Overview

overview

8

Static

static

FortniteLauncher.exe

windows10-2004-x64

8

SDL2.dll

windows10-2004-x64

1

avcodec-58.dll

windows10-2004-x64

3

avfilter-7.dll

windows10-2004-x64

1

avformat-58.dll

windows10-2004-x64

3

avutil-56.dll

windows10-2004-x64

3

bass.dll

windows10-2004-x64

1

bass_fx.dll

windows10-2004-x64

1

bassmix.dll

windows10-2004-x64

1

libveldrid-spirv.dll

windows10-2004-x64

3

stbi.dll

windows10-2004-x64

1

swscale-5.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    499s
  • max time network
    508s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-01-2023 23:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FortniteLauncher.exe

  • Size

    58.9MB

  • MD5

    fb6b781b897c65227a1a2908493073a2

  • SHA1

    955cb79e8acc3944b1b3b49ce9429dc96e261f0e

  • SHA256

    b7dd1dfe4c77b7dda61d53945e4069a128b07a64916261ca04e776a7d2646c1d

  • SHA512

    156158a05dc80df327414ab9e0fff50f573d3bdb9bf5a28b1e29825dedfaba0d53c262db026e91e2c4fbd23da95f88c17656d59e41174e3c0ea7f9a551e9ca95

  • SSDEEP

    786432:AIXau2b1lTH8gtisALRwejAw/LSqacUOF8YhytBSN80xzbv5o/C6vSUdZA:VXvUtHfssgmepLSqaaSYhyKze/CUpdZA

