Analysis

  • max time kernel
    1799s
  • max time network
    1796s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-04-2024 00:37

General

  • Target

    sigmahacks0.2.exe

  • Size

    6.9MB

  • MD5

    10bbd38c21ebf84fea97c3812d57d9c6

  • SHA1

    293cec0d7f44151ffbf88dfe408265825f8bca9b

  • SHA256

    83c4e5947870b7b9f06044624b420ddc9fbae6898a5c9b4420c3dbeaca508bb9

  • SHA512

    a00ec8ed84b806c4aca8564354a6687da64b999d255df7fea4c38e6026c8a4cee665414e96d5e28904d051f4c1a6956193a96c12e52286d6d7f58f39bae8ac31

  • SSDEEP

    196608:ESw7sghUuE1R1R9iVTdRUo/Rf7KG0ZLK+4eCA6Pt7R:PwDh10RsFzUURTclC5t7

Malware Config

Signatures

  • Downloads MZ/PE file
  • Modifies Installed Components in the registry 2 TTPs 7 IoCs
  • Sets file execution options in registry 2 TTPs 4 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 41 IoCs
  • Loads dropped DLL 57 IoCs
  • Registers COM server for autorun 1 TTPs 64 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Checks system information in the registry 2 TTPs 30 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 21 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 42 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sigmahacks0.2.exe
    "C:\Users\Admin\AppData\Local\Temp\sigmahacks0.2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4636
    • C:\Users\Admin\AppData\Local\Temp\onefile_4636_133589110773609057\test.exe
      "C:\Users\Admin\AppData\Local\Temp\sigmahacks0.2.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3360
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c title Incognito v1.0.0b - public
        3⤵
          PID:2376
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3364
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcd86ab58,0x7ffdcd86ab68,0x7ffdcd86ab78
        2⤵
          PID:5100
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:2
          2⤵
            PID:2292
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:8
            2⤵
              PID:2312
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2160 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:8
              2⤵
                PID:5004
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:1
                2⤵
                  PID:4328
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:1
                  2⤵
                    PID:744
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:1
                    2⤵
                      PID:2172
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4536 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:8
                      2⤵
                        PID:2000
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:8
                        2⤵
                          PID:2628
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:8
                          2⤵
                            PID:3256
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:8
                            2⤵
                              PID:3100
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:8
                              2⤵
                                PID:796
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4232 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:1
                                2⤵
                                  PID:3484
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4944 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:1
                                  2⤵
                                    PID:4084
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=244 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:1
                                    2⤵
                                      PID:3668
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:8
                                      2⤵
                                        PID:1136
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2656 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:8
                                        2⤵
                                          PID:2464
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4000 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:8
                                          2⤵
                                            PID:5048
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:8
                                            2⤵
                                              PID:2200
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2656 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:8
                                              2⤵
                                                PID:4608
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3340 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:8
                                                2⤵
                                                  PID:2336
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4512 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:1
                                                  2⤵
                                                    PID:4932
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4532 --field-trial-handle=1952,i,6923195523476271322,11928001768426819919,131072 /prefetch:2
                                                    2⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:1748
                                                • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                  1⤵
                                                    PID:2228
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                    1⤵
                                                    • Enumerates system info in registry
                                                    • NTFS ADS
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                    • Suspicious use of FindShellTrayWindow
                                                    • Suspicious use of SendNotifyMessage
                                                    PID:3332
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffde51546f8,0x7ffde5154708,0x7ffde5154718
                                                      2⤵
                                                        PID:3780
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
                                                        2⤵
                                                          PID:4480
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
                                                          2⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:744
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
                                                          2⤵
                                                            PID:4796
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
                                                            2⤵
                                                              PID:4424
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
                                                              2⤵
                                                                PID:3628
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
                                                                2⤵
                                                                  PID:4036
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
                                                                  2⤵
                                                                    PID:3512
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
                                                                    2⤵
                                                                      PID:1020
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
                                                                      2⤵
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      PID:1540
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
                                                                      2⤵
                                                                        PID:1756
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
                                                                        2⤵
                                                                          PID:940
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
                                                                          2⤵
                                                                            PID:3928
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
                                                                            2⤵
                                                                              PID:4204
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
                                                                              2⤵
                                                                                PID:5052
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5656 /prefetch:8
                                                                                2⤵
                                                                                  PID:2428
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5648 /prefetch:8
                                                                                  2⤵
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  PID:3436
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
                                                                                  2⤵
                                                                                    PID:1200
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
                                                                                    2⤵
                                                                                      PID:2532
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
                                                                                      2⤵
                                                                                        PID:4464
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
                                                                                        2⤵
                                                                                          PID:4728
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4676 /prefetch:8
                                                                                          2⤵
                                                                                            PID:4820
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
                                                                                            2⤵
                                                                                              PID:872
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6600 /prefetch:8
                                                                                              2⤵
                                                                                                PID:3156
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:5244
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
                                                                                                  2⤵
                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                  PID:5332
                                                                                                • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                                                                  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
                                                                                                  2⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Checks whether UAC is enabled
                                                                                                  • Drops file in Program Files directory
                                                                                                  • Modifies Internet Explorer settings
                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                  PID:5444
                                                                                                  • C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                                                                    MicrosoftEdgeWebview2Setup.exe /silent /install
                                                                                                    3⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Drops file in Program Files directory
                                                                                                    PID:3156
                                                                                                    • C:\Program Files (x86)\Microsoft\Temp\EUD34C.tmp\MicrosoftEdgeUpdate.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Temp\EUD34C.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                                                                                      4⤵
                                                                                                      • Sets file execution options in registry
                                                                                                      • Checks computer location settings
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      • Checks system information in the registry
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      PID:5416
                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                                                        5⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Loads dropped DLL
                                                                                                        • Modifies registry class
                                                                                                        PID:4948
                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                                                        5⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Loads dropped DLL
                                                                                                        • Modifies registry class
                                                                                                        PID:2908
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                          6⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          • Registers COM server for autorun
                                                                                                          • Modifies registry class
                                                                                                          PID:5536
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                          6⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          • Registers COM server for autorun
                                                                                                          • Modifies registry class
                                                                                                          PID:5532
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                          6⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          • Registers COM server for autorun
                                                                                                          • Modifies registry class
                                                                                                          PID:5632
                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Q0ExNDYyNDQtRThFNC00MjNELUIxNzgtMUNBNjQwNjRGMkE3fSIgdXNlcmlkPSJ7OTk4RDdCMUQtOERFRS00Qzk4LUIwNjMtRDQwRDZENTFFOTY4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCMUQ1ODM1Ny00NDM0LTQ4MjYtQTY2RC05N0IwRUE3RjM3N0R9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4yOSIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk1MTIxOTAzMTMiIGluc3RhbGxfdGltZV9tcz0iNDI4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                        5⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Loads dropped DLL
                                                                                                        • Checks system information in the registry
                                                                                                        PID:3816
                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{CA146244-E8E4-423D-B178-1CA64064F2A7}" /silent
                                                                                                        5⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Loads dropped DLL
                                                                                                        PID:4060
                                                                                                  • C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\RobloxPlayerBeta.exe
                                                                                                    "C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\RobloxPlayerBeta.exe" -app -isInstallerLaunch
                                                                                                    3⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                    • Suspicious use of UnmapMainImage
                                                                                                    PID:3580
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7211044165479943246,17012206391444519398,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 /prefetch:2
                                                                                                  2⤵
                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                  PID:2184
                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                1⤵
                                                                                                  PID:3836
                                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                  1⤵
                                                                                                    PID:964
                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                                    1⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    • Checks system information in the registry
                                                                                                    • Modifies data under HKEY_USERS
                                                                                                    PID:5688
                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Q0ExNDYyNDQtRThFNC00MjNELUIxNzgtMUNBNjQwNjRGMkE3fSIgdXNlcmlkPSJ7OTk4RDdCMUQtOERFRS00Qzk4LUIwNjMtRDQwRDZENTFFOTY4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1QTlBNUVFMy0xMDczLTQ0QjktQjk2NC1FNkY0RDczMjE0NUZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk1MTc0MjAzNDIiLz48L2FwcD48L3JlcXVlc3Q-
                                                                                                      2⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      • Checks system information in the registry
                                                                                                      PID:5736
                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E800B720-1DD7-41D9-8210-F55EA8D4BABF}\MicrosoftEdge_X64_124.0.2478.67.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E800B720-1DD7-41D9-8210-F55EA8D4BABF}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                                      2⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Drops file in Program Files directory
                                                                                                      PID:5212
                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E800B720-1DD7-41D9-8210-F55EA8D4BABF}\EDGEMITMP_ECBB9.tmp\setup.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E800B720-1DD7-41D9-8210-F55EA8D4BABF}\EDGEMITMP_ECBB9.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E800B720-1DD7-41D9-8210-F55EA8D4BABF}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                                        3⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Drops file in Program Files directory
                                                                                                        PID:592
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E800B720-1DD7-41D9-8210-F55EA8D4BABF}\EDGEMITMP_ECBB9.tmp\setup.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E800B720-1DD7-41D9-8210-F55EA8D4BABF}\EDGEMITMP_ECBB9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E800B720-1DD7-41D9-8210-F55EA8D4BABF}\EDGEMITMP_ECBB9.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff60dca88c0,0x7ff60dca88cc,0x7ff60dca88d8
                                                                                                          4⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Drops file in Program Files directory
