dcd6c1fe5a22221d36e9691882b

SHA1
134f2c79d256914d30efd2a0b17ee3fd9afe9998

SHA256
0e3555df11814e1e93a131ced9d6d1d2b5eea799f63d55f14121d0d1fc5edd73

SHA512
b356341e91b9b2544f827b76914b6c8444f95622da6c067d950a9d17bbfacf352c97dca1abe9d9c638d468d4e49056e15c196f02d5d510d17da21136a62fd199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d45aae6d8d9c9ff2_0

Filesize
7KB

MD5
d2f128fa454a0adc82210232bae96d31

SHA1
51686d75501ff500888a0ac706b14558ba9f3766

SHA256
1d97ddd1fb4b3d69bf5e363d44d0416a08b77ece9338b8d09622f9f3aa3b8548

SHA512
a7889f65d39aa18468c52b9abcf5631cb524457eb52d444093435f3089dd396d964073ffe27bf930273472a44bbc39a52ac3c9055d276144f296048a97831828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d6368796cb28ede8_0

Filesize
1KB

MD5
fb2ee31c6399ad3f60ba5eb96395009b

SHA1
7544d65d3a3597858216a69ad506757fee35bfdf

SHA256
bb16ea21a589f1465fb7bcfec919565af1aed30816d809bcf68731faa8ed92a0

SHA512
33bbaa707676368c846de1d58a371d52b40e1348d977dab166d591b4ebc77a287a16ad95c45a30fe95ee86518f5eefef8927b3cc4178e31b40e84b8f80ded00e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d9946a3b55dc185b_0

Filesize
5KB

MD5
ef4690c858e4738dfc8807f19f9561ba

SHA1
ff1ea396672a5bed5b257d611d0d1c1e466fc954

SHA256
09b282a0ff748b62e539a7caae705fc02cf8d626ea9e6fad7c85252ff45510d1

SHA512
d851a9ef6281dc6f78c3341cc063a761c6a7f3c4ad635806b590ecfc23698d0e2d779db11f1359265a274420a40bd500a72f06c3dc38a71b426f0e1a6c2a5b9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

Filesize
6KB

MD5
c434d0b644797320f393a561f72eb1fd

SHA1
997141d5f3e9bb882a715b42f38fc991bd084fcd

SHA256
5ce2bdfdb783298aab3045c3adcd55e2d521da9f71d7cc35908c8265ec7a9970

SHA512
39400fd7c7c63c8394be08f0823a5a8142f0d05800125e33765f29ce803b3e9ded8be453c87bfec2ee4450fe6260c39820acc3509d2d28c666856f07e8356a82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
a68f87ab9b9380eaa8f5ce952cc4cec4

SHA1
54d333696c44c0d53e1a3b9be4df5006af2fbaa2

SHA256
85613efa7ab1e4455382459439974fdf871f87ebe9c848690e6aa3282299c572

SHA512
6cf352fb92c9cb6f6d09c8e1fce53d0f9fb2d9c636fb21318a1adbf296d55f04e9d4adcf15216e3cb8d57995c2c63f0b9048daf049b0fd01efbcbe595ca3d13a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9ebbecb33408c3c_0

Filesize
294B

MD5
e45d908e5bd48243503850ff5b3aa1b3

SHA1
19869f424171360f7048492338c82c6ade9da894

SHA256
f204f76379eb8e7162718c85b4b492572069c14bce84e556153df7d4e47c9307

SHA512
69bc201d5e994417a6588717b9117ae1342a834d7e9f71dfeb9a31be682e7d4b460df13ffb88501347cf93ed0151f8ea8b40d329cac93a1f0857b91fba6bf62b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9fab0bb8039bdf7_0

Filesize
11KB

MD5
baf23210438b6dd667134444d52182d4

SHA1
3922c2e288b05dee1a514fd3f81627ea4e54046d

SHA256
72cb11a3c0b3e3f308387e8a4bf2064a34a913b4f10858963284827d9665e1d8

SHA512
2390aa33910a570d987949e118efe61d7db49f853583ff871c2da72bfb55d7a2ee525ab9833eaa8bf7f09b01b3dbc44b9558356336c071b708d3c75ccffbefa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ee874afa8702dc2e_0

