Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

RG_MagicBu...om.rar

windows10-1703-x64

3

RG_MagicBu...om.rar

windows10-2004-x64

8

RG_MagicBu...om.rar

windows11-21h2-x64

8

Analysis

  • max time kernel
    1799s
  • max time network
    1799s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/06/2024, 15:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RG_MagicBulletSuite2024_DownloadPirate.com.rar

  • Size

    345.5MB

  • MD5

    e45c92d2eb2e59f831bf397fc31359bb

  • SHA1

    0c6686f4a3e7b4bfef4714617f43abe55f3b5f96

  • SHA256

    b68381bcb0c705ba6f55c673f208bc21f3543e3727227eacd2fcb16605df3b16

  • SHA512

    cb8645d4e2c1018c0058a533d8c73e89f31cfd2877c130114ad07d8c96b01a5575b26ee924fad29c90849c08a42c3839460b02ad8c5e9ec3ce6a1af617d65c83

  • SSDEEP

    6291456:oIprhvDR7sWM6abl5rHtbGaoOy8t+quy1ATOULjrosJJlNd4WRyltBlt2wLrZwM6:o03gl5rNbtob8tN2iWfJLd4WRyjBjpSr

Score
8/10
adwarediscoveryevasionexecutionpersistenceprivilege_escalationstealertrojan