                                                                                                          PID:1176
                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Q0ExNDYyNDQtRThFNC00MjNELUIxNzgtMUNBNjQwNjRGMkE3fSIgdXNlcmlkPSJ7OTk4RDdCMUQtOERFRS00Qzk4LUIwNjMtRDQwRDZENTFFOTY4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntENDM2RjZENy1CMkFGLTQ2MEMtQjVDQi0yM0VGRjVBNEJENzJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI0LjAuMjQ3OC42NyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTUzMDM0MDQ1OSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk1MzA0OTAyNTMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDE3NjMxMDQ1OCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMTMxYmQ1ZDctOWM2NS00NzZhLTkwNzUtZTI0OTRmOGRhOWU0P1AxPTE3MTUwNDI3NzcmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9WlVXWnlHY1BPZCUyZnFCc3cweUR5Y2lCS08zQTBvJTJmUGNnOUpKU2dvdzBudEttRUQ1dUJmZUtEN3E0aXpnRmMyNUUzQXFRRHhOYWg3MmR1OW9PRWJPdVJnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTcyNzIzNzY4IiB0b3RhbD0iMTcyNzIzNzY4IiBkb3dubG9hZF90aW1lX21zPSI1ODIzNyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMTc2NDAwMzYzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAxOTA1NTAyODMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNjM2OTkwMjcyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNzc4IiBkb3dubG9hZF90aW1lX21zPSI2NDU3MiIgZG93bmxvYWRlZD0iMTcyNzIzNzY4IiB0b3RhbD0iMTcyNzIzNzY4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0NDY0MCIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                                      2⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      • Checks system information in the registry
                                                                                                      PID:4496
                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                                                    1⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    • Checks system information in the registry
                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                    PID:2620
                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                                    1⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    • Checks system information in the registry
                                                                                                    • Modifies data under HKEY_USERS
                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                    PID:3532
                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{13BDB523-8CED-4B58-9A51-4DF5F382208F}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{13BDB523-8CED-4B58-9A51-4DF5F382208F}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe" /update /sessionid "{241849AA-F470-47B7-96DD-2BEA9BD10210}"
                                                                                                      2⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:1608
                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU2912.tmp\MicrosoftEdgeUpdate.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Temp\EU2912.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{241849AA-F470-47B7-96DD-2BEA9BD10210}"
                                                                                                        3⤵
                                                                                                        • Sets file execution options in registry
                                                                                                        • Executes dropped EXE
                                                                                                        • Loads dropped DLL
                                                                                                        • Checks system information in the registry
                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                        PID:2696
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                                                          4⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          • Modifies registry class
                                                                                                          PID:4412
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                                                          4⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          • Modifies registry class
                                                                                                          PID:4724
                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                            5⤵
                                                                                                            • Executes dropped EXE
                                                                                                            • Loads dropped DLL
                                                                                                            • Registers COM server for autorun
                                                                                                            • Modifies registry class
                                                                                                            PID:5020
                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                            5⤵
                                                                                                            • Executes dropped EXE
                                                                                                            • Loads dropped DLL
                                                                                                            • Registers COM server for autorun
                                                                                                            • Modifies registry class
                                                                                                            PID:2388
                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                            5⤵
                                                                                                            • Executes dropped EXE
                                                                                                            • Loads dropped DLL
                                                                                                            • Registers COM server for autorun
                                                                                                            • Modifies registry class
                                                                                                            PID:5700
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjQxODQ5QUEtRjQ3MC00N0I3LTk2REQtMkJFQTlCRDEwMjEwfSIgdXNlcmlkPSJ7OTk4RDdCMUQtOERFRS00Qzk4LUIwNjMtRDQwRDZENTFFOTY4fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7NDY1QUM3MDgtRkZEOC00MjlFLTgxQTQtNUFFNzlBNkRFNENDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg1LjI5IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMyIgaW5zdGFsbGRhdGV0aW1lPSIxNzE0MTYwMDc2Ij48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzU5ODA2NTQwOCIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                                          4⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          • Checks system information in the registry
                                                                                                          PID:4704
                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjQxODQ5QUEtRjQ3MC00N0I3LTk2REQtMkJFQTlCRDEwMjEwfSIgdXNlcmlkPSJ7OTk4RDdCMUQtOERFRS00Qzk4LUIwNjMtRDQwRDZENTFFOTY4fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InszMUJEQURFQy05MjI3LTRFODUtQTNEOS02ODI5REYzQzEyMDV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7c0c5REo2TTNmWmtQN0NFTFdHbkR4Qyt3YVJhUUV1RUx2TElmWGsvTUF0Yz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODUuMjkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iSXNPbkludGVydmFsQ29tbWFuZHNBbGxvd2VkPS10YXJnZXRfZGV2IiBpbnN0YWxsYWdlPSIzIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjczMjI4NDMxNyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjczMjU5Njg5MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTc1ODA1NjUzNjciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy83MmVkODA4Ny1lZTk4LTQyOWMtOTMzMC1jYTNjMTkzZDQxYWY_UDE9MTcxNTA0MzA5NyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1UUXElMmJ6ZGFZSjBaR3pjOG53NUJTZlBHckpRdGp1RnUlMmJkZFgyTlM2Qm5pY2tzZ1dVaFklMmZWRVlCbjlIOEt1dElKNjZyUks1cm5oR2IlMmIxQldSMkclMmZ0b1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMzEiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTc1ODA1NjUzNjciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzE1MDQzMDk3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVRRcSUyYnpkYVlKMFpHemM4bnc1QlNmUEdySlF0anVGdSUyYmRkWDJOUzZCbmlja3NnV1VoWSUyZlZFWUJuOUg4S3V0SUo2NnJSSzVybmhHYiUyYjFCV1IyRyUyZnRvUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MzA3OTIiIHRvdGFsPSIxNjMwNzkyIiBkb3dubG9hZF90aW1lX21zPSI0ODA1NDciLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTc1ODA1NjUzNjciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTc1ODU4Nzg1MzIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSI0IiByZD0iNjMyNSIgcGluZ19mcmVzaG5lc3M9IntCQUNCNEE1My04NzY0LTQ0MzUtOTg3MC0zMjBCMjU5MDZCMzl9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjMiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzU4OTExNTE5NjI0NjYxMCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSI0IiBhZD0iLTEiIHJkPSI2MzI1IiBwaW5nX2ZyZXNobmVzcz0iezk5QzM1OEVDLTREMzAtNDU3RC05ODcxLTkxMzNBRjlFODZCNH0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI0LjAuMjQ3OC42NyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2MzI4Ij48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7NEMyNkIwNzAtQzBCNi00QkMwLTkyNTQtNDI3QjczNUE2QkU4fSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                                      2⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      • Checks system information in the registry
                                                                                                      PID:5140
                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                                                    1⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                    PID:5604
                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                                    1⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    • Checks system information in the registry
                                                                                                    • Modifies data under HKEY_USERS
                                                                                                    PID:4756
                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjVGNzkwREYtRDEwOC00MkQ0LUFBRkEtNjMzRUMyN0Y3MDFGfSIgdXNlcmlkPSJ7OTk4RDdCMUQtOERFRS00Qzk4LUIwNjMtRDQwRDZENTFFOTY4fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RDcwREY5OUUtQTk1Ni00OUM4LUI2OUYtNjA3MjdFMTlDQ0MxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0R4T2JqSEdhK25SYTJhdEMzd28rSUVwQzc4K1pZZUFVYmtYcERDMmNqN1U9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIzIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTQxMzU5MzQiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1ODYzMzY3NjAwMDAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MDY4IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMDU5MjQ2MjQ4OCIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                                      2⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      • Checks system information in the registry
                                                                                                      PID:1272
                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DF3FB046-CAF0-4116-8C2E-316067E7C0F1}\BGAUpdate.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DF3FB046-CAF0-4116-8C2E-316067E7C0F1}\BGAUpdate.exe" --edgeupdate-client --system-level
                                                                                                      2⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Adds Run key to start application
                                                                                                      PID:1704
                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjVGNzkwREYtRDEwOC00MkQ0LUFBRkEtNjMzRUMyN0Y3MDFGfSIgdXNlcmlkPSJ7OTk4RDdCMUQtOERFRS00Qzk4LUIwNjMtRDQwRDZENTFFOTY4fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntFN0Y3RDU0Mi0yOEY3LTRDMzUtODRDNS0yN0Q2NEUxNDlCOTJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7MUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMi4wLjAuMzQiIGxhbmc9IiIgYnJhbmQ9IkVVRkkiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMDYwNzQ2MjU4OCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIwNjA3NDYyNTg4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIxMjc2MjEyMjQ2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNWYxOTU2MTItMzg0YS00OGVhLTg0MDgtYjRlZGU5ZGM1NmJiP1AxPTE3MTUwNDM4ODUmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9bmR5JTJiMVA2YkVHZFklMmJMdlk0RXVrejRMMWJqdm8yenhNcjJKMkJQWk9tajBNVWolMmJySWNwSHFmVTl1cDVGVVI2UXJDdjZKJTJmRDE3bXlUUWsxdiUyZjNTNkx3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMTI3NjIxMjI0NiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNWYxOTU2MTItMzg0YS00OGVhLTg0MDgtYjRlZGU5ZGM1NmJiP1AxPTE3MTUwNDM4ODUmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9bmR5JTJiMVA2YkVHZFklMmJMdlk0RXVrejRMMWJqdm8yenhNcjJKMkJQWk9tajBNVWolMmJySWNwSHFmVTl1cDVGVVI2UXJDdjZKJTJmRDE3bXlUUWsxdiUyZjNTNkx3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTgwNDQ0NDgiIHRvdGFsPSIxODA0NDQ0OCIgZG93bmxvYWRfdGltZV9tcz0iNjI0NjkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMTI3NjIxMjI0NiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIxMjgyMTUwNjQ3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjEyODM4Njg1MTEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI5MDYiIGRvd25sb2FkX3RpbWVfbXM9IjY2ODQ0IiBkb3dubG9hZGVkPSIxODA0NDQ0OCIgdG90YWw9IjE4MDQ0NDQ4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSIxNzEiLz48L2FwcD48L3JlcXVlc3Q-
                                                                                                      2⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      • Checks system information in the registry
                                                                                                      PID:5516
                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                                    1⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    • Checks system information in the registry
                                                                                                    • Modifies data under HKEY_USERS
                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                    PID:5984
                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E4D1A591-23BE-47BA-8A3D-69A76E17F11D}\MicrosoftEdge_X64_124.0.2478.67.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E4D1A591-23BE-47BA-8A3D-69A76E17F11D}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                                                                      2⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:5684
                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E4D1A591-23BE-47BA-8A3D-69A76E17F11D}\EDGEMITMP_1ED0D.tmp\setup.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E4D1A591-23BE-47BA-8A3D-69A76E17F11D}\EDGEMITMP_1ED0D.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E4D1A591-23BE-47BA-8A3D-69A76E17F11D}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                                                                        3⤵
                                                                                                        • Modifies Installed Components in the registry
                                                                                                        • Executes dropped EXE
                                                                                                        • Registers COM server for autorun
                                                                                                        • Installs/modifies Browser Helper Object
                                                                                                        • Drops file in Program Files directory
                                                                                                        • Modifies Internet Explorer settings
                                                                                                        • Modifies registry class
                                                                                                        • System policy modification
                                                                                                        PID:4536
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E4D1A591-23BE-47BA-8A3D-69A76E17F11D}\EDGEMITMP_1ED0D.tmp\setup.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E4D1A591-23BE-47BA-8A3D-69A76E17F11D}\EDGEMITMP_1ED0D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E4D1A591-23BE-47BA-8A3D-69A76E17F11D}\EDGEMITMP_1ED0D.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff6bd6c88c0,0x7ff6bd6c88cc,0x7ff6bd6c88d8
                                                                                                          4⤵
                                                                                                          • Executes dropped EXE
                                                                                                          PID:3792
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E4D1A591-23BE-47BA-8A3D-69A76E17F11D}\EDGEMITMP_1ED0D.tmp\setup.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E4D1A591-23BE-47BA-8A3D-69A76E17F11D}\EDGEMITMP_1ED0D.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
                                                                                                          4⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Drops file in System32 directory
                                                                                                          PID:5600
                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E4D1A591-23BE-47BA-8A3D-69A76E17F11D}\EDGEMITMP_1ED0D.tmp\setup.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E4D1A591-23BE-47BA-8A3D-69A76E17F11D}\EDGEMITMP_1ED0D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E4D1A591-23BE-47BA-8A3D-69A76E17F11D}\EDGEMITMP_1ED0D.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff6bd6c88c0,0x7ff6bd6c88cc,0x7ff6bd6c88d8
                                                                                                            5⤵
                                                                                                            • Executes dropped EXE
                                                                                                            PID:1396
                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MEE1MUE1OTktMTczNi00N0I1LTkyOUEtOTk4QkYyMkUxNEZEfSIgdXNlcmlkPSJ7OTk4RDdCMUQtOERFRS00Qzk4LUIwNjMtRDQwRDZENTFFOTY4fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins1Qzk1RUQ0MS01NDQ3LTQ2MjUtOEQ1Mi04QjJEMTZCMEI4QkR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4yOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJJc09uSW50ZXJ2YWxDb21tYW5kc0FsbG93ZWQ9LXRhcmdldF9kZXY7UHJvZHVjdHNUb1JlZ2lzdGVyPSU3QjFGQUI4Q0ZFLTk4NjAtNDE1Qy1BNkNBLUFBN0QxMjAyMTk0MCU3RCIgaW5zdGFsbGFnZT0iMyIgY29ob3J0PSJycmZAMC44MiI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjMyOSIgcGluZ19mcmVzaG5lc3M9IntEQkQ2MDI1RS0zQ0E0LTQxRUQtQTNDQS0wNzk3MEIzODRGMzZ9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iMTI0LjAuMjQ3OC42NyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIzIiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTg5MTE1MTk2MjQ2NjEwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMTUzMjMwNTk2MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMTUzMjMwNTk2MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMTU1ODI0MzU0MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMTU3MTY4MTI5MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjE5MjEzNjg3ODQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI5MDciIGRvd25sb2FkZWQ9IjE3MjcyMzc2OCIgdG90YWw9IjE3MjcyMzc2OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjIiIGluc3RhbGxfdGltZV9tcz0iMzQ5NjkiLz48cGluZyBhY3RpdmU9IjAiIHJkPSI2MzI5IiBwaW5nX2ZyZXNobmVzcz0ie0VDMjBCRDBCLTBDMUQtNDY1My1BN0YyLTdCRjc4M0RGQkQ3Nn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI0LjAuMjQ3OC42NyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2MzI4IiBjb2hvcnQ9InJyZkAwLjMwIj48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2MzI5IiBwaW5nX2ZyZXNobmVzcz0iezVBOTU2MDEzLTBCOTktNDVGOS05MUMyLTRCNTY5M0ZBMDIwMn0iLz48L2FwcD48L3JlcXVlc3Q-
                                                                                                      2⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      • Checks system information in the registry
                                                                                                      PID:2508