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 29 IoCs
  • Registers COM server for autorun 1 TTPs 64 IoCs
    persistence
  • Sets file execution options in registry 2 TTPs 4 IoCs
    persistence
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 64 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 31 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 7 IoCs
  • Checks SCSI registry key(s) 3 TTPs 31 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FortniteLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\FortniteLauncher.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5040
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.10&gui=true
      2⤵
      • Adds Run key to start application
      • Enumerates system info in registry
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2776
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8356e46f8,0x7ff8356e4708,0x7ff8356e4718
        3⤵
          PID:312
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
          3⤵
            PID:5112
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1068
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
            3⤵
              PID:808
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
              3⤵
                PID:4580
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
                3⤵
                  PID:4504
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5408 /prefetch:8
                  3⤵
                    PID:1928
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
                    3⤵
                      PID:3268
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5348 /prefetch:8
                      3⤵
                        PID:3956
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
                        3⤵
                          PID:4804
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5952 /prefetch:8
                          3⤵
                            PID:728
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6000 /prefetch:8
                            3⤵
                              PID:1060
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
                              3⤵
                                PID:4084
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
                                3⤵
                                  PID:4872
                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6720 /prefetch:8
                                  3⤵
                                    PID:1296
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                                    3⤵
                                      PID:3144
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff643d75460,0x7ff643d75470,0x7ff643d75480
                                        4⤵
                                          PID:1972
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6720 /prefetch:8
                                        3⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:1060
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
                                        3⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:4912
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3948 /prefetch:8
                                        3⤵
                                          PID:1184
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4124 /prefetch:8
                                          3⤵
                                            PID:2852
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3212 /prefetch:8
                                            3⤵
                                              PID:3140
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1272 /prefetch:2
                                              3⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:4928
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5296 /prefetch:8
                                              3⤵
                                                PID:3404
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
                                                3⤵
                                                  PID:2724
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
                                                  3⤵
                                                    PID:4736
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3812 /prefetch:8
                                                    3⤵
                                                      PID:4216
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3540 /prefetch:8
                                                      3⤵
                                                        PID:1640
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
                                                        3⤵
                                                          PID:3092
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6300 /prefetch:8
                                                          3⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:1044
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6864 /prefetch:8
                                                          3⤵
                                                            PID:4944
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
                                                            3⤵
                                                              PID:960
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
                                                              3⤵
                                                                PID:3360
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1072 /prefetch:1
                                                                3⤵
                                                                  PID:1868
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3572 /prefetch:8
                                                                  3⤵
                                                                    PID:1748
                                                                  • C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.13-win-x64.exe
                                                                    "C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.13-win-x64.exe"
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    PID:1044
                                                                    • C:\Windows\Temp\{44A84C12-F219-4907-B580-E6A01D4EDDCE}\.cr\windowsdesktop-runtime-6.0.13-win-x64.exe
                                                                      "C:\Windows\Temp\{44A84C12-F219-4907-B580-E6A01D4EDDCE}\.cr\windowsdesktop-runtime-6.0.13-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\windowsdesktop-runtime-6.0.13-win-x64.exe" -burn.filehandle.attached=560 -burn.filehandle.self=568
                                                                      4⤵
                                                                      • Executes dropped EXE
                                                                      • Checks computer location settings
                                                                      • Loads dropped DLL
                                                                      PID:3516
                                                                      • C:\Windows\Temp\{CDB06F7C-DFC2-4A82-BE69-7A3A9B52F9EB}\.be\windowsdesktop-runtime-6.0.13-win-x64.exe
                                                                        "C:\Windows\Temp\{CDB06F7C-DFC2-4A82-BE69-7A3A9B52F9EB}\.be\windowsdesktop-runtime-6.0.13-win-x64.exe" -q -burn.elevated BurnPipe.{51FEFE74-FD9D-469D-A578-255ECACD59A6} {67E8B175-A0D2-4702-A28E-16DF73CE4C94} 3516
                                                                        5⤵
                                                                        • Executes dropped EXE
                                                                        • Adds Run key to start application
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        PID:3056
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6960 /prefetch:8
                                                                    3⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:1972
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6456 /prefetch:8
                                                                    3⤵
                                                                      PID:3176
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3776 /prefetch:8
                                                                      3⤵
                                                                        PID:1104
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2144,12541268314167657530,13424225195116016718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4664 /prefetch:8
                                                                        3⤵
                                                                          PID:2564
                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                      1⤵
                                                                        PID:4212
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
                                                                        1⤵
                                                                          PID:572
                                                                          • C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir572_255400487\msedgerecovery.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir572_255400487\msedgerecovery.exe" --appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062} --browser-version=92.0.902.67 --sessionid={32f2a93c-6284-4030-a79c-6a934caae2b9} --system
                                                                            2⤵
                                                                            • Executes dropped EXE
                                                                            PID:2580
                                                                            • C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir572_255400487\MicrosoftEdgeUpdateSetup.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir572_255400487\MicrosoftEdgeUpdateSetup.exe" /install "runtime=true&needsadmin=true" /installsource chromerecovery /silent
                                                                              3⤵
                                                                              • Executes dropped EXE
                                                                              • Drops file in Program Files directory
                                                                              PID:4388
                                                                              • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\MicrosoftEdgeUpdate.exe
                                                                                "C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\MicrosoftEdgeUpdate.exe" /install "runtime=true&needsadmin=true" /installsource chromerecovery /silent
                                                                                4⤵
                                                                                • Executes dropped EXE
                                                                                • Sets file execution options in registry
                                                                                • Loads dropped DLL
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                PID:1296
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                                  5⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • Modifies registry class
                                                                                  PID:3432
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                                  5⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • Modifies registry class
                                                                                  PID:2140
                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.169.31\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.169.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                    6⤵
                                                                                    • Executes dropped EXE
                                                                                    • Registers COM server for autorun
                                                                                    • Loads dropped DLL
                                                                                    • Modifies registry class
                                                                                    PID:2468
                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.169.31\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.169.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                    6⤵
                                                                                    • Executes dropped EXE
                                                                                    • Registers COM server for autorun
                                                                                    • Loads dropped DLL
                                                                                    • Modifies registry class
                                                                                    PID:2268
                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.169.31\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.169.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                    6⤵
                                                                                    • Executes dropped EXE
                                                                                    • Registers COM server for autorun
                                                                                    • Loads dropped DLL
                                                                                    • Modifies registry class
                                                                                    PID:3476
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNjkuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNjkuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkJDODI0M0EtRkEwOS00MjlFLTk2NjUtMTk3ODFGNTYyMTM2fSIgdXNlcmlkPSJ7NTI0N0FBMzktNTQxOS00Njk5LUJCMUUtNTYxNkE2QzBCMUU2fSIgaW5zdGFsbHNvdXJjZT0iY2hyb21lcmVjb3ZlcnkiIHJlcXVlc3RpZD0iezQ4M0E3MDQ0LTBENkYtNDQ5QS04NkJCLTc2OEM0OTNFRUEyNH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSIyIiBwaHlzbWVtb3J5PSI0IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7bTQ2SzVLNXoxdnZrTkxIcjRjMXgvaENqZTdaUUxkcUt5WjVOd2d6VjNBOD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE2OS4zMSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTM3MjIzOTcwNyIgaW5zdGFsbF90aW1lX21zPSI4MzEiLz48L2FwcD48L3JlcXVlc3Q-
                                                                                  5⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  PID:1556
                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /machine /installsource chromerecovery
                                                                              3⤵
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              PID:2648
                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                          1⤵
                                                                          • Executes dropped EXE
                                                                          • Loads dropped DLL
                                                                          • Modifies data under HKEY_USERS
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:4408
                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNjkuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNjkuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjAwRkY3NTctODQyRS00QkI5LUFEN0EtQUU4OTgxOEJENzVEfSIgdXNlcmlkPSJ7NTI0N0FBMzktNTQxOS00Njk5LUJCMUUtNTYxNkE2QzBCMUU2fSIgaW5zdGFsbHNvdXJjZT0iY2hyb21lcmVjb3ZlcnkiIHJlcXVlc3RpZD0ie0NCM0QxQkIyLTJGOEMtNEE2RS05ODBCLTE0QkRGN0Q5QUU5MH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSIyIiBwaHlzbWVtb3J5PSI0IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7cVdKU3pXd1BmZGNMUitYR0l2NnhyWmZpWU94aFBVMnMxTldtaldjYUZQZz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iODkuMC40Mzg5LjExNCIgbmV4dHZlcnNpb249Ijg5LjAuNDM4OS4xMTQiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NjQ1NjQzNDk2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                            2⤵
                                                                            • Executes dropped EXE
                                                                            • Loads dropped DLL
                                                                            PID:756
                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9EEE24D2-A1A4-4AA1-8E91-FC2E1DFA5BCF}\MicrosoftEdgeUpdateSetup_X86_1.3.171.39.exe
                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9EEE24D2-A1A4-4AA1-8E91-FC2E1DFA5BCF}\MicrosoftEdgeUpdateSetup_X86_1.3.171.39.exe" /update /sessionid "{B00FF757-842E-4BB9-AD7A-AE89818BD75D}"
                                                                            2⤵
                                                                            • Executes dropped EXE
                                                                            • Drops file in Program Files directory
                                                                            PID:3704
                                                                            • C:\Program Files (x86)\Microsoft\Temp\EUFC0E.tmp\MicrosoftEdgeUpdate.exe
                                                                              "C:\Program Files (x86)\Microsoft\Temp\EUFC0E.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{B00FF757-842E-4BB9-AD7A-AE89818BD75D}"
                                                                              3⤵
                                                                              • Executes dropped EXE
                                                                              • Sets file execution options in registry
                                                                              • Loads dropped DLL
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              PID:4900
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                                4⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Modifies registry class
                                                                                PID:2348
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                                4⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Modifies registry class
                                                                                PID:2288
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                  5⤵
                                                                                  • Executes dropped EXE
                                                                                  • Registers COM server for autorun
                                                                                  • Loads dropped DLL
                                                                                  • Modifies registry class
                                                                                  PID:3848
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                  5⤵
                                                                                  • Executes dropped EXE
                                                                                  • Registers COM server for autorun
                                                                                  • Loads dropped DLL
                                                                                  • Modifies registry class
                                                                                  PID:668
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                  5⤵
                                                                                  • Executes dropped EXE
                                                                                  • Registers COM server for autorun
                                                                                  • Loads dropped DLL
                                                                                  • Modifies registry class
                                                                                  PID:1780
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNjkuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjAwRkY3NTctODQyRS00QkI5LUFEN0EtQUU4OTgxOEJENzVEfSIgdXNlcmlkPSJ7NTI0N0FBMzktNTQxOS00Njk5LUJCMUUtNTYxNkE2QzBCMUU2fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7MjJCQTVDMDMtNzU0Ny00ODI5LUJBMTctQUUyNDA4QjNEMjE3fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtxV0pTeld3UGZkY0xSK1hHSXY2eHJaZmlZT3hoUFUyczFOV21qV2NhRlBnPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTY5LjMxIiBuZXh0dmVyc2lvbj0iMS4zLjE3MS4zOSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjaHJvbWVyZWMzPTIwMjMwM1IiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRldGltZT0iMTY3NDI1ODA0MCI-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTcwNzg0MDYzOSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                4⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                PID:1124
                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNjkuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNjkuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjAwRkY3NTctODQyRS00QkI5LUFEN0EtQUU4OTgxOEJENzVEfSIgdXNlcmlkPSJ7NTI0N0FBMzktNTQxOS00Njk5LUJCMUUtNTYxNkE2QzBCMUU2fSIgaW5zdGFsbHNvdXJjZT0iY2hyb21lcmVjb3ZlcnkiIHJlcXVlc3RpZD0iezgzOEREQ0RBLUI5NjEtNDJCMC05Njg4LTM0QkJENEU0QTM4Mn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSIyIiBwaHlzbWVtb3J5PSI0IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE2OS4zMSIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iUHJvZHVjdHNUb1JlZ2lzdGVyPSU3QkYzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNSU3RDtjaHJvbWVyZWMzPTIwMjMwM1IiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU2NTk4NTA0MTEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTY2MDAwNTg5OCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTY2NzM2MjA3NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2RiOGM1YmY1LThmNmItNDMxMS1iMTU4LWI2YzRkYTNhZDBkMj9QMT0xNjc0ODYyODcyJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUpiWWVHcnlLMiUyYkp5OW15dXN2dE9KN1BJVE1McEZwTUNnTW5jTTZXYzhpUmhTVmFTZ2d2TmRHRG5OaUJtVlN4c2FkQTJPekVvcmxHQXZHd0lDNzdQUnclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iNSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NjY3MzYyMDc3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9kYjhjNWJmNS04ZjZiLTQzMTEtYjE1OC1iNmM0ZGEzYWQwZDI_UDE9MTY3NDg2Mjg3MiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1KYlllR3J5SzIlMmJKeTlteXVzdnRPSjdQSVRNTHBGcE1DZ01uY002V2M4aVJoU1ZhU2dndk5kR0RuTmlCbVZTeHNhZEEyT3pFb3JsR0F2R3dJQzc3UFJ3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTU4NzE2MCIgdG90YWw9IjE1ODcxNjAiIGRvd25sb2FkX3RpbWVfbXM9IjI4MSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NjY3NTE4NjU4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU2NzI4MjM0NjYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSIxNDEiIHJkPSI1NzIyIiBwaW5nX2ZyZXNobmVzcz0iezMxNDc4RDk0LUM2QjEtNDRBRC1BN0YxLTQ4ODY3NTBGNDNDNX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzMTg3MzE1MzU1MzgzNTcwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9IjE0MSIgYWQ9Ii0xIiByZD0iNTcyMiIgcGluZ19mcmVzaG5lc3M9IntGMTMyNjczMi1FNDI3LTRDQzQtODk3NC1BQTk5Q0IxQUUzMjB9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                            2⤵
                                                                            • Executes dropped EXE
                                                                            • Loads dropped DLL
                                                                            PID:2236
                                                                        • C:\Windows\system32\AUDIODG.EXE
                                                                          C:\Windows\system32\AUDIODG.EXE 0x424 0x410
                                                                          1⤵
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:1512
                                                                        • C:\Windows\System32\rundll32.exe
                                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                          1⤵
                                                                            PID:1816
                                                                          • C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe
                                                                            "C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe"
                                                                            1⤵
                                                                              PID:668
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.10&gui=true
                                                                                2⤵
                                                                                  PID:2796
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8356e46f8,0x7ff8356e4708,0x7ff8356e4718
                                                                                    3⤵
                                                                                      PID:4592
                                                                                • C:\Windows\system32\msiexec.exe
                                                                                  C:\Windows\system32\msiexec.exe /V
                                                                                  1⤵
                                                                                  • Enumerates connected drives