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Creates new service(s) 2 TTPs
    persistenceexecution
  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs
    persistence
  • Stops running service(s) 4 TTPs
    evasionexecution
  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 64 IoCs
  • Modifies file permissions 1 TTPs 4 IoCs
    discovery
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Checks system information in the registry 2 TTPs 30 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 12 IoCs
  • Launches sc.exe 12 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 11 IoCs
    evasion
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 5 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\RG_MagicBulletSuite2024_DownloadPirate.com.rar
    1⤵
    • Modifies registry class
    PID:228
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1972
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4884
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RG_MagicBulletSuite2024_DownloadPirate.com.rar"
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:5008
    • C:\Users\Admin\Desktop\Red Giant Magic Bullet Suite 2024.0\Maxon_App_2024.0.0_Win.exe
      "C:\Users\Admin\Desktop\Red Giant Magic Bullet Suite 2024.0\Maxon_App_2024.0.0_Win.exe"
      1⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2968
      • C:\Users\Admin\AppData\Local\Temp\7zS89B22DF9\Maxon App Installer.exe
        "C:\Users\Admin\AppData\Local\Temp\7zS89B22DF9\Maxon App Installer.exe"
        2⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:884
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp1c370b8c-c150-4367-a0cb-0a30ea8671a4\postflight\fuse-windows-postflight.bat""
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3360
          • C:\Windows\system32\icacls.exe
            icacls "C:\ProgramData\Red Giant" /t /grant *S-1-1-0:(OI)(CI)F
            4⤵
            • Modifies file permissions
            PID:1972
          • C:\Windows\system32\icacls.exe
            icacls "C:\ProgramData\Maxon" /t /grant *S-1-1-0:(OI)(CI)F
            4⤵
            • Modifies file permissions
            PID:1264
          • C:\Windows\system32\sc.exe
            "C:\Windows\system32\sc.exe" stop "Red Giant Service"
            4⤵
            • Launches sc.exe
            PID:744
          • C:\Windows\system32\timeout.exe
            timeout /T 5 /NOBREAK
            4⤵
            • Delays execution with timeout.exe
            PID:3104
          • C:\Windows\system32\sc.exe
            "C:\Windows\system32\sc.exe" delete "Red Giant Service"
            4⤵
            • Launches sc.exe
            PID:3680
          • C:\Windows\system32\timeout.exe
            timeout /T 5 /NOBREAK
            4⤵
            • Delays execution with timeout.exe
            PID:2552
          • C:\Windows\system32\sc.exe
            "C:\Windows\system32\sc.exe" create "Red Giant Service" binpath= "\"C:\Program Files\Red Giant\Services\Red Giant Service.exe\"" start= auto obj= "NT AUTHORITY\Localservice"
            4⤵
            • Launches sc.exe
            PID:4776
          • C:\Windows\system32\timeout.exe
            timeout /T 5 /NOBREAK
            4⤵
            • Delays execution with timeout.exe
            PID:2236
          • C:\Windows\system32\sc.exe
            "C:\Windows\system32\sc.exe" description "Red Giant Service" "Provides common services to Maxon products."
            4⤵
            • Launches sc.exe
            PID:4236
          • C:\Windows\system32\timeout.exe
            timeout /T 5 /NOBREAK
            4⤵
            • Delays execution with timeout.exe
            PID:4988
          • C:\Windows\system32\sc.exe
            "C:\Windows\system32\sc.exe" failure "Red Giant Service" reset= 0 actions= restart/60000
            4⤵
            • Launches sc.exe
            PID:4892
          • C:\Windows\system32\timeout.exe
            timeout /T 5 /NOBREAK
            4⤵
            • Delays execution with timeout.exe
            PID:1596
          • C:\Windows\system32\sc.exe
            "C:\Windows\system32\sc.exe" start "Red Giant Service"
            4⤵
            • Launches sc.exe
            PID:2528
          • C:\Windows\system32\timeout.exe
            timeout /T 10 /NOBREAK
            4⤵
            • Delays execution with timeout.exe
            PID:4392
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp1c370b8c-c150-4367-a0cb-0a30ea8671a4\preflight\fuse-windows-setup-preflight.bat""
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1724
          • C:\Windows\system32\icacls.exe
            icacls "C:\ProgramData\Maxon" /t /grant *S-1-1-0:(OI)(CI)F
            4⤵
            • Modifies file permissions
            PID:4188
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp266c4ba1-7f5d-4954-8e84-16d5303e7a12\postflight\vcredist-postflight.bat""
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4568
          • C:\Users\Admin\AppData\Local\Temp\tmp266c4ba1-7f5d-4954-8e84-16d5303e7a12\files\VC_redist.x64.19.exe
            "C:\Users\Admin\AppData\Local\Temp\tmp266c4ba1-7f5d-4954-8e84-16d5303e7a12\postflight\..\files\VC_redist.x64.19.exe" /quiet /norestart
            4⤵
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:2312
            • C:\Windows\Temp\{D27D9870-4C3C-403F-B641-68C404133D02}\.cr\VC_redist.x64.19.exe
              "C:\Windows\Temp\{D27D9870-4C3C-403F-B641-68C404133D02}\.cr\VC_redist.x64.19.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\tmp266c4ba1-7f5d-4954-8e84-16d5303e7a12\files\VC_redist.x64.19.exe" -burn.filehandle.attached=572 -burn.filehandle.self=580 /quiet /norestart
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:2856
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpd5a916f8-79cc-42ed-9f60-b80a8ae59c36\postflight\mxnotify-windows-postflight.bat""
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4520
          • C:\Windows\system32\taskkill.exe
            taskkill /F /IM MxNotify.exe
            4⤵
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:4924
          • C:\Windows\explorer.exe
            explorer.exe "C:\Program Files\Maxon\Tools\MxNotify.exe"
            4⤵
              PID:2452
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp4e65565a-6097-4411-ad71-143936dc80b9\postflight\mxredirect-windows-postflight.bat""
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:4632
            • C:\Windows\system32\icacls.exe
              icacls "C:\ProgramData\Maxon" /t /grant *S-1-1-0:(OI)(CI)F
              4⤵
              • Modifies file permissions
              PID:1280
            • C:\Windows\system32\sc.exe
              "C:\Windows\system32\sc.exe" stop "mxredirect"
              4⤵
              • Launches sc.exe
              PID:3084
            • C:\Windows\system32\timeout.exe
              timeout /T 2 /NOBREAK
              4⤵
              • Delays execution with timeout.exe
              PID:1812
            • C:\Windows\system32\sc.exe
              "C:\Windows\system32\sc.exe" delete "mxredirect"
              4⤵
              • Launches sc.exe
              PID:1828
            • C:\Windows\system32\timeout.exe
              timeout /T 2 /NOBREAK
              4⤵
              • Delays execution with timeout.exe
              PID:2168
            • C:\Windows\system32\sc.exe
              "C:\Windows\system32\sc.exe" create "mxredirect" binpath= "C:\Program Files\Maxon\Tools\mxredirect.exe" start= auto
              4⤵
              • Launches sc.exe
              PID:3680
            • C:\Windows\system32\timeout.exe
              timeout /T 2 /NOBREAK
              4⤵
              • Delays execution with timeout.exe
              PID:4988
            • C:\Windows\system32\sc.exe
              "C:\Windows\system32\sc.exe" description "mxredirect" "Manages scheme ownership for Maxon products."
              4⤵
              • Launches sc.exe
              PID:116
            • C:\Windows\system32\timeout.exe
              timeout /T 2 /NOBREAK
              4⤵
              • Delays execution with timeout.exe
              PID:5064
            • C:\Windows\system32\sc.exe
              "C:\Windows\system32\sc.exe" failure "mxredirect" reset= 0 actions= restart/60000
              4⤵
              • Launches sc.exe
              PID:3500
            • C:\Windows\system32\timeout.exe
              timeout /T 2 /NOBREAK
              4⤵
              • Delays execution with timeout.exe
              PID:4240
            • C:\Windows\system32\sc.exe
              "C:\Windows\system32\sc.exe" start "mxredirect"
              4⤵
              • Launches sc.exe
              PID:3280
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpe1ffa55b-69b7-428a-93ba-af5243fd8a8a\bin\install-mswebview.bat""
            3⤵
              PID:3472
              • C:\Program Files\Maxon\Tools\MicrosoftEdgeWebview2Setup.exe
                "C:\Program Files\Maxon\Tools\MicrosoftEdgeWebview2Setup.exe" /install
                4⤵
                • Executes dropped EXE
                • Drops file in Program Files directory
                PID:4396
                • C:\Program Files (x86)\Microsoft\Temp\EUDD48.tmp\MicrosoftEdgeUpdate.exe
                  "C:\Program Files (x86)\Microsoft\Temp\EUDD48.tmp\MicrosoftEdgeUpdate.exe" /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=true"
                  5⤵
                  • Event Triggered Execution: Image File Execution Options Injection
                  • Checks computer location settings
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Checks system information in the registry
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of AdjustPrivilegeToken
                  PID:4360
                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                    6⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Modifies registry class
                    PID:4020
                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                    6⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Modifies registry class
                    PID:2524
                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.145.49\MicrosoftEdgeUpdateComRegisterShell64.exe
                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.145.49\MicrosoftEdgeUpdateComRegisterShell64.exe"
                      7⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Modifies registry class
                      PID:4992
                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.145.49\MicrosoftEdgeUpdateComRegisterShell64.exe
                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.145.49\MicrosoftEdgeUpdateComRegisterShell64.exe"
                      7⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Modifies registry class
                      PID:1916
                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.145.49\MicrosoftEdgeUpdateComRegisterShell64.exe
                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.145.49\MicrosoftEdgeUpdateComRegisterShell64.exe"
                      7⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Modifies registry class
                      PID:4908
                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNDUuNDkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNDUuNDkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTIxQjQ5RkYtOTczNi00NEQ5LUIwNzQtRjczOTE1M0JEM0Y2fSIgdXNlcmlkPSJ7NkVEODFDNDktQThBMi00QzRELTgxNUYtMUI4OUFERDhDMTA3fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins0QkYzRDUxRi02MENCLTQwREItQjVGMi1CMERGODZERjUyQkR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0R4T2JqSEdhK25SYTJhdEMzd28rSUVwQzc4K1pZZUFVYmtYcERDMmNqN1U9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTQ1LjQ5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQ1MyIvPjwvYXBwPjwvcmVxdWVzdD4
                    6⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Checks system information in the registry
                    PID:4800
                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=true" /installsource otherinstallcmd /sessionid "{121B49FF-9736-44D9-B074-F739153BD3F6}"
                    6⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:2340
            • C:\Windows\explorer.exe
              explorer.exe "C:\Program Files\Maxon\App Manager\Maxon.exe"
              3⤵
                PID:2428
          • C:\Users\Admin\Desktop\Red Giant Magic Bullet Suite 2024.0\Maxon_App_2024.0.0_Win.exe
            "C:\Users\Admin\Desktop\Red Giant Magic Bullet Suite 2024.0\Maxon_App_2024.0.0_Win.exe"
            1⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:392
            • C:\Users\Admin\AppData\Local\Temp\7zS881BA4DB\Maxon App Installer.exe
              "C:\Users\Admin\AppData\Local\Temp\7zS881BA4DB\Maxon App Installer.exe"
              2⤵
              • Executes dropped EXE
              PID:1144
          • C:\Program Files\Red Giant\Services\Red Giant Service.exe
            "C:\Program Files\Red Giant\Services\Red Giant Service.exe"
            1⤵
            • Executes dropped EXE
            • Drops file in Windows directory
            • Modifies data under HKEY_USERS
            PID:4804
          • C:\Windows\explorer.exe
            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
            1⤵
            • Suspicious use of WriteProcessMemory
            PID:1360
            • C:\Program Files\Maxon\Tools\MxNotify.exe
              "C:\Program Files\Maxon\Tools\MxNotify.exe"
              2⤵
              • Executes dropped EXE
              PID:4384
          • C:\Program Files\Maxon\Tools\mxredirect.exe
            "C:\Program Files\Maxon\Tools\mxredirect.exe"
            1⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:1752
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks system information in the registry
            • Modifies data under HKEY_USERS
            PID:4776
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C47DDB1D-B4EA-46BB-BC5A-0CA129EF776C}\MicrosoftEdge_X64_126.0.2592.61.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C47DDB1D-B4EA-46BB-BC5A-0CA129EF776C}\MicrosoftEdge_X64_126.0.2592.61.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
              2⤵
              • Executes dropped EXE
              • Drops file in Program Files directory
              PID:5016
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C47DDB1D-B4EA-46BB-BC5A-0CA129EF776C}\EDGEMITMP_62D66.tmp\setup.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C47DDB1D-B4EA-46BB-BC5A-0CA129EF776C}\EDGEMITMP_62D66.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C47DDB1D-B4EA-46BB-BC5A-0CA129EF776C}\MicrosoftEdge_X64_126.0.2592.61.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                3⤵
                • Executes dropped EXE
                • Drops file in Program Files directory
                PID:4628
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C47DDB1D-B4EA-46BB-BC5A-0CA129EF776C}\EDGEMITMP_62D66.tmp\setup.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C47DDB1D-B4EA-46BB-BC5A-0CA129EF776C}\EDGEMITMP_62D66.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.62 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C47DDB1D-B4EA-46BB-BC5A-0CA129EF776C}\EDGEMITMP_62D66.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.61 --initial-client-data=0x128,0x124,0x120,0x100,0x11c,0x7ff6b253aa40,0x7ff6b253aa4c,0x7ff6b253aa58
                  4⤵
                  • Executes dropped EXE
                  PID:3332
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNDUuNDkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNDUuNDkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTIxQjQ5RkYtOTczNi00NEQ5LUIwNzQtRjczOTE1M0JEM0Y2fSIgdXNlcmlkPSJ7NkVEODFDNDktQThBMi00QzRELTgxNUYtMUI4OUFERDhDMTA3fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1RkVGMjlFNi1FMzZELTQ1RUYtOTMwMi1EOTU0M0MyM0I4QTN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyNi4wLjI1OTIuNjEiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy83MTM2OWRmNC05ZTlmLTRhMWItOWFmOC05YThiNWFhNDU0OGQ_UDE9MTcxOTUwMjU4MyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1QRHJ4Rm1zVHJkMDdQOVpab2ZrSWRFZ3I5RXJxdVhMNHhYYjRWWEVpbkxOaTBDZk8lMmZvaFBpeTFUSmFKQU9yQkZxUDZUTm5FUDhvTGc5TVNMUDFkTHNRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBkb3dubG9hZGVkPSIxNzI5MDc0ODAiIHRvdGFsPSIxNzI5MDc0ODAiIGRvd25sb2FkX3RpbWVfbXM9IjE3MjgxIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc291cmNlX3VybF9pbmRleD0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI3NTAiIGRvd25sb2FkX3RpbWVfbXM9IjIzMzQ0IiBkb3dubG9hZGVkPSIxNzI5MDc0ODAiIHRvdGFsPSIxNzI5MDc0ODAiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQyNTQ3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
              2⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Checks system information in the registry
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:4252
          • C:\Windows\explorer.exe
            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
            1⤵
              PID:2168
              • C:\Program Files\Maxon\App Manager\Maxon.exe
                "C:\Program Files\Maxon\App Manager\Maxon.exe"
                2⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Checks whether UAC is enabled
                PID:4516
                • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe
                  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Maxon.exe --webview-exe-version=2024.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=4516.3976.761824187150232950
                  3⤵
                  • Checks computer location settings
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Checks system information in the registry
                  • Drops file in Program Files directory
                  • Enumerates system info in registry
                  • Modifies data under HKEY_USERS
                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                  • System policy modification
                  PID:1424
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.62 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=126.0.2592.61 --initial-client-data=0x178,0x17c,0x180,0x154,0x188,0x7ffb40320148,0x7ffb40320154,0x7ffb40320160
                    4⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:2276
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView" --webview-exe-name=Maxon.exe --webview-exe-version=2024.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,8512872196014732693,10842601666162166046,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1824 /prefetch:2
                    4⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:2724
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView" --webview-exe-name=Maxon.exe --webview-exe-version=2024.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1876,i,8512872196014732693,10842601666162166046,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1824 /prefetch:3
                    4⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:2892
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView" --webview-exe-name=Maxon.exe --webview-exe-version=2024.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2024,i,8512872196014732693,10842601666162166046,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:8
                    4⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:1772
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView" --webview-exe-name=Maxon.exe --webview-exe-version=2024.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3620,i,8512872196014732693,10842601666162166046,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3644 /prefetch:1
                    4⤵
                    • Checks computer location settings
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:1972