                                                                                                  Network

                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                  Replay Monitor

                                                                                                  Loading Replay Monitor...

                                                                                                  Downloads

                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Installer\setup.exe

                                                                                                    Filesize

                                                                                                    6.8MB

                                                                                                    MD5

                                                                                                    c31297188ec9fbaa60449f769339963e

                                                                                                    SHA1

                                                                                                    8502d9e0cef18137529f0a46ad6e69a1577e6cae

                                                                                                    SHA256

                                                                                                    2e2eff110475dd3dfd732ab514e4692032e67b2d228d0081634a87f45cde5ff9

                                                                                                    SHA512

                                                                                                    9525e3e08b953fe36270c7b4868959e9bded055c5577e5ca94d79606b671e6660d180f763b54a276bf356e82d7073901c373e0b40cfca924cc4b38384c20e22a

                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe

                                                                                                    Filesize

                                                                                                    17.2MB

                                                                                                    MD5

                                                                                                    3f208f4e0dacb8661d7659d2a030f36e

                                                                                                    SHA1

                                                                                                    07fe69fd12637b63f6ae44e60fdf80e5e3e933ff

                                                                                                    SHA256

                                                                                                    d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b

                                                                                                    SHA512

                                                                                                    6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740

                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\124.0.2478.67\MicrosoftEdge_X64_124.0.2478.67.exe

                                                                                                    Filesize

                                                                                                    164.7MB

                                                                                                    MD5

                                                                                                    dabc3160a804b9fadd89ceb0fcecf388

                                                                                                    SHA1

                                                                                                    b52f15e866a18637683bdf0ea4eaa326b787396f

                                                                                                    SHA256

                                                                                                    53eb39a92ee0d2eb94f6d33c015097bddd9cfe5c4129d3ac9a9facbfb5087bfe

                                                                                                    SHA512

                                                                                                    74fc0f21d7cf99e07c079224e2af8a4a51bff98a97bc471cfedfbd3a28d3ee681fbd63fa7239948c3c0bf4f9af56dc582dd128f8c08b54cb73389e85f949f431

                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe

                                                                                                    Filesize

                                                                                                    1.6MB

                                                                                                    MD5

                                                                                                    b18c705b3c68cc49d9bf3649abc75c24

                                                                                                    SHA1

                                                                                                    6dc8963dea0f3185368790dee2a346301b4fa24c

                                                                                                    SHA256

                                                                                                    c2ca3135f3cafd79bf90d4cb3118943ca17f40e0d651d1fc32b1b3d22d1412aa

                                                                                                    SHA512

                                                                                                    7ac302c1e85c652bd897ce1af812950cd23a53c041af82fdcecb2314bbd1667bf2fc672dea40c21858e64befc9bf60190a4428f0b41c30317bb0e5ec7c00f71b

                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E4D1A591-23BE-47BA-8A3D-69A76E17F11D}\EDGEMITMP_1ED0D.tmp\SETUP.EX_