                                                                                  • Drops file in Program Files directory
                                                                                  • Drops file in Windows directory
                                                                                  • Modifies data under HKEY_USERS
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  PID:4560
                                                                                  • C:\Windows\syswow64\MsiExec.exe
                                                                                    C:\Windows\syswow64\MsiExec.exe -Embedding EC8D53AF2B4180763B57C4269B499627
                                                                                    2⤵
                                                                                    • Loads dropped DLL
                                                                                    PID:3156
                                                                                  • C:\Windows\syswow64\MsiExec.exe
                                                                                    C:\Windows\syswow64\MsiExec.exe -Embedding C887AA1F3E26C8E954AC3CC1F4E05CC8
                                                                                    2⤵
                                                                                    • Loads dropped DLL
                                                                                    PID:4000
                                                                                  • C:\Windows\syswow64\MsiExec.exe
                                                                                    C:\Windows\syswow64\MsiExec.exe -Embedding 81ECF7F852ED5F09EE4EC8BAE70EABF7
                                                                                    2⤵
                                                                                    • Loads dropped DLL
                                                                                    PID:4904
                                                                                  • C:\Windows\syswow64\MsiExec.exe
                                                                                    C:\Windows\syswow64\MsiExec.exe -Embedding C7664E7996807AE306B44A3AC71FA6FE
                                                                                    2⤵
                                                                                    • Loads dropped DLL
                                                                                    PID:4736
                                                                                • C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe
                                                                                  "C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe"
                                                                                  1⤵
                                                                                  • Loads dropped DLL
                                                                                  • Checks SCSI registry key(s)
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:3924
                                                                                  • C:\Windows\system32\WerFault.exe
                                                                                    C:\Windows\system32\WerFault.exe -u -p 3924 -s 2052
                                                                                    2⤵
                                                                                    • Loads dropped DLL
                                                                                    • Program crash
                                                                                    PID:932
                                                                                • C:\Windows\system32\WerFault.exe
                                                                                  C:\Windows\system32\WerFault.exe -pss -s 444 -p 3924 -ip 3924
                                                                                  1⤵
                                                                                    PID:2868
                                                                                  • C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe
                                                                                    "C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe"
                                                                                    1⤵
                                                                                    • Checks SCSI registry key(s)
                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                    PID:1800
                                                                                    • C:\Windows\system32\WerFault.exe
                                                                                      C:\Windows\system32\WerFault.exe -u -p 1800 -s 2056
                                                                                      2⤵
                                                                                      • Program crash
                                                                                      PID:4384
                                                                                  • C:\Windows\system32\WerFault.exe
                                                                                    C:\Windows\system32\WerFault.exe -pss -s 440 -p 1800 -ip 1800
                                                                                    1⤵
                                                                                      PID:3776
                                                                                    • C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe
                                                                                      "C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe"
                                                                                      1⤵
                                                                                      • Checks SCSI registry key(s)
                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                      PID:4156
                                                                                      • C:\Windows\system32\WerFault.exe
                                                                                        C:\Windows\system32\WerFault.exe -u -p 4156 -s 2012
                                                                                        2⤵
                                                                                        • Program crash
                                                                                        PID:5068
                                                                                    • C:\Windows\system32\WerFault.exe
                                                                                      C:\Windows\system32\WerFault.exe -pss -s 556 -p 4156 -ip 4156
                                                                                      1⤵
                                                                                        PID:3580
                                                                                      • C:\Windows\system32\taskmgr.exe
                                                                                        "C:\Windows\system32\taskmgr.exe" /4
                                                                                        1⤵
                                                                                        • Checks SCSI registry key(s)
                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                        • Suspicious behavior: GetForegroundWindowSpam
                                                                                        • Suspicious use of SendNotifyMessage
                                                                                        PID:2852
                                                                                      • C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe
                                                                                        "C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe"
                                                                                        1⤵
                                                                                        • Checks SCSI registry key(s)
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:4980
                                                                                        • C:\Windows\system32\WerFault.exe
                                                                                          C:\Windows\system32\WerFault.exe -u -p 4980 -s 2064
                                                                                          2⤵
                                                                                          • Program crash
                                                                                          PID:3652
                                                                                      • C:\Windows\system32\WerFault.exe
                                                                                        C:\Windows\system32\WerFault.exe -pss -s 568 -p 4980 -ip 4980
                                                                                        1⤵
                                                                                          PID:2192
                                                                                        • C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe
                                                                                          "C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe"
                                                                                          1⤵
                                                                                          • Checks SCSI registry key(s)
                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                          PID:4024
                                                                                          • C:\Windows\system32\WerFault.exe
                                                                                            C:\Windows\system32\WerFault.exe -u -p 4024 -s 2004
                                                                                            2⤵
                                                                                            • Program crash
                                                                                            PID:1800
                                                                                        • C:\Windows\system32\WerFault.exe
                                                                                          C:\Windows\system32\WerFault.exe -pss -s 552 -p 4024 -ip 4024
                                                                                          1⤵
                                                                                            PID:668
                                                                                          • C:\Windows\system32\control.exe
                                                                                            "C:\Windows\system32\control.exe" SYSTEM
                                                                                            1⤵
                                                                                              PID:4580
                                                                                            • C:\Windows\SysWOW64\DllHost.exe
                                                                                              C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                                                              1⤵
                                                                                                PID:4148
                                                                                              • C:\Windows\explorer.exe
                                                                                                C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
                                                                                                1⤵
                                                                                                • Checks processor information in registry
                                                                                                • Modifies Internet Explorer settings
                                                                                                • Suspicious behavior: AddClipboardFormatListener
                                                                                                PID:3288
                                                                                              • C:\Windows\system32\pcwrun.exe
                                                                                                C:\Windows\system32\pcwrun.exe "C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe" ContextMenu
                                                                                                1⤵
                                                                                                  PID:1572
                                                                                                  • C:\Windows\System32\msdt.exe
                                                                                                    C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCW29C2.xml /skip TRUE
                                                                                                    2⤵
                                                                                                      PID:4692
                                                                                                  • C:\Windows\System32\sdiagnhost.exe
                                                                                                    C:\Windows\System32\sdiagnhost.exe -Embedding
                                                                                                    1⤵
                                                                                                      PID:2384
                                                                                                      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vsw5arfp\vsw5arfp.cmdline"
                                                                                                        2⤵
                                                                                                          PID:1368
                                                                                                          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES327C.tmp" "c:\Users\Admin\AppData\Local\Temp\vsw5arfp\CSC62F6D4CCD6604B3697EFA622EA74ADAB.TMP"
                                                                                                            3⤵
                                                                                                              PID:2448
                                                                                                          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                            "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hh3jtqif\hh3jtqif.cmdline"
                                                                                                            2⤵
                                                                                                              PID:4984
                                                                                                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3338.tmp" "c:\Users\Admin\AppData\Local\Temp\hh3jtqif\CSC6A42BE24C1214EAA8AE12C2D527A651.TMP"
                                                                                                                3⤵
                                                                                                                  PID:2540
                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                              C:\Windows\system32\svchost.exe -k SDRSVC
                                                                                                              1⤵
                                                                                                                PID:2600
                                                                                                              • C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe
                                                                                                                "C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe"
                                                                                                                1⤵
                                                                                                                  PID:3856
                                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                                                                  1⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  PID:1652
                                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                                                  1⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  • Modifies data under HKEY_USERS
                                                                                                                  PID:3156
                                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F092F3C3-1199-4C28-8166-F0D024212D96}\MicrosoftEdge_X64_109.0.1518.52.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F092F3C3-1199-4C28-8166-F0D024212D96}\MicrosoftEdge_X64_109.0.1518.52.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                                                    2⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    PID:3168
                                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F092F3C3-1199-4C28-8166-F0D024212D96}\EDGEMITMP_31910.tmp\setup.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F092F3C3-1199-4C28-8166-F0D024212D96}\EDGEMITMP_31910.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F092F3C3-1199-4C28-8166-F0D024212D96}\MicrosoftEdge_X64_109.0.1518.52.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                                                      3⤵
                                                                                                                      • Executes dropped EXE
                                                                                                                      • Adds Run key to start application
                                                                                                                      • Drops file in Program Files directory
                                                                                                                      • Modifies data under HKEY_USERS
                                                                                                                      PID:3924
                                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNjkuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkE1NkI5NzUtOUZGQy00QUUwLTkzOUEtNENBRUJEQjU1RjYzfSIgdXNlcmlkPSJ7NTI0N0FBMzktNTQxOS00Njk5LUJCMUUtNTYxNkE2QzBCMUU2fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins5RUYyNjNCQi1GQjc1LTRCODYtQjU0MC02RUQ2RTMyNTUyMDZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3FXSlN6V3dQZmRjTFIrWEdJdjZ4clpmaVlPeGhQVTJzMU5XbWpXY2FGUGc9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEwOS4wLjE1MTguNTIiIGxhbmc9IiIgYnJhbmQ9IkVVRkkiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NzA4MTExODM0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODcwODIwMDA1NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4OTEwOTkyMjMwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvYzNhNDg5YTgtNmQxNy00MTBlLTg0MmEtMzkzNDI2NjdmYjIyP1AxPTE2NzQ4NjMxNzcmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9WWppS1lxNUNuNEQzT0gzMVFTU1FPcElkQ0RZbUZHMyUyYkRmTUlpN1pjbVVoR2NGUEdPQVZwZzUlMmJCZkRKcUhzNzU3JTJmUyUyZnNvUldFeUlmVEMlMmJVMzF5cDBRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4OTExMDM1MzcwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9jM2E0ODlhOC02ZDE3LTQxMGUtODQyYS0zOTM0MjY2N2ZiMjI_UDE9MTY3NDg2MzE3NyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1ZamlLWXE1Q240RDNPSDMxUVNTUU9wSWRDRFltRkczJTJiRGZNSWk3WmNtVWhHY0ZQR09BVnBnNSUyYkJmREpxSHM3NTclMmZTJTJmc29SV0V5SWZUQyUyYlUzMXlwMFElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNDA2NTkxMjgiIHRvdGFsPSIxNDA2NTkxMjgiIGRvd25sb2FkX3RpbWVfbXM9IjE1OTQwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODkxMTQ0Mjc0NiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg5MzQ0MjM0MTQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY2MDgiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkyMDI3NTMyMzQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI5NTgiIGRvd25sb2FkX3RpbWVfbXM9IjIwMjkzIiBkb3dubG9hZGVkPSIxNDA2NTkxMjgiIHRvdGFsPSIxNDA2NTkxMjgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjI2ODI4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                                    2⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    PID:1020
                                                                                                                • C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe
                                                                                                                  "C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe"
                                                                                                                  1⤵
                                                                                                                    PID:2140
                                                                                                                  • C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe
                                                                                                                    "C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe"
                                                                                                                    1⤵
                                                                                                                    • Checks SCSI registry key(s)
                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                    PID:4772
                                                                                                                    • C:\Windows\system32\WerFault.exe
                                                                                                                      C:\Windows\system32\WerFault.exe -u -p 4772 -s 2080
                                                                                                                      2⤵
                                                                                                                      • Program crash
                                                                                                                      PID:4676
                                                                                                                  • C:\Windows\system32\WerFault.exe
                                                                                                                    C:\Windows\system32\WerFault.exe -pss -s 496 -p 4772 -ip 4772
                                                                                                                    1⤵
                                                                                                                      PID:1812
                                                                                                                    • C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe
                                                                                                                      "C:\Users\Admin\Desktop\bacano\FortniteLauncher.exe"
                                                                                                                      1⤵
                                                                                                                      • Checks SCSI registry key(s)
                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                      PID:1928
                                                                                                                      • C:\Windows\system32\WerFault.exe
                                                                                                                        C:\Windows\system32\WerFault.exe -u -p 1928 -s 2076
                                                                                                                        2⤵
                                                                                                                        • Program crash
                                                                                                                        PID:4964
                                                                                                                    • C:\Windows\system32\WerFault.exe
                                                                                                                      C:\Windows\system32\WerFault.exe -pss -s 488 -p 1928 -ip 1928
                                                                                                                      1⤵
                                                                                                                        PID:3676