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView" --webview-exe-name=Maxon.exe --webview-exe-version=2024.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4004,i,8512872196014732693,10842601666162166046,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:8
                    4⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:5652
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView" --webview-exe-name=Maxon.exe --webview-exe-version=2024.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4824,i,8512872196014732693,10842601666162166046,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2128 /prefetch:8
                    4⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:5832
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView" --webview-exe-name=Maxon.exe --webview-exe-version=2024.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=2128,i,8512872196014732693,10842601666162166046,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2144 /prefetch:8
                    4⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:3400
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView" --webview-exe-name=Maxon.exe --webview-exe-version=2024.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4980,i,8512872196014732693,10842601666162166046,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4392 /prefetch:8
                    4⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:5272
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView" --webview-exe-name=Maxon.exe --webview-exe-version=2024.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=5004,i,8512872196014732693,10842601666162166046,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5000 /prefetch:8
                    4⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:5484
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView" --webview-exe-name=Maxon.exe --webview-exe-version=2024.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5088,i,8512872196014732693,10842601666162166046,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4708 /prefetch:8
                    4⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Suspicious behavior: EnumeratesProcesses
                    PID:5532
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView" --webview-exe-name=Maxon.exe --webview-exe-version=2024.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=5068,i,8512872196014732693,10842601666162166046,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5000 /prefetch:8
                    4⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:5432
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView" --webview-exe-name=Maxon.exe --webview-exe-version=2024.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=4668,i,8512872196014732693,10842601666162166046,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4272 /prefetch:8
                    4⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:5784
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView" --webview-exe-name=Maxon.exe --webview-exe-version=2024.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=5000,i,8512872196014732693,10842601666162166046,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4800 /prefetch:8
                    4⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:5972
                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe
                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView" --webview-exe-name=Maxon.exe --webview-exe-version=2024.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=5028,i,8512872196014732693,10842601666162166046,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4528 /prefetch:8
                    4⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:6132
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3956,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=3708 /prefetch:8
              1⤵
                PID:5392
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                1⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Checks system information in the registry
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:5224
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                1⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Checks system information in the registry
                • Modifies data under HKEY_USERS
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:5352
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3000F8AA-08D6-4447-AE92-73EE94122DDF}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3000F8AA-08D6-4447-AE92-73EE94122DDF}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe" /update /sessionid "{C87B32E4-0E72-4803-B73A-8F332AF6F060}"
                  2⤵
                  • Executes dropped EXE
                  • Drops file in Program Files directory
                  PID:3648
                  • C:\Program Files (x86)\Microsoft\Temp\EUE493.tmp\MicrosoftEdgeUpdate.exe
                    "C:\Program Files (x86)\Microsoft\Temp\EUE493.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{C87B32E4-0E72-4803-B73A-8F332AF6F060}"
                    3⤵
                    • Event Triggered Execution: Image File Execution Options Injection
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Checks system information in the registry
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1316
                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                      4⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Modifies registry class
                      PID:4240
                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                      4⤵
                      • Executes dropped EXE
                      • Modifies registry class
                      PID:5604
                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
                        5⤵
                        • Executes dropped EXE
                        • Modifies registry class
                        PID:728
                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
                        5⤵
                        • Executes dropped EXE
                        • Modifies registry class
                        PID:3160
                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
                        5⤵
                        • Executes dropped EXE
                        • Modifies registry class
                        PID:1880
                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNDUuNDkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Qzg3QjMyRTQtMEU3Mi00ODAzLUI3M0EtOEYzMzJBRjZGMDYwfSIgdXNlcmlkPSJ7NkVEODFDNDktQThBMi00QzRELTgxNUYtMUI4OUFERDhDMTA3fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7RTRFNzk5OTEtQTRCRi00MjRBLTk2MDAtMEI1RjE2RURGMzQwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDUuNDkiIG5leHR2ZXJzaW9uPSIxLjMuMTg3LjQxIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNDIiIGluc3RhbGxkYXRldGltZT0iMTcxNTE5NTMwMyIgY29ob3J0PSJycmZAMC41NSI-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE1MjkyNDgxMDUiLz48L2FwcD48L3JlcXVlc3Q-
                      4⤵
                      • Executes dropped EXE
                      • Checks system information in the registry
                      PID:5660
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNDUuNDkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNDUuNDkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Qzg3QjMyRTQtMEU3Mi00ODAzLUI3M0EtOEYzMzJBRjZGMDYwfSIgdXNlcmlkPSJ7NkVEODFDNDktQThBMi00QzRELTgxNUYtMUI4OUFERDhDMTA3fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntFQ0M0QkQzMC1FMTE0LTQxNDAtQkFCMi1FM0M2NEE1MTI3Qzd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDUuNDkiIG5leHR2ZXJzaW9uPSIxLjMuMTg3LjQxIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0tdGFyZ2V0X2RldiIgaW5zdGFsbGFnZT0iNDIiIGNvaG9ydD0icnJmQDAuNTUiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy80YWQ5Y2I2ZS04MjQ1LTRlNDctYjI5OC0xZmY0YjA0MjU2ZTE_UDE9MTcxOTUwMjkwOSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1iY2UlMmZ3ZWc1YkppbmxYWmdTaGolMmJHdXlWYXp2OUI3ZkMxWFlGVDcxV3U0eUNSZFZIalc1b3lKN0NldWY0RUMlMmJmc0JxOTclMmZ2b295dThGMnB3UlZNNkZ3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBkb3dubG9hZGVkPSIxNjM0Mzc2IiB0b3RhbD0iMTYzNDM3NiIgZG93bmxvYWRfdGltZV9tcz0iNTE2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHNvdXJjZV91cmxfaW5kZXg9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxwaW5nIHI9IjQzIiByZD0iNjMzNyIgcGluZ19mcmVzaG5lc3M9InswMDlDRTQ1Mi1FQzdBLTQzMEQtOEU1OS1DQ0UwRDIxNjZGMkN9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjEyNC4wLjI0NzguODAiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI0MiI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSI0MyIgYWQ9Ii0xIiByZD0iNjMzNyIgcGluZ19mcmVzaG5lc3M9InswODFEQTIzQS00OTgzLTRBRTktOEI2Ni05QzNGREFFQzAyNjN9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyNi4wLjI1OTIuNjEiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZT0iNjM3NyI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSItMSIgYWQ9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7NzlGNkE1QTMtMzg1Ny00QThGLThENkUtRjg2MkFDQzU4MkE4fSIvPjwvYXBwPjwvcmVxdWVzdD4
                  2⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Checks system information in the registry
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of AdjustPrivilegeToken
                  PID:648
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                1⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:1996
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                1⤵
                • Executes dropped EXE
                • Checks system information in the registry
                • Drops file in Program Files directory
                • Modifies data under HKEY_USERS
                PID:1924
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNDUuNDkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjU5MzhBQjItOUQzRC00OTc0LTlEN0QtOUJBRkI4MDJDODlGfSIgdXNlcmlkPSJ7NkVEODFDNDktQThBMi00QzRELTgxNUYtMUI4OUFERDhDMTA3fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RTNFMjQ3MDQtRUY4Qi00NjU4LUFCM0ItMUMxOUVDQUZDODYzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O2hWZkRqTWRGRzZGZ0tzME56NmVtcllDU2c2VFF2RFBvbW9sUmF5UVhCSzQ9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI0MyIgaW5zdGFsbGRhdGV0aW1lPSIxNzE1MTcxMjQwIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNTk2NDM3NTI3NDg1MjAxIiBmaXJzdF9mcmVfc2Vlbl90aW1lPSIxMzM1OTY0NTg1Mjk4MDE4NjQiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMzExMTg5IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDUyMTEyMzMxNCIvPjwvYXBwPjwvcmVxdWVzdD4
                  2⤵
                  • Executes dropped EXE
                  • Checks system information in the registry
                  PID:2008
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A60303E3-0E4C-4697-98F5-AB9323935965}\BGAUpdate.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A60303E3-0E4C-4697-98F5-AB9323935965}\BGAUpdate.exe" --edgeupdate-client --system-level
                  2⤵
                  • Executes dropped EXE
                  • Adds Run key to start application
                  PID:1256
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNDUuNDkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjU5MzhBQjItOUQzRC00OTc0LTlEN0QtOUJBRkI4MDJDODlGfSIgdXNlcmlkPSJ7NkVEODFDNDktQThBMi00QzRELTgxNUYtMUI4OUFERDhDMTA3fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntBRTdBNjQyOS05NEJFLTQ1NjAtQjZFQy1BNzIyRUEzRTAyODl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7MUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMi4wLjAuMzQiIGxhbmc9IiIgYnJhbmQ9IkVVRkkiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDUyOTI0ODI4OSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NTI5NDA0Mjc5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NTc0ODczMTE1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNWYxOTU2MTItMzg0YS00OGVhLTg0MDgtYjRlZGU5ZGM1NmJiP1AxPTE3MTk1MDMyMTEmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9YnlHSWxZMnhBdEtJWDAlMmJReFBCbCUyZjhjWlZPQzBOYWFIM3Z0clFFeGV0c3VqZkZQNlZ1VThibE9mUVZtRHVQNVA5c0hFUzJPME8zRzYzUjYlMmZMJTJiVzE3USUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIxNiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NTc0ODczMTE1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcxOTUwMzIxMSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1ieUdJbFkyeEF0S0lYMCUyYlF4UEJsJTJmOGNaVk9DME5hYUgzdnRyUUV4ZXRzdWpmRlA2VnVVOGJsT2ZRVm1EdVA1UDlzSEVTMk8wTzNHNjNSNiUyZkwlMmJXMTdRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTgwNDQ0NDgiIHRvdGFsPSIxODA0NDQ0OCIgZG93bmxvYWRfdGltZV9tcz0iNDI2NSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NTc0ODczMTE1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQ1ODA4MTA3NjgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDU4NDI0ODEzNyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjI4MSIgZG93bmxvYWRfdGltZV9tcz0iNDUxNSIgZG93bmxvYWRlZD0iMTgwNDQ0NDgiIHRvdGFsPSIxODA0NDQ0OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMzQ0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                  2⤵
                  • Executes dropped EXE
                  • Checks system information in the registry
                  PID:1456
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                1⤵
                • Executes dropped EXE
                • Checks system information in the registry
                • Modifies data under HKEY_USERS
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:4084
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0ACF566A-AD05-4CA4-AE9B-964895410ABC}\MicrosoftEdge_X64_126.0.2592.61.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0ACF566A-AD05-4CA4-AE9B-964895410ABC}\MicrosoftEdge_X64_126.0.2592.61.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                  2⤵
                  • Executes dropped EXE
                  PID:3680
                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0ACF566A-AD05-4CA4-AE9B-964895410ABC}\EDGEMITMP_B896C.tmp\setup.exe
                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0ACF566A-AD05-4CA4-AE9B-964895410ABC}\EDGEMITMP_B896C.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0ACF566A-AD05-4CA4-AE9B-964895410ABC}\MicrosoftEdge_X64_126.0.2592.61.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                    3⤵
                    • Boot or Logon Autostart Execution: Active Setup
                    • Executes dropped EXE
                    • Installs/modifies Browser Helper Object
                    • Drops file in Program Files directory
                    • Modifies Internet Explorer settings
                    • Modifies registry class
                    • Suspicious use of AdjustPrivilegeToken
                    • System policy modification
                    PID:5456
                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0ACF566A-AD05-4CA4-AE9B-964895410ABC}\EDGEMITMP_B896C.tmp\setup.exe
                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0ACF566A-AD05-4CA4-AE9B-964895410ABC}\EDGEMITMP_B896C.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.62 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0ACF566A-AD05-4CA4-AE9B-964895410ABC}\EDGEMITMP_B896C.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.61 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff6d2ffaa40,0x7ff6d2ffaa4c,0x7ff6d2ffaa58
                      4⤵
                      • Executes dropped EXE
                      • Drops file in Program Files directory
                      PID:4292
                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0ACF566A-AD05-4CA4-AE9B-964895410ABC}\EDGEMITMP_B896C.tmp\setup.exe
                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0ACF566A-AD05-4CA4-AE9B-964895410ABC}\EDGEMITMP_B896C.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
                      4⤵
                      • Executes dropped EXE
                      • Drops file in System32 directory
                      PID:3160
                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0ACF566A-AD05-4CA4-AE9B-964895410ABC}\EDGEMITMP_B896C.tmp\setup.exe
                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0ACF566A-AD05-4CA4-AE9B-964895410ABC}\EDGEMITMP_B896C.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.62 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0ACF566A-AD05-4CA4-AE9B-964895410ABC}\EDGEMITMP_B896C.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.61 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff6d2ffaa40,0x7ff6d2ffaa4c,0x7ff6d2ffaa58
                        5⤵
                        • Executes dropped EXE
                        PID:4508
                    • C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.61\Installer\setup.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.61\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
                      4⤵
                      • Executes dropped EXE
                      • Drops file in Program Files directory
                      PID:3220
                      • C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.61\Installer\setup.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.61\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.62 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.61\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.61 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7dfe3aa40,0x7ff7dfe3aa4c,0x7ff7dfe3aa58
                        5⤵
                        • Executes dropped EXE
                        PID:3760
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNDUuNDkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTBDRTMyQTYtMUNDOS00OEFFLUIwOUUtQkJCQ0NBRjlCRDlFfSIgdXNlcmlkPSJ7NkVEODFDNDktQThBMi00QzRELTgxNUYtMUI4OUFERDhDMTA3fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntBMTFCNEY5Mi1CMjQ0LTQ3MTktOEQ5OS01NzRDNERERkExRjZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7aFZmRGpNZEZHNkZnS3MwTno2ZW1yWUNTZzZUUXZEUG9tb2xSYXlRWEJLND0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4Ny40MSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJJc09uSW50ZXJ2YWxDb21tYW5kc0FsbG93ZWQ9LXRhcmdldF9kZXY7UHJvZHVjdHNUb1JlZ2lzdGVyPSU3QjFGQUI4Q0ZFLTk4NjAtNDE1Qy1BNkNBLUFBN0QxMjAyMTk0MCU3RCIgaW5zdGFsbGFnZT0iNDIiIGNvaG9ydD0icnJmQDAuNTUiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjYzODAiIHBpbmdfZnJlc2huZXNzPSJ7OTdBMzQyM0YtNkJGMy00NUIzLUIwMEQtRDIyNUNBNzMyRUJCfSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSIxMjQuMC4yNDc4LjgwIiBuZXh0dmVyc2lvbj0iMTI2LjAuMjU5Mi42MSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSI0MiIgb29iZV9pbnN0YWxsX3RpbWU9IjE4NDQ2NzQ0MDczNzA5NTUxNjA2IiB1cGRhdGVfY291bnQ9IjEiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1OTY0NTg1NTE4NTc3MDAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0OTE5NTYwNTQ3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0OTE5NzE2OTA0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0OTQ1ODEwNTgzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0OTU4Nzc5NDM2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNTMwOTI0ODM1MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjMxMyIgZG93bmxvYWRlZD0iMTcyOTA3NDgwIiB0b3RhbD0iMTcyOTA3NDgwIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMiIgaW5zdGFsbF90aW1lX21zPSIzNTA0NyIvPjxwaW5nIGFjdGl2ZT0iMCIgcmQ9IjYzODAiIHBpbmdfZnJlc2huZXNzPSJ7RTUyMTNBRTAtQUMyQy00MUZELUJCMkQtRDBDMkNCNDg0ODZBfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjYuMC4yNTkyLjYxIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2Mzc3IiBjb2hvcnQ9InJyZkAwLjg0IiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNjMzNzE0NTE2NDkyNTIwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMCIgcmQ9IjYzODAiIHBpbmdfZnJlc2huZXNzPSJ7RUY1QTEyNDAtMDk3My00MEVCLUJDOUYtNUZGQkQ0N0UxOTI0fSIvPjwvYXBwPjwvcmVxdWVzdD4
                  2⤵
                  • Checks system information in the registry
                  PID:756