                                                                                                    Filesize

                                                                                                    2.7MB

                                                                                                    MD5

                                                                                                    5070a34dbada1aaa375cc572b5fc7d0c

                                                                                                    SHA1

                                                                                                    e74b7ef714755870976abe3d2b4a7db0b9cc21e5

                                                                                                    SHA256

                                                                                                    03e7a32e1f10fced6a07dfa4e6cfd92510d4bf6929d423798e4fb5ca91fe6c20

                                                                                                    SHA512

                                                                                                    fed3fcbb64a59070b0efd677ca2edc982d28e37cdf7283f2777af8aca7d3760a7eefb8d01b3c2bf4b4ec3708a74c3412f0dede91e31dca1b6f8a4e4edc673aa7

                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

                                                                                                    Filesize

                                                                                                    201KB

                                                                                                    MD5

                                                                                                    4dc57ab56e37cd05e81f0d8aaafc5179

                                                                                                    SHA1

                                                                                                    494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                                                                                    SHA256

                                                                                                    87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                                                                                    SHA512

                                                                                                    320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                                                                                  • C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

                                                                                                    Filesize

                                                                                                    5.1MB

                                                                                                    MD5

                                                                                                    911c020a364b10fe1de664c01de4534c

                                                                                                    SHA1

                                                                                                    8731aee51722d2e1604864eb8f03abe3e6d35441

                                                                                                    SHA256

                                                                                                    cb84418aa6ff71e927125f05cd74b10cef07b40fe19a17f9ba5c3bd57f2d9591

                                                                                                    SHA512

                                                                                                    7e2c2259dde1fcb1a10a3864b1e24f892fb28d1c0a9a8b1b32d6b512d9f49b031cf6119f55dad008f0b2a5dc87ae606ee0c2918fdc44fc307d56bc933537db7b

                                                                                                  • C:\Program Files\MsEdgeCrashpad\settings.dat

                                                                                                    Filesize

                                                                                                    280B

                                                                                                    MD5

                                                                                                    9511537a90252eacc1e310ac43210962

                                                                                                    SHA1

                                                                                                    d8866f9e6d773ac024b103773a18ef653939a789

                                                                                                    SHA256

                                                                                                    9aa96b3a3b86c9704e97d5104f19c9e51fee8474c120baa0b19e6834dcf79f10

                                                                                                    SHA512

                                                                                                    b605c335d8e26e64ec58c5e38456157a3bd0db64aea18ce81dfd6f3449d57ca33afb3029122f27aec706db2b9a292025312e65f753aae20299baa6fdc0c06dbb

                                                                                                  • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

                                                                                                    Filesize

                                                                                                    107KB

                                                                                                    MD5

                                                                                                    89b4b8d7afbc8b7f977376b1ba00e533

                                                                                                    SHA1

                                                                                                    41b7e2a5b31f689911e20dec78035fb750d9b977

                                                                                                    SHA256

                                                                                                    d5acf5c8604e77268fa53fb24f868d0834e38f75a14f543383fa95ea8db192c2

                                                                                                    SHA512

                                                                                                    7bb3f3392addb7c5cce51d0ee456d1446fbf75a684c948f62cc063f99da688b247ce3e8b1568f9e6e2ff27874efc4b97fdeeb2f95047f9a6952424a36445af29

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

                                                                                                    Filesize

                                                                                                    200KB

                                                                                                    MD5

                                                                                                    a484f2f3418f65b8214cbcd3e4a31057

                                                                                                    SHA1

                                                                                                    5c002c51b67db40f88b6895a5d5caa67608a65ce

                                                                                                    SHA256

                                                                                                    79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

                                                                                                    SHA512

                                                                                                    0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\23aab9e30ef0d9d7_0

                                                                                                    Filesize

                                                                                                    19KB

                                                                                                    MD5

                                                                                                    f510b7d20a3c34b82754a5fc0473c1f7

                                                                                                    SHA1

                                                                                                    0c0d13f103f2f4de06587ed4397adffb192b0fc4

                                                                                                    SHA256

                                                                                                    394dd16fb685e46178c7e0d332b338eec95762eb70bba87f076ce32fd5d7d6bc

                                                                                                    SHA512

                                                                                                    7d7024e6546157ddfe05cf8d30eab60d686129ddc909b9bf31a08a43666c2bd423d2ca318e6e8ded1d534a9c6149877517e2c6e297499d092278b982260fbc50

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6c03a66f55691377_0

                                                                                                    Filesize

                                                                                                    280B

                                                                                                    MD5

                                                                                                    b447e026f5698e3d6132199e3a154f96

                                                                                                    SHA1

                                                                                                    66c89732b8136fb86fabbae9dcb60523785459bd

                                                                                                    SHA256

                                                                                                    67c1e95ac83fa062d7d2588f1b879ba43223443c69cceadd65a34d4dde418f54

                                                                                                    SHA512

                                                                                                    6148dfdb0e10ca684ebf04f0662d03c403aa36f6e172af25207e8d37b8d4f36242718cd5a8fe239282e44534190f28d245ad1e763c2de8defbef9de953af7fee

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                    Filesize

                                                                                                    408B

                                                                                                    MD5

                                                                                                    a356fe109f2dd8189b30637a8d7d0086

                                                                                                    SHA1

                                                                                                    ac9767d577df5e239169cc0f33df37c4cfa2ab46

                                                                                                    SHA256

                                                                                                    b64df0998df790e07c0e91c1b19497276d0c8a8fd90ff6fc8ae7980ded0608a1

                                                                                                    SHA512

                                                                                                    81359187307acbbd49363c658eddfe9929cb02c67f2f88143bd1f3b89cd09afe4001940525d9a428d72d9b1a8594b4d3ede4cf9380e109d95ef7e9a01996406d

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                    Filesize

                                                                                                    288B

                                                                                                    MD5

                                                                                                    e846471d4d2714447e4961b4fa032026

                                                                                                    SHA1

                                                                                                    0ed7db5f7ce24f5bdf6beea1e0da267d124ceacc

                                                                                                    SHA256

                                                                                                    4f43e0a69f579fc77a7ad1ad55ab33c3c2dc83669d0005d1a230d0e75522dee6

                                                                                                    SHA512

                                                                                                    e1bfe81d5ff91d9e1e43b852ae603e9d0e1a95ec2f1f13cf548716a8fbc5b82d15f3398ad01493367fa15a1001b881f7cbcc20536a64039b49e887a0eb2e2a4f

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                    Filesize

                                                                                                    408B

                                                                                                    MD5

                                                                                                    b9ca8e65ef816d2f7c068cb63ad5fcc2

                                                                                                    SHA1

                                                                                                    1ba8e48addd14505e212b7da85cbda6bad0d0785

                                                                                                    SHA256

                                                                                                    338cd4b553f5f6c01a14dd648f47bbbbea7cfdbd712842d7f4f331d7da0c166e

                                                                                                    SHA512

                                                                                                    f13249890dc4a9b32dfa843b0f33b72f34da36c2a89340dd8befd6fb9e4441ed62cfe849b4f7a06ce3b61c59a0e20a88f2e9a9841f8dbdf15f283f5b833d37d1

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                    Filesize

                                                                                                    408B

                                                                                                    MD5

                                                                                                    6c7cf4e1401cc5624c47b869f5473ad0

                                                                                                    SHA1

                                                                                                    e7f6a04944feab26be2ddf50363800e3f236a982

                                                                                                    SHA256

                                                                                                    b90480ddd267d5a78ad49e50ad3b3b02cd114781d00c3650deb806ebb487adc6

                                                                                                    SHA512

                                                                                                    cb4e5a11875c0ec7a4a0def37c08179f351687a56ed1f3fd4b1a8d989465e1105c316eb2d571a1877677237bcec5dd337e2516cd16497a529d9830e354fdfb75

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                    Filesize

                                                                                                    408B

                                                                                                    MD5

                                                                                                    44181d6c3c0aceecdb0f8483a31cc5fc

                                                                                                    SHA1

                                                                                                    ec818f7169eed0e61219069a9c905744c2b05a64

                                                                                                    SHA256

                                                                                                    865bcc3fc9258d7a8fb345936588fc477b8bd3a151a605b6b22a669fe69ed483

                                                                                                    SHA512

                                                                                                    30db7e09fca6738ff8505170d218011ab3a54a44e994af3d59b7378f85d9ba15fe21bcbaf1e62b61227e062f342fb908f6489cc95d3034c8abec0023dd90a941

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                    Filesize

                                                                                                    408B

                                                                                                    MD5

                                                                                                    b7ca35397abf132e80afd8b78c50c0a3

                                                                                                    SHA1

                                                                                                    2062c4b650ed9f1e8a287548fe8d93d3cfc26044

                                                                                                    SHA256

                                                                                                    9629bc1fb02e24ae859c293edaa6c4e93fb60d89af0491cfad4e53cd82cf7515

                                                                                                    SHA512

                                                                                                    d72ec90f5bef8aba6502a54f7caed69ab507740ea823b69fc5a3b6badea00f593e85d7d222277ff4d548be78672fe5d214b7d2fd7175caf4f7c6ee110b3dd165

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                    Filesize

                                                                                                    408B

                                                                                                    MD5

                                                                                                    f9f3d9db831b7ad39295d3999f08a3b4

                                                                                                    SHA1

                                                                                                    7fa87b67a3351443ab238f0dbfedb4974b626790

                                                                                                    SHA256

                                                                                                    3cd663165e60e10535fb187fcac6d0cf024dd5da564daa3052164c67f6c185ee

                                                                                                    SHA512

                                                                                                    58ac84aa53a432724cf782f20b5490cfa80f409a009e0f63b216a7b8e235b98b24cd755cf8852b8ed382e562fff8860b4ad9c58d546c3fe039ac56cc84af3455