                                                                                                                      Network

                                                                                                                      MITRE ATT&CK Matrix ATT&CK v6

                                                                                                                      Initial Access

                                                                                                                      Execution

                                                                                                                      Persistence

                                                                                                                      Registry Run Keys / Startup Folder

                                                                                                                      3
                                                                                                                      T1060

                                                                                                                      Privilege Escalation

                                                                                                                      Defense Evasion

                                                                                                                      Modify Registry

                                                                                                                      3
                                                                                                                      T1112

                                                                                                                      Credential Access

                                                                                                                      Discovery

                                                                                                                      Query Registry

                                                                                                                      6
                                                                                                                      T1012

                                                                                                                      System Information Discovery

                                                                                                                      6
                                                                                                                      T1082

                                                                                                                      Peripheral Device Discovery

                                                                                                                      2
                                                                                                                      T1120

                                                                                                                      Lateral Movement

                                                                                                                      Collection

                                                                                                                      Exfiltration

                                                                                                                      Command and Control

                                                                                                                      Impact

                                                                                                                      Replay Monitor

                                                                                                                      Loading Replay Monitor...

                                                                                                                      Downloads

                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir572_255400487\MicrosoftEdgeUpdateSetup.exe
                                                                                                                        Filesize

                                                                                                                        1.5MB

                                                                                                                        MD5

                                                                                                                        f70962a7883fefe8defa224c1ffdadfa

                                                                                                                        SHA1

                                                                                                                        efd06b7c1b5ead8cec2cd029a8d8ccb0c46ee2da

                                                                                                                        SHA256

                                                                                                                        3e726854ff0a0046de458afc2cd58cfc37430b4c7969395111398f47d8f63bb4

                                                                                                                        SHA512

                                                                                                                        678c10874e6089acde5c57cdc64e11a76cbc9b3e7c882f9c1eaa619f897675c8f145e4be4825d8197edb2e645035a0953c3ed5a34da3e84d013fea5599699761

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir572_255400487\MicrosoftEdgeUpdateSetup.exe
                                                                                                                        Filesize

                                                                                                                        1.5MB

                                                                                                                        MD5

                                                                                                                        f70962a7883fefe8defa224c1ffdadfa

                                                                                                                        SHA1

                                                                                                                        efd06b7c1b5ead8cec2cd029a8d8ccb0c46ee2da

                                                                                                                        SHA256

                                                                                                                        3e726854ff0a0046de458afc2cd58cfc37430b4c7969395111398f47d8f63bb4

                                                                                                                        SHA512

                                                                                                                        678c10874e6089acde5c57cdc64e11a76cbc9b3e7c882f9c1eaa619f897675c8f145e4be4825d8197edb2e645035a0953c3ed5a34da3e84d013fea5599699761

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir572_255400487\msedgerecovery.exe
                                                                                                                        Filesize

                                                                                                                        1.1MB

                                                                                                                        MD5

                                                                                                                        3b2bd3e2b22afa49576723c819a1185b

                                                                                                                        SHA1

                                                                                                                        41a1590e22600c717acd9e376b9020b3021dada6

                                                                                                                        SHA256

                                                                                                                        b2900c435244e948491cfab330b570b4326d1879c5c2be2aa35ce8bd49446d05

                                                                                                                        SHA512

                                                                                                                        a411b00da74a6c90d0a60a0d9a024a430c2c7483416dc95634bd62c5c29b9c9d1fd3310911f2da85df66aac08e9026df4aad00c083781ca22802b0236652d1d5

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\EdgeUpdate.dat
                                                                                                                        Filesize