              Network

              MITRE ATT&CK Enterprise v15

              Reconnaissance

              Resource Development

              Initial Access

              Execution

              System Services

              2
              T1569

              Service Execution

              2
              T1569.002

              Persistence

              Boot or Logon Autostart Execution

              2
              T1547

              Active Setup

              1
              T1547.014

              Registry Run Keys / Startup Folder

              1
              T1547.001

              Browser Extensions

              1
              T1176

              Create or Modify System Process

              2
              T1543

              Windows Service

              2
              T1543.003

              Event Triggered Execution

              2
              T1546

              Component Object Model Hijacking

              1
              T1546.015

              Image File Execution Options Injection

              1
              T1546.012

              Privilege Escalation

              Boot or Logon Autostart Execution

              2
              T1547

              Active Setup

              1
              T1547.014

              Registry Run Keys / Startup Folder

              1
              T1547.001

              Create or Modify System Process

              2
              T1543

              Windows Service

              2
              T1543.003

              Event Triggered Execution

              2
              T1546

              Component Object Model Hijacking

              1
              T1546.015

              Image File Execution Options Injection

              1
              T1546.012

              Defense Evasion

              File and Directory Permissions Modification

              1
              T1222

              Impair Defenses

              1
              T1562

              Modify Registry

              5
              T1112

              Credential Access

              Discovery

              Query Registry

              5
              T1012

              System Information Discovery

              5
              T1082

              Lateral Movement

              Collection

              Command and Control

              Exfiltration

              Impact

              Service Stop

              1
              T1489

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.61\Installer\setup.exe
                Filesize

                6.5MB

                MD5

                f9e45fe262a291c37f52e1baf1cbb75c

                SHA1

                2c3a47de71610e3ad80e34fa7d0af9690d56d8ea

                SHA256

                76974a5e0e00af7c5d759a30b04ec614e819a4fcbe418fb1312b0426b87d0b26

                SHA512

                a7ea36dc3c2322f5bdc97ed4c2cf4d1a6d8261f80ad774155e557127b0b3491aa6fa9bab14bc2f65d483bb9a3680ff0c8f8920b0920b3058e0aa5f992b22f94c

                Download Submit

              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe
                Filesize

                17.2MB

                MD5

                3f208f4e0dacb8661d7659d2a030f36e

                SHA1

                07fe69fd12637b63f6ae44e60fdf80e5e3e933ff

                SHA256

                d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b

                SHA512

                6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740

                Download Submit

              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.41\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
                Filesize

                1.6MB

                MD5

                a9ad77a4111f44c157a1a37bb29fd2b9

                SHA1

                f1348bcbc950532ac2b48b18acd91533f3ac0be2

                SHA256

                200a59abdeb32cc4d2cec4079be205f18b5f45bae42acb7940151f9780569889

                SHA512

                68f58a15ef5ba5d49d8476bee4a488e9a721f703a645ddd29148915d555ca2eb451635c3b762e5a0f786d69bb5cba9bffac3eeee196f1ec7ad669e2d729fe898

                Download Submit

              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0ACF566A-AD05-4CA4-AE9B-964895410ABC}\EDGEMITMP_B896C.tmp\SETUP.EX_
                Filesize

                2.6MB

                MD5

                ee18b680b1f0ee5dfbb02ff022df7594

                SHA1

                7a07366bd7eae804cf0c88ae9ad69cb5e9601213

                SHA256

                da4c9db214517f8efbb3630be9b4eb6487a39eacedda40018ff01f5a221f19f8

                SHA512

                46e74c99eada1ea40c024dabf1bcbb5e1baec85ea96cc4c93a32b6c2cd83730b0353af469f2b0e098e72f48dd774363261758bfd1276b354d60eb5fd9432f509

                Download Submit

              • C:\Program Files (x86)\Microsoft\Temp\EUDD48.tmp\MicrosoftEdgeUpdate.exe
                Filesize

                209KB

                MD5

                d7d541bd3dd228ad24dadfc4089b0704

                SHA1

                3fe7399267cf9bce649922d8ea0be9a5ffa77f67

                SHA256

                cedade653a1e8d68809199c87a65a7a69fb360f67177262e651253cf0316b842

                SHA512

                aca02d3bc55b7301257c56232b899145ad3266c210997d9eae664a0c6b6796e646a93db012e0a1b0d446cd64c55f916ab6f9a822b7b6b5faabfb75e3b5e3f011

                Download Submit

              • C:\Program Files (x86)\Microsoft\Temp\EUDD48.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                Filesize

                203KB

                MD5

                d51ad58ff2e702fcf54e5580c3d5195b

                SHA1

                cf65da922713ee8507fd7976ebf4786b83d194c4

                SHA256

                e14aa9b45f08b41fa555568396b38c3cef3827ce46c95ac1c34b34fb65cb20a9

                SHA512

                c9d40c6c22a9115162b34b24fe24f8da5c263b634067ace2822e6cc3206c01a546ed1df3dde09e31cdd86d0b175dddf696e9a5fea63987175c187428056f9e3d