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                    Filesize

                                                                                                    408B

                                                                                                    MD5

                                                                                                    c94931c3100983412f680fc346fcc66b

                                                                                                    SHA1

                                                                                                    275a0f7ea8245b0cecbccccb10fc682968303d9a

                                                                                                    SHA256

                                                                                                    7e380dd3d24e2d3c27991cc98740d10601afeaff026d4bcd0174f672bc21badd

                                                                                                    SHA512

                                                                                                    ad87970a9037c5a51a94a8d275b31ef3ee9c75eca43d83d6f45437730614db279ee8b650014321bcd324db2df1614c5a5262ec75a184ab6d8c92e76c0a3e3cd5

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                    Filesize

                                                                                                    2KB

                                                                                                    MD5

                                                                                                    d14ca67b6f192c34dd65dc3600015ce2

                                                                                                    SHA1

                                                                                                    9e3cec2cbf78c1c11e92baeff140a9361ce780e8

                                                                                                    SHA256

                                                                                                    37ecdab7e9aa78f31b368ef3dcbaaf0c07c7779e04a97ef1b9528445c46c85b3

                                                                                                    SHA512

                                                                                                    629ba7087d54d32f84c90239bf1018152277000c25afbc400e31e7d3f481b5b24c75a1a68227f4afe361a761f411f07261b037f21c8cc1d57ce0ca8a8a536425

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                    Filesize

                                                                                                    2KB

                                                                                                    MD5

                                                                                                    e50633709b77ae7a535f161487d75a39

                                                                                                    SHA1

                                                                                                    4a220389f13c7bf1f4fe90eedce74a30cddaf491

                                                                                                    SHA256

                                                                                                    92521718281a149528d2bc2c7482b6cfbac9defeaac3649744d4a261fec8380f

                                                                                                    SHA512

                                                                                                    8aa97446a6463bff08be87b3dcc427fd35c9afb6b7b4ce3ce27d9ce75b1e33e180917c9754e4c65438d603ab93028098b81bfcf26eb686f9659bbb98b0674ec5

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                    Filesize

                                                                                                    2KB

                                                                                                    MD5

                                                                                                    6a2bfbcc0b1cb9423d0296d064285006

                                                                                                    SHA1

                                                                                                    fb1b8ab90a5abf611603c4a9e41b130982cb7821

                                                                                                    SHA256

                                                                                                    fcd1e9c51677eb26cc119aab325e2706c04562d55e133be6ee4c5bb9d849f119

                                                                                                    SHA512

                                                                                                    18533c6e480f3c0c47bc6b760f39263d9afdf6a34d2d88e52b2015c93f673e5c4422425de8747afdf9e3b0a35021cff84c8cdb2d5881b637db1d9a0913868cee

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                    Filesize

                                                                                                    2KB

                                                                                                    MD5

                                                                                                    9f8fe446455e494b386fa3eb22630131

                                                                                                    SHA1

                                                                                                    1fcbcd2600b1bbc79d3244a7dd76bc7814689db7

                                                                                                    SHA256

                                                                                                    5fa0dfa870217c12980353cc9033a529b4a854e7ef0b6a30717d8ad3f54e43e4

                                                                                                    SHA512

                                                                                                    1a6bf4ec7b68209c68d6d0f0953c3fc69406a8fadf151831ee7ac478271fd59a5852c72e867744763c0f43c1c12c10c1a405e253aa76d76d097bf065f2111d93

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                    Filesize

                                                                                                    2KB

                                                                                                    MD5

                                                                                                    c335c04601886b0e087fed8bff983f07

                                                                                                    SHA1

                                                                                                    7f5688537ce7a1aebf51e829e434aad1f9006851

                                                                                                    SHA256

                                                                                                    8f6c356deaf68c020b69e5e7b3e55a8b7d0a7ee7b85ca7107e1275155f35e550

                                                                                                    SHA512

                                                                                                    bae17d0e697d14f0c2a68d97f835fb20fd17541ce97d5a6036ee0c2041ae1bc5a09e94e499cc4ff0792944066c8a881e132a24847d1dc107c471fd299f68f280

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                    Filesize

                                                                                                    2KB

                                                                                                    MD5

                                                                                                    15677ab939391830720834457e3ea66f

                                                                                                    SHA1

                                                                                                    0e20d9fd933ca21eefb1e342ea08ef4574b180ee

                                                                                                    SHA256

                                                                                                    f0587abd2176d378b577426ef2b0dc4f64f493d7663faa1e5ab87e2620b8fc01

                                                                                                    SHA512

                                                                                                    28fd533ab4f8358cc1d88303ac80be45867004589f0aa2cf1d0889e23f74183f2bc8fe03d6e81b929d44ee1bb26165c90e1e6720af437cae3fc9f7c3972f15e1

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                    Filesize

                                                                                                    2B

                                                                                                    MD5

                                                                                                    d751713988987e9331980363e24189ce

                                                                                                    SHA1

                                                                                                    97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                    SHA256

                                                                                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                    SHA512

                                                                                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                    Filesize

                                                                                                    354B

                                                                                                    MD5

                                                                                                    632b811ce2e60f103c8dc09c97783ff7

                                                                                                    SHA1

                                                                                                    d57077cbd87ef05bace2ddeab63801365a12a645

                                                                                                    SHA256

                                                                                                    59af31ff172aed2457fa6fdc222b99e0aeed33aaea840c69cc63112c61e96aa7

                                                                                                    SHA512

                                                                                                    f4d26cbf1f6ffd285728f89cac128bd8e0a76dacc0df4c290025064680cde531c8869a40e80f653078ce0f4369fb6e9e5a4d7ceba891c2e7a903c10348ed7f21

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                    Filesize

                                                                                                    688B

                                                                                                    MD5

                                                                                                    254041d6178739dd9d71cff1a7cd2d44

                                                                                                    SHA1

                                                                                                    ef056f11903cd2bd38cd32b95d5cd3809a156dc2

                                                                                                    SHA256

                                                                                                    402a5d9131350e332ebb847cc85f593a5fb08f01d01eac091c1482d1c6e8a279

                                                                                                    SHA512

                                                                                                    015b61b71981f9c498eb6e9542302ce1a6d837442c0823e8d98dabee699e3f57e75e64fd02c3eb96b74883f77497d3a7a945af257c35aa7326b33c8729e4098e

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                    Filesize

                                                                                                    688B

                                                                                                    MD5

                                                                                                    618e81742cc9127436f402f3c7e371cb

                                                                                                    SHA1

                                                                                                    3d1eac87c3988d78304cf4adc90a4ed45e6ae686

                                                                                                    SHA256

                                                                                                    6b7f1ff1080a90b876060430892e973747823b3f698eec19512b6bc73807875e

                                                                                                    SHA512

                                                                                                    d3a7faceb0d4a1acbe6c500976ab8d71df5dfff7755f03924277cea10ef623096654025357d27f0a709d9c800d056a8e2a20c61f0ef583f8013e31cf67843c43

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    7KB

                                                                                                    MD5

                                                                                                    4817f29643f5aa82a221ed2a4bb002e3

                                                                                                    SHA1

                                                                                                    abf6b19dc1653a4928b076acf9867ab1f3bb10f3

                                                                                                    SHA256

                                                                                                    bc8c693d9ee3e5f1e6daf3bbc0eef5a1458f2fa7b4a1ef8e8c7c65e46f13cb9b

                                                                                                    SHA512

                                                                                                    bd95b18fc7d19e8775658d5820999632119184e3af2fcfef2551706ec5a5d336296de5cefcbfe8a9240a8a7761471f20d35230a67b9365facd73096e221aa36d

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    6KB

                                                                                                    MD5

                                                                                                    61979abbcc26f7e5ce89e065b396442d

                                                                                                    SHA1

                                                                                                    2d1730de9e24c9154e8553125ceced291fb5ddf4

                                                                                                    SHA256

                                                                                                    1981711be4e3d72b3b3eca9d9562bdc62fc2cba650ed4fc5a283db9962d527ed

                                                                                                    SHA512

                                                                                                    2c29de6ac3892b0f970c8fb5438659906fccfc791d2f21e5c2fb51b7dd026891a759c65820e36a43d5445bc8c9cbcc1fd3728352156e8f8c3d5d82a81a366d12

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    7KB

                                                                                                    MD5

                                                                                                    7bff9e833a3d0e3c76671858fbcbe2ef

                                                                                                    SHA1

                                                                                                    ef285a81d9670e49e364fdf82e9cb66928b22091

                                                                                                    SHA256

                                                                                                    b0c00cc83d5a53b3960c308b545cdd2195d2a77a4f525841166132e7d3ea2e7a

                                                                                                    SHA512

                                                                                                    ae32d73171b88e4a2f86238c874fd4679906f12c10e9b8d66a28376e3a75bf8826a775a273c03841d4cba394ed5caa5c493f55474c42c6dcc50c310069a56d27