Filesize
4KB

MD5
a1f0e0b073d9a116189278660f9fc23d

SHA1
0f9c1b060eda843d112c07a4f2b08403fbe8b844

SHA256
68407835c3ba8bd760378f1466f84126b583089e76e49dad83d08e87f9638907

SHA512
e335539117faefe35ad642eb053754b9adf92a00fbfbdc08eab8eb7694b88af44b0c0fd5f2f4253cdde9b6e0ac9c91bfd63cde7e907cebab02ca376cab7b4d72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2768a8c57e00a31b6e32e16800cd5589

SHA1
917c52a642c826f95744f82878da0c5009a27cc9

SHA256
840a6697d661d8c6ec5fa2bb7bbfb20634e0f4ae64700adb8546894434e5723a

SHA512
d590902afc7e7baf794b4295e11c94fafd5c5a2c86016020cf7c7ae5b9583924b8807bf5d4da19aff648da1792ad1127ba636f5a084eb9b60094438d10db10e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
213223dae9dffe9ce194fb318291ded7

SHA1
72d51f226d8550f320aee6ddf7f600d750f9423a

SHA256
2ce8e152ab3bc7bd56e96c1abb9c030ad82fcafa5e48897acb7e9c400a7b69f9

SHA512
fa1679b28adf44e54d4beeed60a3a99e4925f1c213a45335f0ee5020edb69eb71b1a235d62ccf59c205f99ff053ef3e2c6518d91e6c4c5facd7fe3380df9bf3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c8828104a52587ec8d5065e88acc7283

SHA1
6d2adc17b3ca8d2fe3075ae7e356f7327f537679

SHA256
1d2c5f1a663226755e7c084756bf88a9b2732618ca86f1e1dc9cad997f2317a9

SHA512
42fbdc55172bb3d99f2a03bcbaf236c6e93af08dda0306395c0b8de5cff614824dc57b9db6356398924d6ccbf108cbb8678c35d0328d7e79abdb3c2f2b7b6434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
52b61673e01206900e743fdbaa045465

SHA1
31dc85ad3b1a79c9c2493fe9cc3822a4052a0ad5

SHA256
e64bbecd9930ed38e6faf1b9c3c129428f722cc1cdee6c8acbcec160c463a7a1

SHA512
6c20fd1fe170a71a0bf447ccd7815462f00ed9cf3f000c48913f8c28cb50a92c26f2b1a82738fd39093be8537c1c233a7f8b0a4ddb9a41084081a73f8683df7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
915B

MD5
4755fadb371e60c06388ab0244c9ccd4

SHA1
28fe7da8abed383b0668ad03429d5d613d1c53f8

SHA256
d3f240a65ac094ac765e5d5ec90e9d8a1aa56ea6a06f9fde6209cb3837faf25d

SHA512
0416cd1cc362cf70586e70ea45261eba78a2d31c9a3bd979d3fd9875eeb22e1b028144a7508f0eb0601b7d00995ecb3ec4a9f2cbc79735be9e02db0e262b416e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ad14b0d234e8be9d54f8ca0ddc691e55

SHA1
6a1cfa577ab09815a67ded64e0a8ffb5b8e35d61

SHA256
d135b68b1892b9f8ef5721bcecc12fc692dd52327ca32373497f943607147791

SHA512
fc6a309d12a8a1bf1f46cd33a4bbb5e496cccfe3c678d09674781e106d85aaad81378557dc239992b316a24004a7c4ee0b06d2c4ae2b6d32f268295dc53be096

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ef0d58854598030cdae2d1ceca92bc06

SHA1
66883b1521f0dc3f4556e2fcbd76739dba2c1f22

SHA256
878cc26335167fa689a27bd748258ea5d1fc640f2f8336dc2cb8a42a6a1108f0

SHA512
db68a22fb5d82baae3f9f51c1536ca6cce4871207549928ce43fe21ce7e3177728f507a46baec1f73e1cf027cbd012e3c25cf0e5ef1cff0d75f2c3249ed3713d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
20a29e44a2ce097205bf3cdaf9e07bc1