                                                                                                                        12KB

                                                                                                                        MD5

                                                                                                                        369bbc37cff290adb8963dc5e518b9b8

                                                                                                                        SHA1

                                                                                                                        de0ef569f7ef55032e4b18d3a03542cc2bbac191

                                                                                                                        SHA256

                                                                                                                        3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

                                                                                                                        SHA512

                                                                                                                        4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\MicrosoftEdgeComRegisterShellARM64.exe
                                                                                                                        Filesize

                                                                                                                        172KB

                                                                                                                        MD5

                                                                                                                        b462ad181104b32ec56a6a1e1aa25622

                                                                                                                        SHA1

                                                                                                                        c26dbc70359be470fb63d50e12528e473749d9f7

                                                                                                                        SHA256

                                                                                                                        5b95e7e42a2df4c8cb8a1dfc9e71f81831ffc128408ad1a37f83ab76dcdf1afb

                                                                                                                        SHA512

                                                                                                                        5f6b37f4e88b617ca68762706423e38da4eccb820e82635eda3ed269efeb92ae3285e0b1285978f35dd8df004c801ebbca2f7c061ae055070bdbcba88c474e70

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\MicrosoftEdgeUpdate.exe
                                                                                                                        Filesize

                                                                                                                        200KB

                                                                                                                        MD5

                                                                                                                        7bcf03ae20f6b4aab6efda45f6a0fa01

                                                                                                                        SHA1

                                                                                                                        6f1a63a994568c7cac224c6f44d41d19fe24a2e4

                                                                                                                        SHA256

                                                                                                                        23387b13f6386a095ae8f178c261f6565e5828fd7e67ef0cbb10e07224149ba6

                                                                                                                        SHA512

                                                                                                                        615d130b2f87d3f2ec125cc97391c6b318359a78f0135f10d0ffd5085062cde39935823865f139d767f9d7992dfa926358442369ab424fbe1d54b2c915992c4b

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\MicrosoftEdgeUpdate.exe
                                                                                                                        Filesize

                                                                                                                        200KB

                                                                                                                        MD5

                                                                                                                        7bcf03ae20f6b4aab6efda45f6a0fa01

                                                                                                                        SHA1

                                                                                                                        6f1a63a994568c7cac224c6f44d41d19fe24a2e4

                                                                                                                        SHA256

                                                                                                                        23387b13f6386a095ae8f178c261f6565e5828fd7e67ef0cbb10e07224149ba6

                                                                                                                        SHA512

                                                                                                                        615d130b2f87d3f2ec125cc97391c6b318359a78f0135f10d0ffd5085062cde39935823865f139d767f9d7992dfa926358442369ab424fbe1d54b2c915992c4b

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                        Filesize

                                                                                                                        205KB

                                                                                                                        MD5

                                                                                                                        fccf8ebd72efacc9566b7849d59512aa

                                                                                                                        SHA1

                                                                                                                        2d0cc03e7912578d1c0a01e1d338290a0d1c157e

                                                                                                                        SHA256

                                                                                                                        a6a3b7b77ec3fcbdd07b516457fcc7368282ed84e04792316d2ceeeb3b6c84fb

                                                                                                                        SHA512

                                                                                                                        6e0b2e27ae19c3100b789b8b22eb307072a902878d92cea426ac02c07c8338934b49c57012a858e01816617ec6c41ef39b7a390e63c8975e56c4504faa8b6b3a

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\MicrosoftEdgeUpdateCore.exe
                                                                                                                        Filesize

                                                                                                                        250KB

                                                                                                                        MD5

                                                                                                                        524a95f05f4c0def70fa61a5f0717e9c

                                                                                                                        SHA1

                                                                                                                        6ee3b87e60e865d21bc1b5e434fea12fe262c315

                                                                                                                        SHA256

                                                                                                                        e17a7d9e0dcb1a3d6a21009f8d9b41fe1986312d79ffc6728c6c3f500dd6434f

                                                                                                                        SHA512

                                                                                                                        cc5e21ce182489416c906fb3f16e808554b739908916682cef6afe11a748b02382bfb93d1359cdc0794c2fb4b6f3cb9d9c677215a904be79d4b1df573de99089

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\NOTICE.TXT
                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        MD5

                                                                                                                        6dd5bf0743f2366a0bdd37e302783bcd

                                                                                                                        SHA1

                                                                                                                        e5ff6e044c40c02b1fc78304804fe1f993fed2e6

                                                                                                                        SHA256

                                                                                                                        91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

                                                                                                                        SHA512

                                                                                                                        f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdate.dll
                                                                                                                        Filesize

                                                                                                                        2.0MB

                                                                                                                        MD5

                                                                                                                        5f4cdf4268be23a984ee0b2feaad3dd3

                                                                                                                        SHA1

                                                                                                                        cc5aabfc567971d7d2b7a0a206925a59de79dad5

                                                                                                                        SHA256

                                                                                                                        bb92222715061ddc89332668248c696348b953a0251893ec7d36597099308d92

                                                                                                                        SHA512

                                                                                                                        41803d549742f3b22521d6b645adfafdc477c3fc315a88056b111d54cb0ba677db4a8162b793a19619f672b3580736d939367649d3729c129ef871b55900f0cd

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdate.dll
                                                                                                                        Filesize

                                                                                                                        2.0MB

                                                                                                                        MD5

                                                                                                                        5f4cdf4268be23a984ee0b2feaad3dd3

                                                                                                                        SHA1

                                                                                                                        cc5aabfc567971d7d2b7a0a206925a59de79dad5

                                                                                                                        SHA256

                                                                                                                        bb92222715061ddc89332668248c696348b953a0251893ec7d36597099308d92

                                                                                                                        SHA512

                                                                                                                        41803d549742f3b22521d6b645adfafdc477c3fc315a88056b111d54cb0ba677db4a8162b793a19619f672b3580736d939367649d3729c129ef871b55900f0cd

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_af.dll
                                                                                                                        Filesize

                                                                                                                        28KB

                                                                                                                        MD5

                                                                                                                        c7872f08802f693ed9fc16ea960789f6

                                                                                                                        SHA1

                                                                                                                        b0b8e4dfbe1dc76e4903216948374e1356d33e53

                                                                                                                        SHA256

                                                                                                                        de5d1223ffd38be89cd576b0de036760f8a84c231eb97f1d7f74dfcf4b41fb19

                                                                                                                        SHA512

                                                                                                                        339520bea363a1ea34e75755c70f4b1f6a189e7084ca9d5c6189d769965ae1fd0b093b948dffe3d256dd82591bdb2b3627ed20e747a2505377babc34eb94a0e6

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_am.dll
                                                                                                                        Filesize

                                                                                                                        24KB

                                                                                                                        MD5

                                                                                                                        6dee4281b2d0dc43c8eac5afde5dc5b2

                                                                                                                        SHA1

                                                                                                                        35584539f94fa4a91229b8d810f1d5c0207d9ef8

                                                                                                                        SHA256

                                                                                                                        b0fc60e07fa8fcfa0a174f1f5fc3a303d5498669eba846d51731494e9f86e46e

                                                                                                                        SHA512

                                                                                                                        de6a54e08c1a7c2a77a26f9de11a8e25b30f3d275fd4b72fb068ec3a5c0fd2072cc02a33b4581ba0dd565963bb834c5da831013d9ffb4386d0fc59935c184079

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_ar.dll
                                                                                                                        Filesize

                                                                                                                        26KB

                                                                                                                        MD5

                                                                                                                        c5e0d596829abbf221a7e2fcc3f37059

                                                                                                                        SHA1

                                                                                                                        2a55fc6e9110d0bc5d735bd98e56241e416dd5eb

                                                                                                                        SHA256

                                                                                                                        9e3a04823e12f15954f1082ec019e29e1821d03db69fbaf9c906be28c8cf4fcf

                                                                                                                        SHA512

                                                                                                                        518a004482c590d87e104be80dcb12455379ac855a53bdfb94023041fac16e4806e4c78f28716f179031d62b21912cdf4be8b43b2a13747acc8e9a745dd6333b