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    7KB

                                                                                                    MD5

                                                                                                    948d46505430d3b8298e5720c1ab03da

                                                                                                    SHA1

                                                                                                    2b2ec9d0502d4cd2b85247546788886e6283cfe2

                                                                                                    SHA256

                                                                                                    ec8692d404149ae758e08f88a780941cef9129127ab65eb5c82f9c0499dbea70

                                                                                                    SHA512

                                                                                                    f8e7793d5dfda7f100c2978717bfaedde6452b2e846e59b334e650f059558b785a97ab8f35ffbcf6e2b87014f2c68674aef7047082b2424b05d7583bdeed7525

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                    Filesize

                                                                                                    16KB

                                                                                                    MD5

                                                                                                    2b5a8b6a320755191b09fb384d4f88f4

                                                                                                    SHA1

                                                                                                    a37aca05f19d262bad8e44f536c40734c7255281

                                                                                                    SHA256

                                                                                                    f87258e76bb0fd6f90c98edab81711e8665bda07d3296d870afb376912894d6f

                                                                                                    SHA512

                                                                                                    8e40a79e089e7f8eb61f214208514c8b3d3e445c29786e6945e81b9ca9d5ecec36b2e7521f823e850a30d1e18b4f6e26a7c7321b36196b2bdaf7ac5799404ba6

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                    Filesize

                                                                                                    256KB

                                                                                                    MD5

                                                                                                    2617c0f405c078e5d7181b7b29fbbd89

                                                                                                    SHA1

                                                                                                    28664e22e265dda9e2c81cf744c77f9de368f574

                                                                                                    SHA256

                                                                                                    4898c02a42a8b5568be3f378654ef07420f2b6b780bd323357110c8fe488b1f1

                                                                                                    SHA512

                                                                                                    8d18479b0cad041c73f9d91eeaf1cc334bcc7e0775dd1982bd0b13623d7d9e11769bba5bb7a7a7503e7cb224cd69eebbcede8e362fd222a9c06041129481b99b

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                    Filesize

                                                                                                    94KB

                                                                                                    MD5

                                                                                                    9937f0d9559e5699fa1642dbc22bc566

                                                                                                    SHA1

                                                                                                    bd89a6e5742035ed8498ebb67bcedcc88608284b

                                                                                                    SHA256

                                                                                                    2037f3be9f646173cbb2c208b9647260b3b94da1a49a0e487548a8d89df3f8f6

                                                                                                    SHA512

                                                                                                    c01d65dea4b2c00a4ab6709d931d1ba2358f521e4712eb12cc91826e78b5a30ae7d822687934817bf7eb5d343dc47d916ed504b3017aef6bcbbf7a6fd2751ce0

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe594c03.TMP

                                                                                                    Filesize

                                                                                                    88KB

                                                                                                    MD5

                                                                                                    6eb0e7b8820a52a12616fa3caf8d05fe

                                                                                                    SHA1

                                                                                                    bf1dc8b39c4d68ca50d4adffd5b2edf5c2b288d5

                                                                                                    SHA256

                                                                                                    93f68715d113e8590bdd738ff306dc0d593e6a5da207faa69ab0b5dd6e2b8be2

                                                                                                    SHA512

                                                                                                    f4f4f1a0f685271c57e14bc3a4e95615ad8ba5e000576315b36cd59d882e72fcb71b10a049a1988cc49699bedbee979a2fa7f5314bdc6d130d535ffc21c82804

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                    Filesize

                                                                                                    152B

                                                                                                    MD5

                                                                                                    ecdc2754d7d2ae862272153aa9b9ca6e

                                                                                                    SHA1

                                                                                                    c19bed1c6e1c998b9fa93298639ad7961339147d

                                                                                                    SHA256

                                                                                                    a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

                                                                                                    SHA512

                                                                                                    cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                    Filesize

                                                                                                    152B

                                                                                                    MD5

                                                                                                    2daa93382bba07cbc40af372d30ec576

                                                                                                    SHA1

                                                                                                    c5e709dc3e2e4df2ff841fbde3e30170e7428a94

                                                                                                    SHA256

                                                                                                    1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

                                                                                                    SHA512

                                                                                                    65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                    Filesize

                                                                                                    3KB

                                                                                                    MD5

                                                                                                    5a33e2831fddfa018f46ec04ea518780

                                                                                                    SHA1

                                                                                                    10d3030383aceccbba0674ef30036062dee16831

                                                                                                    SHA256

                                                                                                    fa486c3e69fc26003bcaf423ea42100c24a423dfc6d313f358f61148b2923633

                                                                                                    SHA512

                                                                                                    2bb023b5a48c7715cad74944ebcb3682eecbdf53d6ea2be819c629340d8980561802a21f2ed1bb28d0f1d765882c10a28cc89c8283eb64747b400766657221e6

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                    Filesize

                                                                                                    2KB

                                                                                                    MD5

                                                                                                    ba3e2a753d669f9c167d49a9c6ccef37

                                                                                                    SHA1

                                                                                                    2523328adcdf656f75c7a4b852c95ff0ece7c81d

                                                                                                    SHA256

                                                                                                    85d5e191d57fb88051d9ac9b70ab45271b752a827dabab70ad37035f5c5a53ed

                                                                                                    SHA512

                                                                                                    cdfe95011d155c1db8a441845cba1ed70f87607983751957df40188ceb1f7811170b7332efed913c3a849ee4c26cd964f07a594bc3d35b352e9bed0312c3d721

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                    Filesize

                                                                                                    2KB

                                                                                                    MD5

                                                                                                    94a886356a9b7752a6940f85faa81d2d

                                                                                                    SHA1

                                                                                                    b389e6a816fb3eb3b562e634e112b86a7d022750

                                                                                                    SHA256

                                                                                                    dcf6760da5b8a5fdb5812c9e85ccfef9176e99ac25d42a6e92af5ba896d68578

                                                                                                    SHA512

                                                                                                    57dd56160b292c33bcb762f27d8efee7f7594a89c31e5d383207b02407c16507a396fb07392997ee952da97c378edb08a35d78ae2d018e88c3818e446714dee5

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    6KB

                                                                                                    MD5

                                                                                                    f06812647ac4c0a70d7483b2440bcdbe

                                                                                                    SHA1

                                                                                                    07ed04ddfa87f2d47a051ad56a47d1eb1ef74aac

                                                                                                    SHA256

                                                                                                    cd5e45e1e9096a6cded4f34b334e7ff937ef4d5f1f025056600286d0ed09248c

                                                                                                    SHA512

                                                                                                    3f46b656d162087f3a650077dcbef2c8e56b694805383f8cee9d3fc16452dcb84411f385a7148ec6e19f8f1d8661783e7717372ca092ef4b0f6599856562230b

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    6KB

                                                                                                    MD5

                                                                                                    7263f335650bde4f5f9e68e60d1bc7fc

                                                                                                    SHA1

                                                                                                    41900cf8546492ede31700f578d3dd6138c1d65a

                                                                                                    SHA256

                                                                                                    ffc6111abd9a9497192548c95ed93ff43fa93fd26321c9d90c3c151cc2feb282

                                                                                                    SHA512

                                                                                                    5ccbefa65f14aee581d4a5de29cc96f2020457931eff8f195d23c785e711f11934b98db999cf8f22a775456279345e2e85b5f8842ddf7ba8888e7572c5d41c45

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    6KB

                                                                                                    MD5

                                                                                                    8f5029120dadb97fd48c9d3d6a44255a

                                                                                                    SHA1

                                                                                                    5718ceecd5a253d129f51886a9109ded3186cde2

                                                                                                    SHA256

                                                                                                    30f39fdead1fbe22d3ef046d6932a4de4a04ee94419d4d72865e28fa543369d5

                                                                                                    SHA512

                                                                                                    35629104a6fb0d21a82eb655fab254406ca6d30dd711203f278c8c264f52903c1e4518d9417ababe374edabca6de399e7b13321603b5fedd57e4f4c88c3f3f50

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    6KB

                                                                                                    MD5

                                                                                                    6a98d5442ec282c9ccc6c3af25c5e871

                                                                                                    SHA1

                                                                                                    61bf2d99cf4fd470dc07ebd8bff92b5565477f62

                                                                                                    SHA256

                                                                                                    18ad3d17e52c2a46bb4928ef08d0ac0eee155af336f091113b91a667806af0e2

                                                                                                    SHA512

                                                                                                    24d8a83e8907a3017178ade8d3d05e3267a393e4569a6a224714ac32c73470b9cc1ee6f312577bc839922aef87d64cfc94a354c1591adf7faddb018e8a7b8779

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    97079be32bf8f8f5a380c336a017add0

                                                                                                    SHA1

                                                                                                    c893eafb6099a25112ad59716fa1ac9b586764ec

                                                                                                    SHA256

                                                                                                    ceb325325523e304f9d635e63a75d34cead839b221809b3a29ef0dbee9ee3893

                                                                                                    SHA512

                                                                                                    ce5a66c308b6abf27a9f47b9b152c1e842563cc3e4902f447446986f44b37ebe71371b09c0b034675c041c4fb436103f471e3f245dfb09e4b135a160d3499470

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5e7b87.TMP

                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    2bfb45733945fafc91254d4984e280f5

                                                                                                    SHA1

                                                                                                    dad363bee8b091dc967fc9e28a0649ee691b8445

                                                                                                    SHA256

                                                                                                    15da66efa497f021c264562014e62b94d4fa61bab7ab27048fa767f77f81058e

                                                                                                    SHA512

                                                                                                    e79039cad731cd5d726fc7d81f40b588c13265b67b7e8fd6dda6c5f901bdde80558d6c5f5700813c28229e333f936663f2217be31a010b6b8d3d2c83dc4810a8