SHA1
e69a4d773af3e98335aa74aeb71e2dd425b66c59

SHA256
266b659cb6c5367f3e08976b6c5c435cd72ccff964c7a09deb3317c72c89d733

SHA512
2ff89d6c993f948284c4f10c4e411b26ac1561136bc21dc5f5203bc50eca993b49265108f1d4a87234131c312663e4fd13da7b22a600e501e30bc47903372360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8d0514865f0889be34bc225bd0549a8a

SHA1
3209145d4e85b2bd9f898f7698941b813211f705

SHA256
a6c01dcce86ec9b6e73d3be9e3ceca5b8d92949079a563b9cedd97c74b9a6234

SHA512
3d958f678227efe3eb60841f47bc274b8c3c126d922567d4b4d78bca1520792ffbfeb38b666012164d6633116d91710cdc799e5f1ab040cd59314ad636b872bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
32292d10fda09bad15eca7b95eaf669b

SHA1
8dc61f0aa0815212a45b22b7b319112a50e8910b

SHA256
6e3ab009d69a360a2a7ca306f9584bb31073245d752bb86aa0d1e338855f8702

SHA512
39c619b4955bb8b1effc2c65401ce1733d22c807d092de646727455d7424c246b9c50efedefe9470c8687a7ffd483629050263e8880d724455df32b37f4f2588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ea48decf7779f692e1bed5ecb381aa9

SHA1
b5253145547e7325f2a24eb6b972c338869a8041

SHA256
38762ecb809219bb0253167a1842f2fbe0b697b98cb665f8034d59cc729557b8

SHA512
d7066661d4f2f1bcca881a90e72842df57ca9602ba218c8dbce3a339c708c3fc91ea326bbaab973c2ee36bf0234afde75030735879d45d825a51d220f114dd0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1da9514e3ca998aa81caac12e1e6c577

SHA1
da91719c9cd3338c8b1c10bbc83849f4a95a6a44

SHA256
76548a824c885fa2bcc1310846dfba5d62a68072be7dc5791b5eda80011e75b4

SHA512
9d67df2b805dbe857bd2baef525deb010855c07c03fb2a9b8687fbd1525caf5a3c33b595cedaaaa39e22d72fa5b324d4a1061cf5814017565b35b76d240150ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9411ec153f60dac1eaae1aa89f9ee0bc

SHA1
58339125fc2886a444acb88de9ab80c9dfc20dbf

SHA256
c339b6ce13ca4a961f4addd7701179e3654aa34e4a7e8983cce9605d97910d93

SHA512
66a90dbe40ca4d5e25a3a967c05a7a0bd4c4ff0f128d9b7583a4c1cb1ad26827cb05dcec857e385f4a2f98f80e68df329eba56b52e040523ee6eef55aeea66c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0876cbd37a691fd508e34431e34fa161

SHA1
8b867ac7f142500b650d17e3b74af98ca1e0da61

SHA256
a4ade47aac4b738f497b58112f759710235beba28f2c934b3523178539243353

SHA512
87e7e0ca9893eebfac1d3afdda413d4e4cb0a73d3e0e83722b1075c0262e44eb79ade2bf6391a29ca4ccbd3ea71404d94fa4e819615f7e5eee81a6703470cd2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
340b7a1cd6dbcb41f7966f5aa6a49658

SHA1
22e5ed82bda9cf71cdde1e86fc351aacfc38a89d

SHA256
3888ed3fcb88f1c72ec520ef495af60fbde407288574c71dbdc35b3f099b6a1f

SHA512
67d9db95f11fd0328e266b68ea45b98e1643918ab25734204fe6c18ec1fea7ebd501be3f6404df6ce9c64d98d09a8c4568d6974e6d1dc7daa2cdc11ccba30677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
872825b9d6579d109a288be1748b9522

SHA1
0525e7e4d09f414233c9d3a17b4ecc0c3bc45053

SHA256
9e78ddceaf79446ede8cf20cce9e982d77fd0592639bee6dc138ddb299b3ed8e

SHA512
8029ddd00b7927ea5e08ce79471c00139cab1a39c5e11ea81d96fc5967451d03bdc4793893a18594305b04f5f9e6a9a2923ad3f3ecace624cdb94a8652f536c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
00b2d5466d0ca3ea0e48bb2870187d11