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_as.dll
                                                                                                                        Filesize

                                                                                                                        28KB

                                                                                                                        MD5

                                                                                                                        f344ea79294c175a3233be3c7bd4f7ab

                                                                                                                        SHA1

                                                                                                                        42f4d616f0b48828b629ffb384249edc76fea3a9

                                                                                                                        SHA256

                                                                                                                        36551c9271d084f31facbd342a0a0b5e530a2070e7de34c42ef2987633134b99

                                                                                                                        SHA512

                                                                                                                        dac1c65916fbca857dc8b5a0a3ef9c6abd5090e2c99ada98809d6cf04d09d4b9d63256e4a57754960476896ea46027cfb06bbb3ae68df573b207ca267d4efe94

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_az.dll
                                                                                                                        Filesize

                                                                                                                        29KB

                                                                                                                        MD5

                                                                                                                        34c97ccc6da86fa0fc6aca8102115683

                                                                                                                        SHA1

                                                                                                                        23c30d6f41bbfccb40d5209d70999384f3d59893

                                                                                                                        SHA256

                                                                                                                        205be42f8590a17ce1a0da594c818f84ef8cc19f8f54cd74acd16ddf7df11684

                                                                                                                        SHA512

                                                                                                                        7100e92fd948b75f7d134e813a836ce9691e6994f989b6d53255b17e3fca5be55cf69c50ef01e625a8f85a764bfafcf49bc5f82d229bf44168bf89b953c1642c

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_bg.dll
                                                                                                                        Filesize

                                                                                                                        29KB

                                                                                                                        MD5

                                                                                                                        83976f605267f63c512741c90085ef37

                                                                                                                        SHA1

                                                                                                                        e1907443ecf114b1b2d4b5fb622ca6fcba0d6b2c

                                                                                                                        SHA256

                                                                                                                        8e7bc240557c0f4058fb3380d01584eb5b9ad69ac5fd2f7a56bf2293dafd6069

                                                                                                                        SHA512

                                                                                                                        d5713af38add972fc04c1b1b7aca033532c50c31e8d1e3c0e889d69c94ff2d2ecdec95edabf4717a4bc649f2d68a5b1a77dac0355bf493eefe2cf86b7b53ba84

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_bn-IN.dll
                                                                                                                        Filesize

                                                                                                                        29KB

                                                                                                                        MD5

                                                                                                                        055acbbed4580bb0c2b15ad8407f34c5

                                                                                                                        SHA1

                                                                                                                        cf7c3539d97090b33ea5cb7d4880dd1b28c259f3

                                                                                                                        SHA256

                                                                                                                        edb350193ce5ee7984cd11d446ee5848879e6447b08a6e9353a8310a1574bce7

                                                                                                                        SHA512

                                                                                                                        11e9e78b28e868781b355de473c157f4fbf1b8f30e3cae6f19aa895a456e7876827ff859ee4bc65215b73ed27eac67c139a1cfc887adee0f7fa1c2c446962311

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_bn.dll
                                                                                                                        Filesize

                                                                                                                        29KB

                                                                                                                        MD5

                                                                                                                        89d1459c67621ae933ea973c36c86830

                                                                                                                        SHA1

                                                                                                                        7793109fad9c7d6e267046be6f188262d6655736

                                                                                                                        SHA256

                                                                                                                        faa59f14007729085711f504f3580b5d1f289d9d6b8a57ecaa6b7980d9b3b9e8

                                                                                                                        SHA512

                                                                                                                        95e333c1d28ba10df6e95e7bcf80fd1cd3fb7e32aa72b1749a4983c762fa227915d49547c5be114a471072d21a5f9c87c24bd6f45e8a711cbecc1074a3cefd7b

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_bs.dll
                                                                                                                        Filesize

                                                                                                                        28KB

                                                                                                                        MD5

                                                                                                                        a2ae01f60764eb9717c2e843bdd40c43

                                                                                                                        SHA1

                                                                                                                        f611b0f880d1dc52a5ff996b5106c8c0bdd7cf68

                                                                                                                        SHA256

                                                                                                                        9542302df51fad8c1095f6068378608b8edc89a633b30d26cae0e0fcb4515da3

                                                                                                                        SHA512

                                                                                                                        e12d3634bd8738865ea210775d78e53c5a30e74dca39655882c2464d1f9a1ac4a96a7608e57a92ff3b7b6a77750ab24ff12df59e5006b18c1f83cc270760bad5

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
                                                                                                                        Filesize

                                                                                                                        29KB

                                                                                                                        MD5

                                                                                                                        97fe80b8bc29698d3dd3912878d8a785

                                                                                                                        SHA1

                                                                                                                        580f290f32bf083f9485e06165fcc751ae181be0

                                                                                                                        SHA256

                                                                                                                        c382b8fe1abc83ebe97e66a3d4737ab66a7210a59fc0d18f9fc8b6735771b247

                                                                                                                        SHA512

                                                                                                                        08f56d8759721b0241d60a532e9634bc98aebcb7e7c251630adc1c93d28d40158a6f3bafc32f19cf9aa27ad5ba6e42f58bc2c8361e1ff97aa2ddf05c0147d248

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_ca.dll
                                                                                                                        Filesize

                                                                                                                        30KB

                                                                                                                        MD5

                                                                                                                        2293c9a1af6be53ef61f8fc168e181d7

                                                                                                                        SHA1

                                                                                                                        f37155a592bcb1cbaeb67509b36797087d228b8b

                                                                                                                        SHA256

                                                                                                                        0b00898937e1f40415a42a8aa4dcf4ea396c40083abfe04fd141edcdd1d35600

                                                                                                                        SHA512

                                                                                                                        ac4c27db8296283292d06e0d152434f18a227c4d68294ef52ca473736458724df374f20ce88d214486d7027696d081203e92fb98c682e531071b9ae6d9703d22

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_cs.dll
                                                                                                                        Filesize

                                                                                                                        28KB

                                                                                                                        MD5

                                                                                                                        b09754ee0b3048dc68584bfe0f631ea1

                                                                                                                        SHA1

                                                                                                                        87a2426414fdd52fc39679f6958379482ca3dde4

                                                                                                                        SHA256

                                                                                                                        9dcf2f8fba4c3bf4b194e3b27e5ef572e573a638d5c71e3ae4a154ddb62a91a7

                                                                                                                        SHA512

                                                                                                                        5d0d9b653184a41cff580683c16b4f67514bfa04987ee650c1d9ade4b12f5eb125fe44aa6e1a5e689423f62e755c460fc4886eac08c0e72fbd64fd9573212d4c

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_cy.dll
                                                                                                                        Filesize

                                                                                                                        28KB

                                                                                                                        MD5

                                                                                                                        7df1f9bf10766cba6f2b6d48e4dae8e3

                                                                                                                        SHA1

                                                                                                                        0008dbaa46d83ffe8d4a9d536a61a5109d74ca8d

                                                                                                                        SHA256

                                                                                                                        18827570bad9f879f6853438bcd0e379518531bafbfac2bb626dc1cc13711596

                                                                                                                        SHA512

                                                                                                                        bd8ee85d664c1480240e89c05d3639b5650aecb056263b75d7d37168bf6b6dada04145f42075e5ef0841efa9417880e8f9697e4ca71f20eaecfebd98e6b61f1c

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_da.dll
                                                                                                                        Filesize

                                                                                                                        28KB

                                                                                                                        MD5

                                                                                                                        0973e0fe9cdbb5133b27568795b7bf6b

                                                                                                                        SHA1

                                                                                                                        eaf2af3b576cffe390ef11c38a594a0a5880aa1c

                                                                                                                        SHA256

                                                                                                                        5772740a636254ee2967ca17a83d4b1b13934a4c2db7725115f8754a762cc734

                                                                                                                        SHA512

                                                                                                                        1a2346c569266085abef030a235ca83bc1e3249bd090823757495c71332546c6fc3692233415df9168b609820a0bca2ee22d8064e49c9c2aaf7b707e4f52c285

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_de.dll
                                                                                                                        Filesize