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                    Filesize

                                                                                                    16B

                                                                                                    MD5

                                                                                                    6752a1d65b201c13b62ea44016eb221f

                                                                                                    SHA1

                                                                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                    SHA256

                                                                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                    SHA512

                                                                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                    Filesize

                                                                                                    11KB

                                                                                                    MD5

                                                                                                    462faaec190da1b069d9fa169c023ad3

                                                                                                    SHA1

                                                                                                    68d7c9e0b845dfcd4e0024dc3955fd57b413682f

                                                                                                    SHA256

                                                                                                    85cf5afed392bcd102b31fe756572066d2ef8696fae47785d29cc683cee21bf5

                                                                                                    SHA512

                                                                                                    4a48ae7ce518c502f6928bcec25dcea407619bcde9659d79d6c7faf70a8c1ef16369ccbc2fa1a1a2af936d3ea86e41d62836b493b2a765f6bc3869990ee4606c

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                    Filesize

                                                                                                    11KB

                                                                                                    MD5

                                                                                                    d32866fdf4e3d8c4911e454ece5745f7

                                                                                                    SHA1

                                                                                                    82f6c3889cb3a83c25ea688525d8853cd8ad3f4d

                                                                                                    SHA256

                                                                                                    8f4a175b83be937917e90c20e607c94a2f0e1494d15f2194b4144606d2f28d92

                                                                                                    SHA512

                                                                                                    6efb308703869be9adceb9ba2d9c1b7de7e2688e9d7eb5ceedd448b8183695c48a691c63b1cb3e600b772d8fb8af90cf6f517215668e4724be96db524f24112b

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                    Filesize

                                                                                                    11KB

                                                                                                    MD5

                                                                                                    30f89702775a8ff53a83ae502ca50e8d

                                                                                                    SHA1

                                                                                                    e57d3170c1b2421b75f6cff374fb1729fd7e841e

                                                                                                    SHA256

                                                                                                    f79e3fdb8948e7fa1adddaa9ab826b657f52942acca231893234df835f32377a

                                                                                                    SHA512

                                                                                                    cbe7e4d3670708397c8bc1ce2a7e762a2060cf3866b4f7495fb06fe642ccec342e39c7dc45344fb777c2ad71ed5384504fdca53f20d7fa1bd54d9da21a79a86c

                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\ff6b65de0e41d5bcb3b4ba09a6990c0f

                                                                                                    Filesize

                                                                                                    5.6MB

                                                                                                    MD5

                                                                                                    ff6b65de0e41d5bcb3b4ba09a6990c0f

                                                                                                    SHA1

                                                                                                    f962a1e4ec9c7d2ec4625be854fcb505e0be4427

                                                                                                    SHA256

                                                                                                    41f6a727a284fc75e82310a6c7ddb1b609c89cefccf3a25196623d4f9c524e36

                                                                                                    SHA512

                                                                                                    d6f6d8d62ec74d6b3800480152b98d66d78d5c528e305064bf1347bbc18177c2708a626cf7969377e9abc6a4e018ecaba046b3042419001bcc239ad263c0d435

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\VCRUNTIME140_1.dll

                                                                                                    Filesize

                                                                                                    37KB

                                                                                                    MD5

                                                                                                    75e78e4bf561031d39f86143753400ff

                                                                                                    SHA1

                                                                                                    324c2a99e39f8992459495182677e91656a05206

                                                                                                    SHA256

                                                                                                    1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e

                                                                                                    SHA512

                                                                                                    ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_bz2.pyd

                                                                                                    Filesize

                                                                                                    81KB

                                                                                                    MD5

                                                                                                    4101128e19134a4733028cfaafc2f3bb

                                                                                                    SHA1

                                                                                                    66c18b0406201c3cfbba6e239ab9ee3dbb3be07d

                                                                                                    SHA256

                                                                                                    5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80

                                                                                                    SHA512

                                                                                                    4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libffi-8.dll

                                                                                                    Filesize

                                                                                                    34KB

                                                                                                    MD5

                                                                                                    32d36d2b0719db2b739af803c5e1c2f5

                                                                                                    SHA1

                                                                                                    023c4f1159a2a05420f68daf939b9ac2b04ab082

                                                                                                    SHA256

                                                                                                    128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c

                                                                                                    SHA512

                                                                                                    a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\win32api.pyd

                                                                                                    Filesize

                                                                                                    130KB

                                                                                                    MD5

                                                                                                    1d6762b494dc9e60ca95f7238ae1fb14

                                                                                                    SHA1

                                                                                                    aa0397d96a0ed41b2f03352049dafe040d59ad5d

                                                                                                    SHA256

                                                                                                    fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664

                                                                                                    SHA512

                                                                                                    0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\win32gui.pyd

                                                                                                    Filesize

                                                                                                    212KB

                                                                                                    MD5

                                                                                                    3c81c0ceebb2b5c224a56c024021efad

                                                                                                    SHA1

                                                                                                    aee4ddcc136856ed2297d7dbdc781a266cf7eab9

                                                                                                    SHA256

                                                                                                    6085bc00a1f157c4d2cc0609e20e1e20d2572fe6498de3bec4c9c7bebcfbb629

                                                                                                    SHA512

                                                                                                    f2d6c06da4f56a8119a931b5895c446432152737b4a7ae95c2b91b1638e961da78833728d62e206e1d886e7c36d7bed3fa4403d0b57a017523dd831dd6b7117f

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\win32process.pyd

                                                                                                    Filesize

                                                                                                    52KB

                                                                                                    MD5

                                                                                                    936b26a67e6c7788c3a5268f478e01b8

                                                                                                    SHA1

                                                                                                    0ee92f0a97a14fcd45865667ed02b278794b2fdf

                                                                                                    SHA256

                                                                                                    0459439ef3efa0e0fc2b8ca3f0245826e9bbd7e8f3266276398921a4aa899fbd

                                                                                                    SHA512

                                                                                                    bfe37390da24cc9422cabbbbbc7733d89f61d73ecc3765fe494b5a7bd044e4ffb629f1bb4a28437fe9ad169ae65f2338c15d689f381f9e745c44f2741388860b

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\onefile_4636_133589110773609057\VCRUNTIME140.dll

                                                                                                    Filesize

                                                                                                    96KB

                                                                                                    MD5

                                                                                                    f12681a472b9dd04a812e16096514974

                                                                                                    SHA1

                                                                                                    6fd102eb3e0b0e6eef08118d71f28702d1a9067c

                                                                                                    SHA256

                                                                                                    d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

                                                                                                    SHA512

                                                                                                    7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\onefile_4636_133589110773609057\_ctypes.pyd

                                                                                                    Filesize

                                                                                                    120KB

                                                                                                    MD5

                                                                                                    6a9ca97c039d9bbb7abf40b53c851198

                                                                                                    SHA1

                                                                                                    01bcbd134a76ccd4f3badb5f4056abedcff60734

                                                                                                    SHA256

                                                                                                    e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535

                                                                                                    SHA512

                                                                                                    dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\onefile_4636_133589110773609057\_lzma.pyd

                                                                                                    Filesize

                                                                                                    154KB

                                                                                                    MD5

                                                                                                    337b0e65a856568778e25660f77bc80a

                                                                                                    SHA1

                                                                                                    4d9e921feaee5fa70181eba99054ffa7b6c9bb3f

                                                                                                    SHA256

                                                                                                    613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a

                                                                                                    SHA512

                                                                                                    19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\onefile_4636_133589110773609057\_socket.pyd

                                                                                                    Filesize

                                                                                                    76KB

                                                                                                    MD5

                                                                                                    8140bdc5803a4893509f0e39b67158ce

                                                                                                    SHA1

                                                                                                    653cc1c82ba6240b0186623724aec3287e9bc232

                                                                                                    SHA256

                                                                                                    39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769

                                                                                                    SHA512

                                                                                                    d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\onefile_4636_133589110773609057\psutil\_psutil_windows.pyd

                                                                                                    Filesize

                                                                                                    65KB

                                                                                                    MD5

                                                                                                    3cba71b6bc59c26518dc865241add80a

                                                                                                    SHA1

                                                                                                    7e9c609790b1de110328bbbcbb4cd09b7150e5bd

                                                                                                    SHA256

                                                                                                    e10b73d6e13a5ae2624630f3d8535c5091ef403db6a00a2798f30874938ee996

                                                                                                    SHA512

                                                                                                    3ef7e20e382d51d93c707be930e12781636433650d0a2c27e109ebebeba1f30ea3e7b09af985f87f67f6b9d2ac6a7a717435f94b9d1585a9eb093a83771b43f2

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\onefile_4636_133589110773609057\python3.dll

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                    MD5

                                                                                                    34e49bb1dfddf6037f0001d9aefe7d61

                                                                                                    SHA1

                                                                                                    a25a39dca11cdc195c9ecd49e95657a3e4fe3215

                                                                                                    SHA256

                                                                                                    4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

                                                                                                    SHA512

                                                                                                    edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\onefile_4636_133589110773609057\python311.dll