SHA1
8e86ce40635f74c8371f5950e328c15524602a99

SHA256
1e75f3b7053ebdfec7c7041b05c47251ed724f119c143704fb46794efdad9ae6

SHA512
3a09494d5cc93f53b568fc749aee5ac681156d948b433579c8cbb4e6ee9d3fdcd23b143eb2d2a8b978d157caf06d18375074d0519d99f90ea0b7c2f3691b8e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5aa0efbca51885f7a31940d240a882aa

SHA1
e59225d7fd80b7c4f1d00ebe4fe437b94a1c56a5

SHA256
f2591335d4e4fcebe4a66daf0c59fa99b28e77e5f2271b9ca3a4ca36c32b5f66

SHA512
2d63860ab262a847e6eb3d400e035dfa77649878f7881a0c117c495877a35a0f8af3a2e85267ee993b3e179f3adb1fbabd838b2aa1e82e88f7747cf1327d6811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66d3b08e7accbc5f47638fa4ff50cc25

SHA1
c373a441bac3545aab9dd2bc99ed54ce5094bebc

SHA256
00031b8db2247a3ef6892ec0a6e9922b57774a60c3d4bbe14b3f2f52c615467b

SHA512
74f362da76a75c2d0e93eb4c3193994471b896964d47be1400a2f1ed85a28a045fddceac510616de3e8466eca76df8d306b743d0158a1ef502962985c2bf12da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a5ebc8c4764b0224dbe3f60667c1fe19

SHA1
95a1ba21b4f12b41bc5be3253b61a0f44ccab164

SHA256
3ad4c03c37f0059a1c101af9b76690759d4845ea7f6ba3d9fe9dce8f91feab65

SHA512
ed0dee160358aaadf6c8369a8512f558df6eaeeaf9d2977e8959e08ceb8f81c04da9b69fdccdedbb79184f6ccbfa02c5ef080c462a517e0e75cf9b248b795dc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
49dae5544d51792474a570b267aaaa7d

SHA1
0c540e1752e317ceb67a2721ffd4175e5290f82b

SHA256
8769f239038607e9557da5b8fdf9e45e710357688f2309a81f7b158638f6d4dc

SHA512
6793fa556b75428a1395c7c61805cc831be5336d18f59d75caab14a57963dc16ccd6fefc6af824b02ea80dd2a673f93f2ba89f712b3bb1888f4e040ccb891664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
06df560f6dcdee574263358518b713a3

SHA1
ef2bddd69a54e8df1546cfa47589f50fe4e78f98

SHA256
9bfc14672c043a19e636183d3168ed6b5824172b982ef82f2a1cdf4cd80f90c4

SHA512
fe2669ad41e361691da9027b5a0eb05c31b875b0061714e11ad5ff66ebcef3466332573f989645bc78b88216f4b3a0aaa2ad168504df8fbe033deeb214fa78f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
34d161a7d084aa35a044f0b10eff02f9

SHA1
96a7ac361d0bf907d7fa2f0d9c31627bd9a6de40

SHA256
5acd7a42bf22560918ebd98e512d3cdf63e5d48214ebdf71a94c5bf76bb2860f

SHA512
46ea709846e64d765ff7dd02a12352555cc960f87a2fcabc35703ecabe5f1e2e3f3b74301a30acbea8bc2462186b91ac22c66c5d9443e5e5d51a3829b6d76ac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
aaeecfd5ad7f82de497da397045ece98

SHA1
5e2d3638b60f8435e1765908055ca82cac6f5db7

SHA256
471c09236e61695cb22869fdec37071496a687aabadca0a05c3458d011dd675c

SHA512
7e955ecd6e4a70956657200b84c2e6a475e6af3c5c89aaae26422d7fda34154daa5040c3b7aeb06ae3ac4ed6748729c7bb820f406b5dfe328095a9f6ffa1bd89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f2de9544825a438a21d003e68f9a2edf