                Download Submit

              • C:\Program Files (x86)\Microsoft\Temp\EUDD48.tmp\MicrosoftEdgeUpdateCore.exe
                Filesize

                237KB

                MD5

                b6e0a6427151dfaeca0fc7d84b6e9523

                SHA1

                a03f31f6a8e0fc7f386993a8e8082c383b41a438

                SHA256

                f70cddb720fb4e482704693af2fb2cd862c8ca324a13cb009d8ed30c95184f23

                SHA512

                6a4c673c12a7b8970a6920b4d832fb42680f2b277a832f28f2c41d57821cf7e8a46f562ec6783b81b7eff71365af0f713230a454793396518578c5536d124c29

                Download Submit

              • C:\Program Files (x86)\Microsoft\Temp\EUDD48.tmp\msedgeupdate.dll
                Filesize

                2.5MB

                MD5

                0c9199555050145619d3adb0b9c86d90

                SHA1

                e290a258869bb45a52c3cec13cfe042c6cd411f7

                SHA256

                eaca58832f1c5d40db402d8165997893be10c42f86b372ab253c66cdacef1cf7

                SHA512

                ca71932635875224d1cf439294065db925d1c46609b529b589e1ee874f24f2a838a366fc083e42444f8e1ff0eba6ae0c8db6e43ced9eb6c15897d2308d8b2bd1

                Download Submit

              • C:\Program Files (x86)\Microsoft\Temp\EUDD48.tmp\msedgeupdateres_en.dll
                Filesize

                26KB

                MD5

                cb78d1e912542bc2299cece8348c9f52

                SHA1

                70f35b8fc2ee00e8f47b67e8b3b8cc018cd4e29d

                SHA256

                9b432eb71b7b94dbe7e9890ad112f1570a74221eb766d5b40c105daa03697b8c

                SHA512

                fb58db15d3a258a85a3e93a8cc752ccc3d42655f9ab7d9730afa1ac2a301555f37f5a15daf10933d32b2c8e566acafa2a267ffc7103814e7fe924733c54ce9d6

                Download Submit

              • C:\Program Files\Red Giant\Services\msvcr110.dll
                Filesize

                829KB

                MD5

                7c3b449f661d99a9b1033a14033d2987

                SHA1

                6c8c572e736bc53d1b5a608d3d9f697b1bb261da

                SHA256

                ae996edb9b050677c4f82d56092efdc75f0addc97a14e2c46753e2db3f6bd732

                SHA512

                a58783f50176e97284861860628cc930a613168be70411fabafbe6970dcccb8698a6d033cfc94edf415093e51f3d6a4b1ee0f38cc81254bdccb7edfa2e4db4f8

                Download Submit

              • C:\Program Files\chrome_Unpacker_BeginUnzipping1424_1025324396\manifest.json
                Filesize

                76B

                MD5

                ba25fcf816a017558d3434583e9746b8

                SHA1

                be05c87f7adf6b21273a4e94b3592618b6a4a624

                SHA256

                0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

                SHA512

                3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

                Download Submit

              • C:\Program Files\chrome_Unpacker_BeginUnzipping1424_2080989199\manifest.fingerprint
                Filesize

                66B

                MD5

                0c9218609241dbaa26eba66d5aaf08ab

                SHA1

                31f1437c07241e5f075268212c11a566ceb514ec

                SHA256

                52493422ac4c18918dc91ef5c4d0e50c130ea3aa99915fa542b890a79ea94f2b

                SHA512

                5d25a1fb8d9e902647673975f13d7ca11e1f00f3c19449973d6b466d333198768e777b8cae5becef5c66c9a0c0ef320a65116b5070c66e3b9844461bb0ffa47f

                Download Submit

              • C:\Program Files\chrome_Unpacker_BeginUnzipping1424_2080989199\manifest.json
                Filesize

                134B

                MD5

                58d3ca1189df439d0538a75912496bcf

                SHA1

                99af5b6a006a6929cc08744d1b54e3623fec2f36

                SHA256

                a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

                SHA512

                afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

                Download Submit

              • C:\ProgramData\Maxon\.service\analytics.db
                Filesize

                24KB

                MD5

                10edea4ee1040c44abc59b9dcf380da1

                SHA1

                00db6a4f5867b0095b47db27f29f473d3d2e15df

                SHA256

                371a851127cbc51c47722088dc40fe41014f9a32986d8bbe2b4f1a80fadcc450

                SHA512

                fcc780922882d611bcbb282e3471ba23baccbbe6a3963960df9ea803879bd0d94b73c2808c8f99aa200ee7f5ad497f48a2f8c46b3714946fa770a98c03f13b6d

                Download Submit

              • C:\ProgramData\Maxon\App Manager\Documentation\Acknowledgements\Acknowledgements.txt
                Filesize

                25KB

                MD5

                5bb76b62151333328f4002471f9398fc

                SHA1

                bb34c4b834637c21d003ae5a7db2c0fd9350c499

                SHA256

                b17849ae3cdd873980d244f2d24cef476723447ccfb3c86af5cf05feb6b37c49

                SHA512

                0ceb06ca64af35882db4001ce82087efde313828af6d0849e7bb331ca35ab540b6531bfd923c1cd4c14768c228b7c6a09df6695126c245208e2ccaa4d7466a8d

                Download Submit

              • C:\ProgramData\Maxon\Logs\maxon-service.log
                Filesize

                2KB

                MD5

                b283a4de2d3c556b3618eb79c90fa2f8

                SHA1

                9412dbc55f2e1126f4baddd6ca071027bccefdac

                SHA256

                0f1a83ae4c1dc455b8826b0fd2c1d163a16ac9777a46ef92ae805a59ffbf6a6b

                SHA512

                f62daffd19905b9fe823b356ce0142ff936955ea81d66ce5d4c07666122b090e87d601e6342fa4995c98e58b3dd766183dbd25b07acd8568d5d6c8b193861768

                Download Submit

              • C:\ProgramData\Maxon\Logs\maxon-service.log
                Filesize

                3KB

                MD5

                8269206e526ad4641fd56d61207f5fb0

                SHA1

                cf9c0315ab12da16095268d41df3624bdd4c3c71

                SHA256

                cef7da7a49af8a3e4fc1f74ac9506e300ab535d94a5215fc4399874072c1c2f9

                SHA512

                42bac8fedc68c0b4562f57e15cb823c7211c0511424b9e1d32bc5e343633041b5cbd776a6ea7c3fd31d6cf92d4d63c2e7670bce9fb07ae4213a3d25b8108fc36

                Download Submit

              • C:\ProgramData\Maxon\Service\logging.config
                Filesize

                591B

                MD5

                c3a4abf0c560ee2cd2bb10c842d1d0a3

                SHA1

                0dddb52041664986885a70afd0a5be3eacebfead

                SHA256

                8295adc7f4ba17385a1dc77be707a8d70ed2a1e090cc6369199a48d318aa1123

                SHA512

                28c2622ba0d0a0bb269df5a1d016380eb201ba91060b06b9a0bd0326f31392e2e39f2f76f54dc544bed5a58290ae3cbdc31e901a8453d94b32c9b3fb133cbfd3

                Download Submit

              • C:\ProgramData\Maxon\Service\net.maxon.service.floating.cfg
                Filesize

                118B

                MD5

                7382df3436e28823e7705418f7f9fef3

                SHA1

                e241409ea6b1cc4e6fa0a4e61d19f07792d992f5

                SHA256

                71c8e273d1cc4de2d7bff87d6fe13f77e4071afcfa5972acab0d501d7348c5e8

                SHA512

                59b7435e97eca653295d361636e4e58f989717560063cfd9d065bf78bbdd051b539c21dee3c027966748ffb1fe6771eb932a5a9453886b5867156e9ee626bdbe

                Download Submit

              • C:\ProgramData\Maxon\Service\preferences\client.prefs
                Filesize

                384B

                MD5

                c949262e59029c6c1da9407e9d2ba473

                SHA1

                4e34b98b9d6b3730420eff38d2d7b2bf08f1838a

                SHA256

                4bc0955c25432ada9f350f3746934f81519e3c8bdfc5432ca297f30e44b0348f

                SHA512

                f9208ab3f7c18e11c433d7df8c92fc0d597e5af4d74a1bcc5c95ed47a3f8c3f56c8e1e76885231d705a10ead0a086c1d9d1d33c4b195c3e3becbab45eb0c15e7

                Download Submit

              • C:\ProgramData\Maxon\Service\preferences\client.prefs_save
                Filesize

                148B

                MD5

                d509b622851c509adaa88a5e6dfb0e24

                SHA1

                1e674f172d253f1e70651ab934f94a84533ba3be

                SHA256

                e83162cbbead45ff9fa871a76c8d10ddbafa230746ae23e0666d9693cec09b57

                SHA512

                430ae775ec9549302f822bb59e002d350c1da09ca8e0ca52fdd5719be76f3764f3296477651e08d03278abd2a5a8bf9746290983fe8c929b8814a800b2cb4d4d

                Download Submit

              • C:\ProgramData\Maxon\Service\preferences\dialog.prefs_save
                Filesize

                70B

                MD5

                df43f42739fa48dfee1072cbd43cce38

                SHA1

                4d4b57b61d13b23c5c7d0deba10144c398eda28b

                SHA256

                baddf5451e44d85bf81e190d55c8e400d27bf1d7f04fff73ef9b8e32b513987e

                SHA512

                586233d551f2d62cfd691e0c5baa7d7749a5c718a54d821f6fd97097399d892db2f0f81b185b838bfed0fc4792f6b65fccc8e2c4290bd808b22be48acbb322d5