                                                                                                    Filesize

                                                                                                    5.5MB

                                                                                                    MD5

                                                                                                    9a24c8c35e4ac4b1597124c1dcbebe0f

                                                                                                    SHA1

                                                                                                    f59782a4923a30118b97e01a7f8db69b92d8382a

                                                                                                    SHA256

                                                                                                    a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

                                                                                                    SHA512

                                                                                                    9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\onefile_4636_133589110773609057\pywintypes311.dll

                                                                                                    Filesize

                                                                                                    131KB

                                                                                                    MD5

                                                                                                    90b786dc6795d8ad0870e290349b5b52

                                                                                                    SHA1

                                                                                                    592c54e67cf5d2d884339e7a8d7a21e003e6482f

                                                                                                    SHA256

                                                                                                    89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

                                                                                                    SHA512

                                                                                                    c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\onefile_4636_133589110773609057\select.pyd

                                                                                                    Filesize

                                                                                                    28KB

                                                                                                    MD5

                                                                                                    97ee623f1217a7b4b7de5769b7b665d6

                                                                                                    SHA1

                                                                                                    95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0

                                                                                                    SHA256

                                                                                                    0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790

                                                                                                    SHA512

                                                                                                    20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\onefile_4636_133589110773609057\test.exe

                                                                                                    Filesize

                                                                                                    9.6MB

                                                                                                    MD5

                                                                                                    5244aa93f4209963f6c63e1ef9dde0b9

                                                                                                    SHA1

                                                                                                    642219eec726127fe7fbe9ceb5e223dcf46fbe46

                                                                                                    SHA256

                                                                                                    aeca166d5d3da9e76957686ca8753e95b930d8508f825f3cc6b4bac28da6e142

                                                                                                    SHA512

                                                                                                    e510165f98b070ad3c202734833230779fd95585d28b0a9873afbb5022f488c85e935b7f366a92b89449b42106f4ed76997cac16994386560bd45021d368e28c

                                                                                                  • C:\Users\Admin\Downloads\Unconfirmed 360642.crdownload

                                                                                                    Filesize

                                                                                                    6.9MB

                                                                                                    MD5

                                                                                                    10bbd38c21ebf84fea97c3812d57d9c6

                                                                                                    SHA1

                                                                                                    293cec0d7f44151ffbf88dfe408265825f8bca9b

                                                                                                    SHA256

                                                                                                    83c4e5947870b7b9f06044624b420ddc9fbae6898a5c9b4420c3dbeaca508bb9

                                                                                                    SHA512

                                                                                                    a00ec8ed84b806c4aca8564354a6687da64b999d255df7fea4c38e6026c8a4cee665414e96d5e28904d051f4c1a6956193a96c12e52286d6d7f58f39bae8ac31

                                                                                                  • C:\Users\Admin\Downloads\Unconfirmed 729403.crdownload

                                                                                                    Filesize

                                                                                                    5.2MB

                                                                                                    MD5

                                                                                                    c52eec089b9dab56e69fa5f4d9350d8e

                                                                                                    SHA1

                                                                                                    e89b321198835baa1313dcd1b7eb71fc75eac6b7

                                                                                                    SHA256

                                                                                                    d1a0d760bf92479e176dbddb70669d9c3bcbcf8743c5601517682ee300a202de

                                                                                                    SHA512

                                                                                                    894f3ece52ba0fdb7bf5eb3b4a473df66230be894fc47ba2f5189a06ec5db252f0a215d6062514c5b467cdb498555ef03b2dd26d6a8d76a25e121bff67fb4677

                                                                                                  • memory/3580-1268-0x00007FFDE95B0000-0x00007FFDE95C0000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3580-1273-0x00007FFDE9830000-0x00007FFDE9860000-memory.dmp

                                                                                                    Filesize

                                                                                                    192KB

                                                                                                  • memory/3580-1257-0x00007FFDEC080000-0x00007FFDEC085000-memory.dmp

                                                                                                    Filesize

                                                                                                    20KB

                                                                                                  • memory/3580-1256-0x00007FFDEBFF0000-0x00007FFDEC020000-memory.dmp

                                                                                                    Filesize

                                                                                                    192KB

                                                                                                  • memory/3580-1255-0x00007FFDEBFF0000-0x00007FFDEC020000-memory.dmp

                                                                                                    Filesize

                                                                                                    192KB

                                                                                                  • memory/3580-1254-0x00007FFDEBFF0000-0x00007FFDEC020000-memory.dmp

                                                                                                    Filesize

                                                                                                    192KB

                                                                                                  • memory/3580-1252-0x00007FFDEBFF0000-0x00007FFDEC020000-memory.dmp

                                                                                                    Filesize

                                                                                                    192KB

                                                                                                  • memory/3580-1249-0x00007FFDEBE90000-0x00007FFDEBEA0000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3580-1253-0x00007FFDEBFF0000-0x00007FFDEC020000-memory.dmp

                                                                                                    Filesize

                                                                                                    192KB

                                                                                                  • memory/3580-1248-0x00007FFDEBE90000-0x00007FFDEBEA0000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3580-1258-0x00007FFDEB670000-0x00007FFDEB680000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3580-1266-0x00007FFDEB720000-0x00007FFDEB730000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3580-1265-0x00007FFDEB720000-0x00007FFDEB730000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3580-1264-0x00007FFDEB720000-0x00007FFDEB730000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3580-1263-0x00007FFDEB720000-0x00007FFDEB730000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3580-1262-0x00007FFDEB720000-0x00007FFDEB730000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3580-1261-0x00007FFDEB700000-0x00007FFDEB710000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3580-1260-0x00007FFDEB700000-0x00007FFDEB710000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3580-1259-0x00007FFDEB670000-0x00007FFDEB680000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3580-1267-0x00007FFDE95B0000-0x00007FFDE95C0000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3580-1271-0x00007FFDE9830000-0x00007FFDE9860000-memory.dmp

                                                                                                    Filesize

                                                                                                    192KB

                                                                                                  • memory/3580-1275-0x00007FFDE9830000-0x00007FFDE9860000-memory.dmp

                                                                                                    Filesize

                                                                                                    192KB

                                                                                                  • memory/3580-1274-0x00007FFDE9830000-0x00007FFDE9860000-memory.dmp

                                                                                                    Filesize

                                                                                                    192KB

                                                                                                  • memory/3580-1250-0x00007FFDEBFA0000-0x00007FFDEBFB0000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3580-1272-0x00007FFDE9830000-0x00007FFDE9860000-memory.dmp

                                                                                                    Filesize

                                                                                                    192KB

                                                                                                  • memory/3580-1270-0x00007FFDE96C0000-0x00007FFDE96D0000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3580-1269-0x00007FFDE96C0000-0x00007FFDE96D0000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3580-1251-0x00007FFDEBFA0000-0x00007FFDEBFB0000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3580-1276-0x00007FFDEB330000-0x00007FFDEB340000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3580-1282-0x00007FFDEB3E0000-0x00007FFDEB3EE000-memory.dmp

                                                                                                    Filesize

                                                                                                    56KB

                                                                                                  • memory/3580-1281-0x00007FFDEB3E0000-0x00007FFDEB3EE000-memory.dmp

                                                                                                    Filesize

                                                                                                    56KB

                                                                                                  • memory/3580-1280-0x00007FFDEB3E0000-0x00007FFDEB3EE000-memory.dmp

                                                                                                    Filesize

                                                                                                    56KB

                                                                                                  • memory/3580-1279-0x00007FFDEB3E0000-0x00007FFDEB3EE000-memory.dmp

                                                                                                    Filesize

                                                                                                    56KB

                                                                                                  • memory/3580-1278-0x00007FFDEB3E0000-0x00007FFDEB3EE000-memory.dmp

                                                                                                    Filesize

                                                                                                    56KB

                                                                                                  • memory/3580-1277-0x00007FFDEB330000-0x00007FFDEB340000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3580-1288-0x00007FFDEB320000-0x00007FFDEB32B000-memory.dmp

                                                                                                    Filesize

                                                                                                    44KB

                                                                                                  • memory/3580-1287-0x00007FFDEB320000-0x00007FFDEB32B000-memory.dmp

                                                                                                    Filesize

                                                                                                    44KB

                                                                                                  • memory/3580-1286-0x00007FFDEB320000-0x00007FFDEB32B000-memory.dmp

                                                                                                    Filesize

                                                                                                    44KB

                                                                                                  • memory/3580-1285-0x00007FFDEB320000-0x00007FFDEB32B000-memory.dmp

                                                                                                    Filesize

                                                                                                    44KB

                                                                                                  • memory/3580-1284-0x00007FFDEB300000-0x00007FFDEB310000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3580-1283-0x00007FFDEB300000-0x00007FFDEB310000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/5416-1243-0x0000000001000000-0x0000000001035000-memory.dmp

                                                                                                    Filesize

                                                                                                    212KB

                                                                                                  • memory/5416-1171-0x00000000735D0000-0x00000000737E0000-memory.dmp

                                                                                                    Filesize

                                                                                                    2.1MB

                                                                                                  • memory/5416-1134-0x00000000735D0000-0x00000000737E0000-memory.dmp

                                                                                                    Filesize

                                                                                                    2.1MB

                                                                                                  • memory/5416-1133-0x0000000001000000-0x0000000001035000-memory.dmp

                                                                                                    Filesize

                                                                                                    212KB