SHA1
788078374045622c49bf849403cfa174920a5af6

SHA256
20aeb5ed0af4ed490247835b5643df3dfa99214a5fd8259fdc7711a521486af4

SHA512
7fa4a0cf28f856fd3261054399207ae4bc7d339492f1570eb5840dda8a71cb19a853c22bfb5217a7589cffae9411d9281d3dd162e30da5745014b30722fc175e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
41ab80157e0f740a5ad99c3d8639d9f0

SHA1
16fc0d7f332c5a01eb91874de6ff46566daf15a2

SHA256
e18b579584c5c6c3f2399c27c56fd15f64e0ff8f0a84672714291abe97c07971

SHA512
6f6f53361c011b70f312db820a7717b7f300906be8ad3d97261f4d60171f1d902e497e986958919378cfef5e63e4c554004e8aee5ee7423743a36c964aed11bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0e2902069a0317211e5094f9b769f4b1

SHA1
79b47f892bce5d6fb68f8e928044745d8998390f

SHA256
5df4fc8f2692d4a6e966b49ae1959c40b51098255b2c2cbd43c22bbbf45a0ed4

SHA512
9160f4ecf521249146ca181bbe8eeea2a7cc8d16644bb98c277ca98ce25bbb0a775a884086c3651f1cfbf4de16f8a72a2d3a7f81c52a9ca085988617e1b1663c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e6ef07f7111beb8c9fc5c87e690ef3c7

SHA1
e5fe21118e2166e1c68fc15ff65ee79df9e2988a

SHA256
82449f4f770d554d86748784006bf898ccd2ef18ecb6be8e3c03f0523ad6b2e7

SHA512
6cd2973e0b3c8ed7c9ad489bb6cbb4215dab22c9db462ea63a1cb1c4994c1b7216ed1a38fd3cd8d53f9e1f47e7776c98d19f9dca4ce51d440dcdfe2e1c95f044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
288b47ec81cb52a01540534a37c8da4b

SHA1
31b0f4f1016c0335f49e22460ff9c2c51a4b38fa

SHA256
7872ce6b52553faa096831a43b37009eb65f3e468fbc5241381a136839434552

SHA512
bc7e5e16971eac03865710b370d5b859f35b0679e4ea83cc59d29fb4f43649004d02c881113057ead469fc036d56991c8c053dfbcb06823f1e1257c1279aa7b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6e9d8ebd44dd01519881139149c2ed06

SHA1
d7195b8409e185f96edcb1f5bf7fb7eb40cdf6a3

SHA256
96a3db942d41b371fa71cc884d5524d49c3e16b6e738694211455bbaa1760714

SHA512
a7683b7b0410be1a484967d2b261573e07dc2a79690300e56f068320c4993ff93a8c29e9e48ec6bf3848504a7e581e8d6a01433f2c162eb61c612941f6a214f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3a8ca419de77c1ca26d0f294d91296b7

SHA1
a70db290905aa509fcc3d00d1deff3c738248d36

SHA256
25915d025ca0ab0b6cd1ce7654dd7b5a11005f5aded35749dfbf31d09bf703b3

SHA512
42d8d725f73941f86f82a5f2fe7ac56aa62b93875fd441ab6bb21ab46fc9f945e556f8f7e583e42af4885077c57893aacccd9100f0dacd28faae1caf3421ff88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
1a3ef82f1e8f89296e641f46e7ede69c

SHA1
e39752039849a4e0eeeda95aaacd0abf89ce0b16

SHA256
7136ed5e3be9da9bec3c98278703943097b06c9dcd05bdddf5fe0502b31608ab

SHA512
e8c350a5f70bc93a2463ce0768d9a07ea5cd65b3271b918444e6d044d9c8d5db4bfb01b8799865351f3d17a527139728f2f2d223b90c94bc2fb3cd935b10fe7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bb5c.TMP