                Download Submit

              • C:\ProgramData\Maxon\Service\preferences\last_paths.prefs_save
                Filesize

                67B

                MD5

                2377e68d0f1ca2a07c0664618c9768d5

                SHA1

                d27e9704b6960d70f9a7aa85c178345201e4e9ef

                SHA256

                655181fbaae52a419f0700e04e8e7c1e3ce0a3c63c6245c965b72b575aa2cfa5

                SHA512

                fb59a3dd99e5b85b0662e95a3dfdaf0a1d293cc65c3fa56b778e85bba5aeb21b8f7ae544069c271c218c1fcc57044c20eb77e76cefd52e285135809fe35f418e

                Download Submit

              • C:\ProgramData\Maxon\Service\preferences\session.prefs_save
                Filesize

                158B

                MD5

                de0caa208052c910098e7618f1378eb3

                SHA1

                154b7b6be2906637985a73ad2f6d8a9e626e4b25

                SHA256

                499b23e780391860c7e73bc993e4ba299c2f68d4ae9f1ac5a5a9f3214fb824f2

                SHA512

                51a313f00bad9b1dd87c8aff6e9d6e0aac6672ee4856e403c1af0109043a78b0de5efc6cdb2257ba7b9e34dddabed6bfad48bd8ad5d7b6c8ad85b869bc1cbad5

                Download Submit

              • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                Filesize

                191KB

                MD5

                82a59832291b455d62a5791f3e4de513

                SHA1

                9916c5d66aacad7377c29846aaff2a17e02bc280

                SHA256

                ffbc169a6c02454f23e572a73bb7ef3189647c1e28e3d7f7b14b2ad3a19376ab

                SHA512

                ece19cad714872b34965e05d8c90de878fb6c5f061b1842d45c8ccaef6b3d4f46f57624715d9ce1a8d9386e533e9d31b33a6a9146ad4e1a67e535d58eaa61469

                Download Submit

              • C:\ProgramData\Red Giant\Logs\Maxon App Installer.log
                Filesize

                7KB

                MD5

                1ca17cda9639526423f3b18714b5f9fa

                SHA1

                17d9660045bb7740f40c1224feb579bb31a503e2

                SHA256

                768c32c80f64926efd6638db719b0ca464a8707b0a52695143a3f0d90bf4bd90

                SHA512

                4741e2ba94786efefcf75be734aff43ea7d0224309c1ae4a586ed08b97d0d84e6362eb12dd7088bd951bce08b8b62d5a85954db066c148b2edfbbd4c4f5f8eda

                Download Submit

              • C:\ProgramData\Red Giant\uninstall\uninstall-net.maxon.app-manager_v2024.0.0.bat
                Filesize

                884B

                MD5

                61556c5b8e45f33bfaa3e64cfa114e89

                SHA1

                3941d8359aa83704a2603afc02fe0bb692c88beb

                SHA256

                a7d9241bea63864d171b253a0429c4a27b297c40fe84fc1eed6ae6331d2179fc

                SHA512

                0380979a3558dcdbfffe622c726698809a11e46ad9313141c0a4a5c09256854164f240709001133824fe668755efd323a11b78a4d80e5393155e2b8127f3ebb3

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json
                Filesize

                3KB

                MD5

                6bbb18bb210b0af189f5d76a65f7ad80

                SHA1

                87b804075e78af64293611a637504273fadfe718

                SHA256

                01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

                SHA512

                4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\Crashpad\settings.dat
                Filesize

                280B

                MD5

                7ec3287729ac2c51d6d3650cfcc67a8c

                SHA1

                bd4bddd43ed4e45de3842a30924c186d3d134db4

                SHA256

                1a7d5c10cc157b3d88fce0ddd3ed3822cd334911f56fe82bfb7aacfae2527bee

                SHA512

                0b726bdb14bdfc16e4d82c53d197bc43c5932e04970ea0d013c518203456387f4fa63eda29db578ecce2b4ba3d0766b093d1fa343f7fd917b054925a0c213fd0

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\Default\6d252f2c-20d2-4848-b839-7af9a7452a99.tmp
                Filesize

                6KB

                MD5

                7c7614f1108c8bb7f12a21485665906b

                SHA1

                f0b33d8a1a2bb63f470ad1b88bbe227e5991aa95

                SHA256

                f21c608cffcf9b7e31ea45fa64346624716ceb0c9c6bbdf183c13ab1114266dd

                SHA512

                5a40fe8f017ef10df1840df9ca8d7ee4f546186a9578ea2da519b7079d144773a76b92e5409f1fba4b2a306f111782aa8b3cf721fb2578e933eb32d59dcf76e0

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                Filesize

                168B

                MD5

                26b608d6091489877cdd36a555eeab2a

                SHA1

                e6c8bb0d0b940a3749035f0262aae3f98d2a37c8

                SHA256

                79af5b6fccfce2c98cfd516ff7e2e1ed5d84e8744e03ee7bdf67224ebc3ef487

                SHA512

                a943c35459e201b446d1722623ca222b0dd24a0f87b895522b5b4ef0b6c14f4aadef8bfd8095f8215d6c2d4c86bcbf3d312368f8b8dd479d3b57bb43bafd5a81

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5e9141.TMP
                Filesize

                48B

                MD5

                3d7478f6027f0963604a6676f10dcad8

                SHA1

                b4c7f4b2413390e8282da0c05a2aae1c24972c07

                SHA256

                473cbaf8c420b219dac83d92bd994c931c4f332b2ed268ee03a892940804b576

                SHA512

                eb11abd443747bc0084da8a79cfe0aecf28c7785425945e071926dbcf34cb7d19edd6d536c18da4fe8a2f333d13a175f447b654dfb4e3503faba7ccc47028e2b

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\Default\Extension Rules\CURRENT
                Filesize

                16B

                MD5

                46295cac801e5d4857d09837238a6394

                SHA1

                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                SHA256

                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                SHA512

                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\Default\Network\Network Persistent State
                Filesize

                111B

                MD5

                285252a2f6327d41eab203dc2f402c67

                SHA1

                acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                SHA256

                5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                SHA512

                11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\Default\Network\Network Persistent State~RFe5f44f1.TMP
                Filesize

                59B

                MD5

                2800881c775077e1c4b6e06bf4676de4

                SHA1

                2873631068c8b3b9495638c865915be822442c8b

                SHA256

                226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                SHA512

                e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\Default\Network\SCT Auditing Pending Reports
                Filesize

                2B

                MD5

                d751713988987e9331980363e24189ce

                SHA1

                97d170e1550eee4afc0af065b78cda302a97674c

                SHA256

                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                SHA512

                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\Default\Preferences
                Filesize

                6KB

                MD5

                257ac7e717f620a0de1262482eea5daa

                SHA1

                10b019a6761d5171d07e45eb70b5e47cbbd62e23

                SHA256

                571c180d999e45eafae0cf26e0938cf0df925d907a7b3f3f9c30091059fcea7c

                SHA512

                469ad945c5a88ac5b82a6d6f4ae9698af435ef9456b0bd7b0355483ab7aafb48d2e9795e90ccd2591d980d1d3835b067dc85a6dd95224addb3d2d314a885fa9b

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\Default\Site Characteristics Database\MANIFEST-000001
                Filesize

                41B

                MD5

                5af87dfd673ba2115e2fcf5cfdb727ab

                SHA1

                d5b5bbf396dc291274584ef71f444f420b6056f1

                SHA256

                f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                SHA512

                de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\GrShaderCache\data_0
                Filesize

                8KB

                MD5

                cf89d16bb9107c631daabf0c0ee58efb

                SHA1

                3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                SHA256

                d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                SHA512

                8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\GrShaderCache\data_2
                Filesize

                8KB

                MD5

                0962291d6d367570bee5454721c17e11

                SHA1

                59d10a893ef321a706a9255176761366115bedcb

                SHA256

                ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                SHA512

                f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\GrShaderCache\data_3
                Filesize

                8KB

                MD5

                41876349cb12d6db992f1309f22df3f0

                SHA1

                5cf26b3420fc0302cd0a71e8d029739b8765be27

                SHA256

                e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                SHA512

                e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\GraphiteDawnCache\data_1
                Filesize

                264KB

                MD5

                d0d388f3865d0523e451d6ba0be34cc4

                SHA1

                8571c6a52aacc2747c048e3419e5657b74612995

                SHA256

                902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

                SHA512

                376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\Local State
                Filesize

                1KB

                MD5

                f08e7be8ab2dcd03e717b925bf72adb7

                SHA1

                7a24209d3d8e86f372bffefc869e0d5887eb5978

                SHA256

                4758c1ce1bc3864446429a718380a40465bfb6440e9a9c1672899ea9c93a405d

                SHA512

                804ae476fcf20343a46e59e777b6f3cf3ad5f583d92e51374a2764a92e8c3f527554b2b5980a47a0fb9423d05c1d42f3e0b303db6c52b9f87feeadb4ef18a0d0

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\Local State
                Filesize

                2KB

                MD5

                12408f3decf92310295de2aa5273e5f3

                SHA1

                8b08f5591645e33523459594837f0e4ac8801e8e

                SHA256

                58c8c4a22620bbb822d7588c00641dcf41a5b5e8e07b64dbb67932cef5a06266

                SHA512

                a5e62f43eef619643d61ec7f53aa5191f980e4637f6afa7f217f2588d077cce091ef54e76e1ca733de8b6dc4c0b6be54a40370f265cbc75239bde16b56569584

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\Local State
                Filesize