                                                                                                                        30KB

                                                                                                                        MD5

                                                                                                                        eadeb006461520d14aa2578af902773a

                                                                                                                        SHA1

                                                                                                                        f0a23049c073b8bb189dc38dc3d38c4603862754

                                                                                                                        SHA256

                                                                                                                        fe1573ff17ffd86d793aa1dd9fd36109961850bea883d2d3e6d8d3baa3a2e468

                                                                                                                        SHA512

                                                                                                                        608cd2b73f0b95a7b57f1e23e9da70c663fef20412c6612b58af953061b8c42c25b24d234b380cc86a5dfc166f3018a48aac2f5659434bd038d8a74a252bdf15

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_el.dll
                                                                                                                        Filesize

                                                                                                                        30KB

                                                                                                                        MD5

                                                                                                                        1a4700d41421d915d26ea36073467527

                                                                                                                        SHA1

                                                                                                                        3c657523c891dbff19676f1d3b471bc7beaa59f5

                                                                                                                        SHA256

                                                                                                                        0a6f96613229ffc6beb1b36c73cb52be4d68346fd08adbb89e95814ffdc78c6d

                                                                                                                        SHA512

                                                                                                                        d62cdcfcdb721bb72892a09763f6c97edd0a0b37123a8605d846b8ef8d09938d8c99c49f574e29f590d6528738ac92b8ba8c31cf337408434caf14716e790d57

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_en-GB.dll
                                                                                                                        Filesize

                                                                                                                        27KB

                                                                                                                        MD5

                                                                                                                        162af0ee7f6257765264df1ae5cedf19

                                                                                                                        SHA1

                                                                                                                        b25132643b3153c764ee9a9443cf2ae2fb476029

                                                                                                                        SHA256

                                                                                                                        982e2f99ab53b7325a3be510c50dfb01ffeed1bf2e291253c8ad9de6497b6c89

                                                                                                                        SHA512

                                                                                                                        8c615ab0942da4265238f16f0e71a5e095f07af654377d170370e885516b049a4505ec9e44f73f1ee70eca278da0d9affd4c4c3c660676134b634a995b4490c6

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_en.dll
                                                                                                                        Filesize

                                                                                                                        27KB

                                                                                                                        MD5

                                                                                                                        ca88ea1e6a8ee2379ea2c8459c2b99e5

                                                                                                                        SHA1

                                                                                                                        dcf468473aa7ece0f106ab34bd7ae633097153d4

                                                                                                                        SHA256

                                                                                                                        1e61386dff70de6dabc71ec5d13f8d77ae7e1ac7350f6cc7977603415f29c46a

                                                                                                                        SHA512

                                                                                                                        d51e59ceb1e99f771ae7f45c986f77f9471e120b27f777056fb12e3b6add87e2540b838cf86ff5fcb76794f4eb5d922c72410204baa5ca3635f4f6157efc20b0

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_es-419.dll
                                                                                                                        Filesize

                                                                                                                        29KB

                                                                                                                        MD5

                                                                                                                        d5f0c3f6a7f33abb613146888add7e1d

                                                                                                                        SHA1

                                                                                                                        01864e305dd70fbbd5aabaf5b9fb71dd235591f6

                                                                                                                        SHA256

                                                                                                                        d25b66f475c67394eed4c51c498f9e20dee225c3aaa9427281a2148cc760f46d

                                                                                                                        SHA512

                                                                                                                        ee4ad7416408b6fa5d07ed6b964101002de68d2a6e5206bbf5044c5d1323f8f3950e0d229f41b7b4c5389ff68deb890e5db1c2fbdd04c56dd247efe0648bb514

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_es.dll
                                                                                                                        Filesize

                                                                                                                        28KB

                                                                                                                        MD5

                                                                                                                        a86027b5da426647253679150fe41c6d

                                                                                                                        SHA1

                                                                                                                        c5e06bdfc88a39b95e65ba9552c7204da5268564

                                                                                                                        SHA256

                                                                                                                        ab508539ad80b32dfeb2cbeb57ef31467f0a79ff095d2ff892c17e80356a60f9

                                                                                                                        SHA512

                                                                                                                        45217ac7e913175416a5a6e446c4081af401e361663e1e99409779a6f08040a4fe08b116056ab7d112f6d1a71f97a6d5e53f22f9d986754f98d177f79d72b773

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_et.dll
                                                                                                                        Filesize

                                                                                                                        28KB

                                                                                                                        MD5

                                                                                                                        ab288e21516f5001b120a6129e8c6b6e

                                                                                                                        SHA1

                                                                                                                        00e93428692465d5874ca879bae9fe4a61debbe6

                                                                                                                        SHA256

                                                                                                                        a3a74bc891e686c5350bb763b75717f00d34f9281f98081e49611419c999acf7

                                                                                                                        SHA512

                                                                                                                        9e89a37d34ae04678be70ef4b0e83886698e067fa578b4acfa13643557b31c718172defac1053ced3c2acff3def2bcaa9ed40fba65ccdd96f37e46098d975fdc

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_eu.dll
                                                                                                                        Filesize

                                                                                                                        28KB

                                                                                                                        MD5

                                                                                                                        16c9a02f38925a4ebed9c1d1ba95f61b

                                                                                                                        SHA1

                                                                                                                        41d4e6d32bdcda0fe7f3c58253f2c5032cac346c

                                                                                                                        SHA256

                                                                                                                        da28ac726626540f08c4c881af38844108e2f878890316f588f62239f88bdc68

                                                                                                                        SHA512

                                                                                                                        84b544954553e198a1328968ac2bc86a9757d14dd4c304a1b4a55825d1d5dc42952fbd44df6c1c5951d95d430bfde78e60f750902c985877c6a6640c1aa3ab34

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_fa.dll
                                                                                                                        Filesize

                                                                                                                        27KB

                                                                                                                        MD5

                                                                                                                        532b88ef925118e43b4ed556c5fdfc3c

                                                                                                                        SHA1

                                                                                                                        5c4990ace3c1abd89802a4f5a06e4dd3aa1afa92

                                                                                                                        SHA256

                                                                                                                        a8fc095c422a0c0dbde18fcd8292402eff23371f79b4092fed0b7d3f2d4a382f

                                                                                                                        SHA512

                                                                                                                        f547a65a154b9ab942b185f3c9e4b55dd5771b6cc4442bdbb66487e47f1c631a987bfbb327b71a822b362ae5df5720549c1164e2e49825f4823ca7f3d5d6771b

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_fi.dll
                                                                                                                        Filesize

                                                                                                                        28KB

                                                                                                                        MD5

                                                                                                                        70d809ac0e74e6ae8ba2bfef150d6e30

                                                                                                                        SHA1

                                                                                                                        6d799af22f709cf7e1c0028fe994d27a17269130

                                                                                                                        SHA256

                                                                                                                        f2e9ce01e00117fabb74dafae001059b3c032263cbad7f9076f009da4a8abc1b

                                                                                                                        SHA512

                                                                                                                        927d7abdb298088953029fba117b095f26fccfd6c543201687e3a69b9c97ea90a657ee43d4f412fc633ff36ed80f4ac7b374763c7e61a222c76fd92e5cc66b72

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_fil.dll
                                                                                                                        Filesize

                                                                                                                        29KB

                                                                                                                        MD5

                                                                                                                        3cc0c1a7cece41adc97fff2f3366877d

                                                                                                                        SHA1

                                                                                                                        897a222da884641f32e374494b7348dd55627167

                                                                                                                        SHA256

                                                                                                                        565c9e8b60039a24e5bec0810917e64f32da727954b723dfc0be1983a0340957

                                                                                                                        SHA512

                                                                                                                        2d6f495cd9cf6d0ecafa41c37480e60f1e2ae1507e152b235a0e274f9db940810482224768490b3fa1193a926268fcab08c2602ae3167476b03ac4600fca96ff

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_fr-CA.dll
                                                                                                                        Filesize