Filesize
538B

MD5
d5ed06bd6f49448a6689bf1809c98b6f

SHA1
fe49fcb55e224ed837b20ec818917c4079e8d189

SHA256
d6d2e5e35edd932426b4b23bb91aaa0bd230da233bc8ee61cf7db8ddc2c7c340

SHA512
cf113f5d877b499e004f23c84e8e544a09790b8242b311dde3e39e477ad2bd4f91505dacd2478fa10df60b825be677053cc1cbe6a93e6674af1dd4d114ba99f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f04b35098595981fa2ff2c67a999334f

SHA1
37898d908c0d5f89b063be1c14ac0e59058eab0e

SHA256
4a8385f2130c8e2b9c7dc924e0dfb3fbe4fe40fc453124b767343027eebbee6e

SHA512
ac2b2299d85067cd116e31277b043c69a5ea2cc1975904c29cb566ea1ac6e54a8d287d2096989f1d31664bffc635029fb0e957e52bd279e800403897c9a19f82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
d38c1e059a48ac83543e9f944d4376fe

SHA1
2013cb6fca0953b72c4ce101ada305769a39259a

SHA256
6bc49c76b53aa90b18704f4d6127507073616d0a1d7770be2fd38e18c70227a1

SHA512
3ae0c3ef103bf28dcf5375fa685ad38bef143fc384b1a82e98a93e905c30548a6d7a2e1391c4c54e90f87ddc13eb278e89d18420732756e6e0e8bfbb1340a96b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
81eadbfa369a9012f87df9bbdbe3d225

SHA1
dce948202bff4c310fb28960ebd94eafe93b20d3

SHA256
1f3e5692a3d177381ee64799402e34e4d7cf2f344806fcf3ed0b488ea1a45193

SHA512
61bf8f6cfdf2f3ac932168bb43c23c6558fdd4fdc215f5f544fae107ae9312342dd4af0f4a9ff98e0bcb856d01cb89f8cf2f756de87564f78416eb1c72925b85

Download Submit
C:\Windows\SystemTemp\msedge_installer.log

Filesize
73KB

MD5
baa3309361cb3abae97d030c92adf5ed

SHA1
cece30f9e72f4bfaa990b2a1ce3119e21add871f

SHA256
a87692f8b485591006ed66039ecaa924e035067deeff5851412186eef2c844ca

SHA512
03b74304e5c53c2f10126523260ee30e42488aaa98d0cd34e70979776fda33f739970acf8827e2dc96244a78ee948070a3b564b3138338533b32b1b2d8aa745c

Download Submit
C:\Windows\SystemTemp\msedge_installer.log

Filesize
102KB

MD5
61403d734a8683e38f8ab0e8f8e26058

SHA1
41cc90454de81ab96bf59de74f23ddea2cb0346a

SHA256
ed59a67185f09c47401beb06c336e7dfb7d87f0f48fb98e6e645966b7c49cecb

SHA512
5f6b59ef5f5bfc1fc937b92e5b1b6dc03e265e42fbce64b0ca89b4ecaa4fe6a0871a595b94f3e979baf0a147e4e24f895a7bfbe5f0373eebcd88e3429dc8c3d7

Download Submit
C:\Windows\SystemTemp\msedge_installer.log

Filesize
104KB

MD5
af983ac193807c07d6e0bb52c38cdcb0

SHA1
3bb2aed3dfc146f803b6bc20cb9c456b14c691b5

SHA256
2124c5d66e89af24a670bd0a2f55f77be7cc28629df59673bf42b67af81013b0

SHA512
a9aaa85af940fdc3d032ab82ce639e7a8fcef744d97868e2b1f2c8ca55a4dd65b2afa6a470e780d270da7f4e48f8f819e71e0cf82b4e8894ab0c16a40fb8574b

Download Submit
C:\Windows\SystemTemp\msedge_installer.log

Filesize
108KB

MD5
d2d33a396431f9496cac875a8aa1a154

SHA1
0e0e3ffe3f14a1c5c12089a0302b3e5b333836a1

SHA256
1824a0245a0b487f91367d3e9b863f9799400774feab8ee1eba5a071e51fac02

SHA512
347d5c8d5dcd866a7497e3972df7d3f7031a18a32e35eb131549dba359c851bd94314f1528520edbefd1e033febac4357d461888b2b17cc11932e362a0a4fa93

Download Submit