                3KB

                MD5

                96de377595b751a97e99ecfadc348928

                SHA1

                44d036bcee5233fdef5de3bbc5a3dbdb6668b4cd

                SHA256

                a8310229f6e69dfc623b5b482de3c271e940a2a3f420b7e9ed0fdc050718862d

                SHA512

                2f825e12ee17d1dfee0eea9d40db08c046adbe1877e47b86e74f02b21b7854911633a9be0e9b24a619aa23a646374f67a468e094a99441f53c394946fa0e2a90

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\Local State
                Filesize

                17KB

                MD5

                641f066357b44b7566ab6ffdef357065

                SHA1

                1b63ac08bebcffc321de2e62e775717235a5080f

                SHA256

                aa887b95787420a6ce9c02bc4069abcfa5adf9c2e0e8169977d8dc8684c9880f

                SHA512

                a65e1dbc7da638855fe356a29840aed1823f2293d766300122ff25c8ddc2ea7779c71677d9cf04456e97902ae295c1436bcdc4c87c193a3a21817af48ed0d8a1

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\Local State
                Filesize

                18KB

                MD5

                d7cd4aa8d7a78b228be01324d9b971b5

                SHA1

                5c2ba8140a1f18d9f89fdee3322f9f7562db069a

                SHA256

                ded61407ef1ec287532acbccae0d2f3bc80f9e75ce174cb8b71a96340207cbf2

                SHA512

                12ca468b75a238b54e549dfdd99b65ce8a1982ba00c6a33993ebf0ed2a800ceb1a91bfe95628feb26ff9269a9c38054c7065f9f7dc24f73f58ac221cebf84b6e

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\Local State
                Filesize

                16KB

                MD5

                101b191bc270e0ee50583e07eba16062

                SHA1

                680494e89b23bbfe11ba8a281aa113447d0989ca

                SHA256

                46e4ff9630f64d2eec86816850369d4373ee0b7e44c8a3b6a2843d221eaac563

                SHA512

                7a45f6ce4d76fc2f75d99c118c451ead7561e8b538dff23fa1f173046f0a793d7ba87a3fb4827ae8c5b53f88b781a334e4c850da6c135801661d2c23845111f4

                Download Submit

              • C:\Users\Admin\AppData\Local\MaxonApp\UserData\EBWebView\Local State~RFe5e1e25.TMP
                Filesize

                1KB

                MD5

                4e4824775fd8bf38edcbd0e2dce273b1

                SHA1

                1742fe35a150c329d815a8b2c6d79d9afc824d47

                SHA256

                faf9392d70afef13940da63d4cffcc0e46ad9cadf37b76439913ce20a1ae5720

                SHA512

                34bd01685d4c038f2a560d36a2fe31ccb054fdc66c15e447b604f4f7c3770f1eae0b739a9bc9df7ab11eada7dcc3e934d2c2e3f1c366f3e8bfb3b6ee511f5b71

                Download Submit

              • C:\Users\Admin\AppData\Local\Red Giant\Analytics\EventTransferAEGP\global.cfg
                Filesize

                536B

                MD5

                395d7b68a23ad8da1c7ea9494b3aa10d

                SHA1

                899c137b05eb22291ffb73a8a7e0f3119ca5cb6c

                SHA256

                4f326db7ba4fd3e8ff63d6221940c82154bfa5b797b5780f7f6277354a531098

                SHA512

                eccc010d2fba7b48f48de8dd92f397d5a6aea450b8e8ccf46afc199e9f93afff5dc6aaac4f18ad12abba8a9ac2b0b05d689dcab0c9d3599fed66a14d5f3c034b

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\7zS89B22DF9\Maxon App Installer.exe
                Filesize

                2.7MB

                MD5

                3f2bd91f5599fc8fd1cde587a04043a1

                SHA1

                aadf112495df0f4943df7ff068eaa2c6d851cea9

                SHA256

                93b519d27ce74f48279c5a79e5854bc5b715bcb2da878fe84e2ac781e657faf4

                SHA512

                4353e462e5baa9a6e541df38e6d71976e71a1ec9d5def67b94d8f00a1436894bbcec146a0a065f81ef54f0c7159695049e52780e6a6856e4df71c50e452c85cc

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\7zS89B22DF9\packages\com.redgiant.app.zip
                Filesize

                7.6MB

                MD5

                eb7b62227fe7e580f45d8053482e03e0

                SHA1

                29108a3661e9d60d216b201f6015efb2faa06a06

                SHA256

                b8d5a92404144fd6a7cdc23dd8a43763a4d99101906daa1fd582d4047e6d4e0c

                SHA512

                dbc9896522f2ba976f5d35a82e4b146dc52c6c97dafc6cf2e9e54caaa808db0fc5604ebff849b69e906327b0790e1ac3d2cffa039e9a27f8076ee417ea051c61

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\7zS89B22DF9\packages\com.redgiant.rguninstaller.zip
                Filesize

                308KB

                MD5

                e4140afe17992f0ea15af49ce4d66ab4

                SHA1

                44f779594d6b14c44402b90369d269a95d7caead

                SHA256

                a790b38e30d6a95f90ee128123ac456d1e983992af468bb1bbbe448f15e73e97

                SHA512

                71bfa6b480cd5733b9c78d4372c8e5aa30caf9e6beac840396dcc8b4ad8874159570cef6703e56380dfd43344c98c19ef1e5b25d00a98aade72a83185dfa947f

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\7zS89B22DF9\packages\com.redgiant.service.zip
                Filesize

                5.8MB

                MD5

                9106431ef779b6a7535bb6d7ffbed648

                SHA1

                30676650227027c8660f449af17914e206e23991

                SHA256

                9feac96364f1f620c9354a533a54f8b76852c3e2c40f14e3f1cd9806bb599462

                SHA512

                004692f533e7b81647b110fbef968e092108dccf0a31a14d449de3c648e782bc61808f5dc6d984f7db712d73d7f85b6d605859dfe19a5a0569557d98451f8293

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\7zS89B22DF9\packages\com.redgiant.vcredist-x64-2012.zip
                Filesize

                6.7MB

                MD5

                aeb14989912373ca03240f5a602698d3

                SHA1

                8a38a68263ad15b94e6c51bb2b6a6b395a7ea53c

                SHA256

                e731ced39949bea3631b4d765248051190f52140d1e9dcf50c3265406d71969d

                SHA512

                20bdd9add6fbc73e6b720d9f277862431d4d44e2a1d4b593e75ceb4d2294a7585ff846612ffccda0e9e49c6ee36f57979a79dcc348994c9c65f21f6e30872a7c

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\7zS89B22DF9\packages\com.redgiant.vcredist-x64-2019.zip
                Filesize

                14.0MB

                MD5

                fc8bb9bd7715fe146a04c058a72f3958

                SHA1

                7b770f0e63b86a67dd5cc78c3e9903b403cd18e4

                SHA256

                be75aec2f9bcadd75be44aa89069427f51fe2ddeb0374db6818fbb332fc65275

                SHA512

                628de889d581625ad76b9c545715615736f1f0e7e9ac6910d7e0c2d8fa5b979469ba8dee72248d1dcf02fda4a5565631d2863752066a21c9bc5ddd10b9aebf4a

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\7zS89B22DF9\packages\net.maxon.app.json
                Filesize

                354B

                MD5

                7a2a04830f74027c386c971c5bfe5bd1

                SHA1

                190d98f779d0cfa398e8fbb4e2b8f508da339553

                SHA256

                0d67cee1656cdf3789f4aae55f5a83b1acbb60c6668c86dcf4d83d9665bd260f

                SHA512

                ac2656624bd206e034d87fce090ef1a0a58ff21f6f56d12f99eed3f2b136a906bff7b0a4cb429391a2f0d2268949e415793db8c0367fd7b07fee9ddd9695077f

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\7zS89B22DF9\packages\net.maxon.mxnotify.zip
                Filesize

                409KB

                MD5

                c0be78971c747d08c55e747296f407f1

                SHA1

                4f48e6c64cb532db1d18563298e23214eba7ea73

                SHA256

                e7c232c2dc3f2f62300adcd008ddf3936d155624bd2795d03a9adfd8aa84618e

                SHA512

                b55bf05bf9bba41b01cda4d7845a7a481dc0499f8ca8b951c7b2f3ee71bc8aceee6fcf917872a51e5dc0cadae888d3070884842cb17497189f69ae6049ba1a1e

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\7zS89B22DF9\packages\net.maxon.mxredirect.zip
                Filesize

                314KB

                MD5

                0b29f9c5f816c884b266079f7437fdc8

                SHA1

                581190c1a3f0b497e5d7e0a93c878e40342c947b

                SHA256

                5f60528ce0bd72496606c2f141b85998a876834fd17ad8dc039db47959913503

                SHA512

                9c71f408f42cb858771ccd5734362498903345afff103cb0512144f741b4e85b2b09586f5dfb363d02fb72356a23e8774d5d956ef8ee8b3b60acad904969add2

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\7zS89B22DF9\packages\net.maxon.neutrino.mswebview.installer.zip
                Filesize

                1.6MB

                MD5

                bd9922ec6c8389b55d8879dfb915c40f

                SHA1

                b4d77cde12d82833d5fcaa472be9293c7d05e1ef

                SHA256

                fab3b2ed7c4f6f67c1ec33a6c724e2f7e5ef2a7bc05cd9d3de50a2a1472bbb5a

                SHA512

                abc0bfe127325cf4b6093470c8450553a70bc66c03145029db7986d70e1e137904321c6b96934148a7c8f19e8e4f65acd3267a831a38c03ae80b2abd8c66f1cd

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp04d1b3c4-87a4-4b19-9c77-fd19b343d2e3\app\Maxon.exe
                Filesize