                                                                                                                        30KB

                                                                                                                        MD5

                                                                                                                        85c1fd04d1b0bc0fa1e00559aeedd14f

                                                                                                                        SHA1

                                                                                                                        21b8a901a08a748f5c6483ab364c13a9a9ee6d79

                                                                                                                        SHA256

                                                                                                                        e7f16fc0c9060aa39521d2bb7c5f74e634c71a0f95ce62c89e018d8d1578b977

                                                                                                                        SHA512

                                                                                                                        824bb0be9c46e5074467f091b5cdb6968d3aa989b598d294932b10f254b5f0b4230da2ed86c9723068fb997b39d06f0ac3c67f98c0969227cb602e57603e9bff

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_fr.dll
                                                                                                                        Filesize

                                                                                                                        30KB

                                                                                                                        MD5

                                                                                                                        1f446af97cc5b43c506505e07b0abe61

                                                                                                                        SHA1

                                                                                                                        3ed4be38abb4953d288d082578465b5ce92854c1

                                                                                                                        SHA256

                                                                                                                        10f6fe80963da0b757bde9781073df370be9b97301524838eac167787621118d

                                                                                                                        SHA512

                                                                                                                        d3215d7b15f2994a01b339053d976c8ad561b5324a9dbb269a5ac4668af917ae45dfe1c110855555c7855cf1c74ca38ec989beed91bb1d465c4304d888d6acf9

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_ga.dll
                                                                                                                        Filesize

                                                                                                                        28KB

                                                                                                                        MD5

                                                                                                                        daa37ea0971c528fa497be4deb9e9e5c

                                                                                                                        SHA1

                                                                                                                        ea3678e1939b1d78271061937da64e7f91d690ce

                                                                                                                        SHA256

                                                                                                                        4e8dc4059e333ace71741fdd601e7420744e2f81bdf0dfccb7f8590d23622e3d

                                                                                                                        SHA512

                                                                                                                        7b9df2d7d0f607312e1a035cfb7848839ecd025f8fcb6b1e0b57c89c6e4f47c692db4b5669d384db15ef39e7726015cd5d7c608f16ca1f0d70461744c9492c3a

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_gd.dll
                                                                                                                        Filesize

                                                                                                                        30KB

                                                                                                                        MD5

                                                                                                                        f976b60c6877ac880bf2bad3f3d20774

                                                                                                                        SHA1

                                                                                                                        d02ce01289cd2bac6becd1835e55bc6e60327e0b

                                                                                                                        SHA256

                                                                                                                        4859b9cad6e9b4e95adb96158bd4837192aba0fb8535696a23f942ddd1d93e35

                                                                                                                        SHA512

                                                                                                                        fb9054e0328211deb69d4c4fb3d03f075d03c2e198c51bb4d09006c87747c1dfc81a39072d2a5e8ba7e47e7e19be866d95b2444e0ff693c01f8afcbf0fdd1bca

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_gl.dll
                                                                                                                        Filesize

                                                                                                                        28KB

                                                                                                                        MD5

                                                                                                                        199c4123ef874bd42b54d0c49d0b08aa

                                                                                                                        SHA1

                                                                                                                        e16a3d629ce1fca181c35f5c2e16497bf54941ae

                                                                                                                        SHA256

                                                                                                                        a2c22b7f9b1901407068df3ddb049a58b70218559d4cdd944328b9c23d8e5500

                                                                                                                        SHA512

                                                                                                                        662c91ea89c9f8fe05458301040136ff6e22c345bd25833cf7bb3b61ffa97c37c19bf5dac7fe68c4b0527ff718e05cc0476438e55a44ce0ed3a78358aea967bd

                                                                                                                        Download Submit
                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU7E72.tmp\msedgeupdateres_gu.dll
                                                                                                                        Filesize

                                                                                                                        28KB

                                                                                                                        MD5

                                                                                                                        c0184213a10033245208238df3485522

                                                                                                                        SHA1

                                                                                                                        95690861b76477aefcdaf6026d9dd12332ccbfed

                                                                                                                        SHA256

                                                                                                                        cbdc3c2243fc61e0dd2f786330b9f3763d77bccb94ff69fe6a0b59c76efb0444

                                                                                                                        SHA512

                                                                                                                        b87c0894d6295147938b1f9d652427c8af77a345947038bc279ada7fe0ef7387e0d5af4c0eb1f0691a9e626d9562aec13aa1fab1568fd4bc6c9df3ce65857a61

                                                                                                                        Download Submit
                                                                                                                      • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                                                                                                        Filesize

                                                                                                                        117KB

                                                                                                                        MD5

                                                                                                                        1a83120fa460f06bd6a08de6f2b807ea

                                                                                                                        SHA1

                                                                                                                        06315b9775bda10380db605a5b5a1f575f12cb0c

                                                                                                                        SHA256

                                                                                                                        adae379b5a1e741a14f41ba0cf4074cb0fe5eff299375a7f7e39dc8b8886bbdd

                                                                                                                        SHA512

                                                                                                                        bc42d4009ee1e0138bef5e0083579829c3482420641e2ac60a584e0972f28b28cf0a2561bc9d954298f954d181e87ee3aec81a57b33ed42d9c4bec29c037b12f

                                                                                                                        Download Submit
                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RecoveryImproved\1.3.169.31\recovery-component-inner.crx
                                                                                                                        Filesize

                                                                                                                        1.9MB

                                                                                                                        MD5

                                                                                                                        dcb0ab396e869708ca1ca663c6697b50

                                                                                                                        SHA1

                                                                                                                        83d2d79250a470d8c140259688ee35e6019c60f0

                                                                                                                        SHA256

                                                                                                                        083c44f154565469a742fe081b09ab19eb5f2a986936dbcef55ddd21f79e6beb

                                                                                                                        SHA512

                                                                                                                        e598653b4e6fa16f7ca3a96b44cc279fb010555102c3b661a88e44f6750242e43293a54af25c187445a6f65f7979d556285c16a0294530978f97327f8c1bdd68

                                                                                                                        Download Submit
                                                                                                                      • \??\pipe\LOCAL\crashpad_2776_DZWOOTWVOIFPHTEI
                                                                                                                        MD5

                                                                                                                        d41d8cd98f00b204e9800998ecf8427e

                                                                                                                        SHA1

                                                                                                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                        SHA256

                                                                                                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                        SHA512

                                                                                                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                        Download Submit
                                                                                                                      • memory/312-133-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/668-235-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/728-153-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/756-226-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/808-139-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/960-254-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/1044-248-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/1044-261-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/1060-162-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/1060-155-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/1068-136-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/1124-237-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/1184-165-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/1296-176-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/1556-223-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/1640-245-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/1748-260-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/1780-236-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/1868-258-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/1928-145-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/1972-161-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/1972-265-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/2140-219-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/2236-230-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/2268-222-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/2288-233-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/2348-232-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/2384-273-0x00007FF820B60000-0x00007FF821621000-memory.dmp
                                                                                                                        Filesize

                                                                                                                        10.8MB

                                                                                                                        Download
                                                                                                                      • memory/2384-271-0x000002366B1C0000-0x000002366B1E2000-memory.dmp
                                                                                                                        Filesize

                                                                                                                        136KB

                                                                                                                        Download
                                                                                                                      • memory/2384-272-0x00007FF820B60000-0x00007FF821621000-memory.dmp
                                                                                                                        Filesize

                                                                                                                        10.8MB

                                                                                                                        Download
                                                                                                                      • memory/2468-221-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/2580-171-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/2648-224-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/2724-239-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/2776-132-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/2796-251-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/2852-167-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/3056-263-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/3092-247-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/3140-169-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/3144-160-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/3156-264-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/3268-147-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/3360-256-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/3404-228-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/3432-218-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/3476-220-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/3516-262-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/3704-229-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/3848-234-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/3956-149-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/4000-266-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/4084-157-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/4216-243-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/4388-173-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/4504-143-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/4580-141-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/4592-252-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/4736-241-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/4804-151-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/4872-159-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/4900-231-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/4904-267-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/4912-163-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/4928-225-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/4944-250-0x0000000000000000-mapping.dmp
                                                                                                                        Download
                                                                                                                      • memory/5112-135-0x0000000000000000-mapping.dmp
                                                                                                                        Download