                11.3MB

                MD5

                d7c218bae5f27c25af0d19fdba2a46a1

                SHA1

                09be45a0e3be6f831079eb12fde4673ddf3bdc9a

                SHA256

                0055a91eb5df4183d97010db45f234a155ce271fc9082e15a34430808bad1e73

                SHA512

                849c7fa7bf4039e863dfe987b253c27b3937b820e82dee866c3b77f9b7225cc72a00b6f4bb197fbbdffb19c68b68124c1928665d7407233a1e101b3c98aa3577

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp04d1b3c4-87a4-4b19-9c77-fd19b343d2e3\app\rga-uninstaller-helper.exe
                Filesize

                698KB

                MD5

                f78cddf69715e25a7af7c3b9b56f244f

                SHA1

                3bb6c8d849b12118b86ea2a888aeefe82d536e4f

                SHA256

                b040716acd5f3c92ede67fe4903eff0cd62ae2905f8d4e19397cc0891da21814

                SHA512

                f12f8b162ae1622a4eb73f3d703fcd01f2996dfee68a7ca8d50bde23a8616e6531fcc2f72b0c5a260aa68d683148abd3bc94954d90336c8b05e8b96f4d2bfb5f

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp04d1b3c4-87a4-4b19-9c77-fd19b343d2e3\app\rgdeploy.exe
                Filesize

                1.8MB

                MD5

                ec519ddb892f726741ea454c36799ab3

                SHA1

                2cdf2a2777084f45ad0dec3d71a158ace2a0e9d1

                SHA256

                e95fc49a5da780fc363f6427c32b9c6d746c13b54d5fa6b567771641318fe59a

                SHA512

                e918742f4172c67f71cc1cd61aefa99f02a58b7e4fa5314b7d1f209f7ffb492c03cb864d8f6d5e48785caf83f760fe324f406d3256e259c2ec6aa7a552eebbda

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp04d1b3c4-87a4-4b19-9c77-fd19b343d2e3\app\uninstall-appmanager.bat
                Filesize

                1KB

                MD5

                fbf11c65bd839cf80fc0d2fd9b2ae19c

                SHA1

                820c5cde78199b53c85758a1de1f42e92dbb853e

                SHA256

                27dc1a433c3457ea2920f340de7662b7ea0f1fa066b0d63377d7d5fa919ceb98

                SHA512

                2d631555d01b7104539a7dd4c50fdcc9d3955fb2f57ae848e639050f990406a7148922c5129160d2d0c18e885c6e392437b845b6398b816afea51ebc7fbdd01a

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp04d1b3c4-87a4-4b19-9c77-fd19b343d2e3\translations\mxa_en-US.json
                Filesize

                29KB

                MD5

                316aa5125309f257b079f5ab87ec168f

                SHA1

                a7f9d276138c7cd8554de661216d0e275a723fc4

                SHA256

                6cc3925e156ef0ffa7e7a687f403436aacc67e86aefc9624bece8be7ec867df1

                SHA512

                8bd34ea9663f30151f81e37fdac9ea4f7f1add7a3e22f2d5484d00e6cb2a5b4914a45599ff7bd1c45a8d90e90628cfc40bead13030ff486a589d1cf8b6ad34b3

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp04d1b3c4-87a4-4b19-9c77-fd19b343d2e3\translations\mxa_ja-JP.json
                Filesize

                35KB

                MD5

                8c3d7eacd7f7bbe557f8913f900d38cf

                SHA1

                ffaf488516aff7387cd874dbf3e590d86135a6af

                SHA256

                c5bdca69feeafaecb5fa147df35ebaa91750a2b6a956d901abe4c573ecc6edc9

                SHA512

                22ce74c47e807eadca0907440f9505d9940f730146801a3545ac3fdb0ed337537e1165df392623596f4016a92d0e60f763ddf51bcd124c6f4e2fbb9740661d09

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp04d1b3c4-87a4-4b19-9c77-fd19b343d2e3\translations\mxa_zh-CN.json
                Filesize

                25KB

                MD5

                83baff8120022aeaa0b75dc8df9fde95

                SHA1

                91b63bf237c6c1982f157c0e86f53c7044e72d1b

                SHA256

                ffc196f6fed35328b982bdcd455cfbfff9eebc5e40bec9ef90aa2985323e1170

                SHA512

                4e69ebc0840951bd6392f55e395d26e28168ab2509793e12f138c488f40a55a1a33f3fef137df390e08a7124c4ff89903511bf9de6eb4821ace97eec22555ee0

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp1c370b8c-c150-4367-a0cb-0a30ea8671a4\app\Red Giant Service.exe
                Filesize

                10.8MB

                MD5

                0a5a4fd8d9e284c95dbcd40717529f44

                SHA1

                d5a73955a5fc4709d48fe441f56184e31bc2a57e

                SHA256

                d820f5a51a718a32296be7a36dabf4c42f6fcf22d16e6e2eaccccd8ad87f96b9

                SHA512

                932074a73176ddc7b9e3dff650b479ac57824e2e5116203189f5bbe650a0a6460cd94f64d517aae8bc9e5829f50fd9993f26940d7ee9343fdcac184ca689c1e2

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp1c370b8c-c150-4367-a0cb-0a30ea8671a4\app\uninstall-maxon-service.bat
                Filesize

                1KB

                MD5

                0458eaf2fc13c745121436de121e743b

                SHA1

                9787955d5f8a3f923ac621492bcac9ca178fc3d1

                SHA256

                3b0933f37b5d665b3d386bf661813b9efa6f018dfebdd9203c10c13f4c68535b

                SHA512

                441e57898fe9cb7ca9488f1f34e2c2bfd0033867cce3a666389e0ae4866cef24644cb2f7b03676b89405ee8ea6d502d5d2c51265bc153867fc222766d8ca2134

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp1c370b8c-c150-4367-a0cb-0a30ea8671a4\documentation\acknowledgements.txt
                Filesize

                56KB

                MD5

                9ab666120c65ad27426995b1af297a48

                SHA1

                5995af88672c1994efbe59f545d2aad6252df1bd

                SHA256

                eb1d0f2daa1f8e4a8f0f3c9c6fd281878e16ccf4f9d5c2bb00626281e40dc205

                SHA512

                085245871e99906630b5044044cf92b1e643eba6aba57fe3a5e64b0b156389701e95efe5e39c0e566064381a72b8b8f42d52b8c37ba9b17f7b733e4a76662b01

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp1c370b8c-c150-4367-a0cb-0a30ea8671a4\fusewindow\FuseWindow.dll
                Filesize

                259KB

                MD5

                a71e41ad46a251d27df41b0cdae0e0da

                SHA1

                04e16855c997e25acab07092487590fb44176750

                SHA256

                73fa89177adee0ad06ed89646f659914b702d4894b34ea198571f8e1ab55ec1d

                SHA512

                8cec5a0ef770c9bed13abec23bea5804ae21bc6c7fe5974719e6f1cc96c1a6fd62b9e1c46eeda2e8c49dea6743fffc5651587f25b32cca14d2e712feec43eb35

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp1c370b8c-c150-4367-a0cb-0a30ea8671a4\postflight\fuse-windows-postflight.bat
                Filesize

                819B

                MD5

                7c3cf64ccf4db3ac83e16a23e4eb3b10

                SHA1

                0ce03bb05771c8866fa32261f4e48446a4bdb33f

                SHA256

                bbb6448d5cef00e6a6a5317a5abf3fd9cae9bb6751908900baf06445bc42bd5b

                SHA512

                fec5a6001c60f8711f9c41fd6cc5dac5aba5cfc9f34d682bb43651dc5598991c51462d5c48ac900a24e12721855659ba343c2a0f1078c39470a0ed31ba8c186d

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp1c370b8c-c150-4367-a0cb-0a30ea8671a4\preflight\fuse-windows-setup-preflight.bat
                Filesize

                115B

                MD5

                5c78f14f9915a2ce2c0cd7ec5010d1ae

                SHA1

                e999de38e67515c9cd41cfdb54e216c4efc415ca

                SHA256

                c7bc0bd1d332f9018a35d95b361d3e13253aa53e3c167672c0039a4d8ce5216c

                SHA512

                04ee4d2d1e815b1fe6f8e245e77b8d7e76c9d96e18a584550b198ac50f7e361369f6b0f43d661b51dd9b8618e9e3454664a53ccef2a6c01591063332de07c5e6

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp1c370b8c-c150-4367-a0cb-0a30ea8671a4\resources\all-products-manifest.json
                Filesize

                24KB

                MD5

                f1ec9c2f98d6cafb6f2aa713cc5eb3f3

                SHA1

                f984e7d1eb09a63158871ebbe4fc336fe4be375c

                SHA256

                e43a6dd7d4c71260970bd03d54be127b1315780a8a16639ca1c5b76db6d458f7

                SHA512

                26f88b8142c8104bbe5a0db93d6537653175243d656b9bb24e9e7a32b01b6fc8713210234c347b1772c6d0e2d5ce0a4e1eef887b4be902db271c27a4291c72ff

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp1c370b8c-c150-4367-a0cb-0a30ea8671a4\resources\logging.config
                Filesize

                601B

                MD5

                e52f73d520c7751bbe46ef28ffbbf05c

                SHA1

                43f676a2e44178f0fcd618f09cbcef2071ed686e

                SHA256

                79fed1056f270b628c3ae02f569cfae28dc4e4fcef847b81435e8278a912cc71

                SHA512

                3baf34faca6814a4cc80673917660ea52ff34603d2bba0550d4bc62881e765ebbcc1969e599c1601b18f27eefdbbb37bef497e91548b6ecbfdd37ff34fc4ca0f

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp1c370b8c-c150-4367-a0cb-0a30ea8671a4\tools\SerialFiller.exe
                Filesize

                589KB

                MD5

                1604766c127c21ab3434a24a6bd21493

                SHA1

                a4dd9845a8827ee1e89a4111d73b4ea73714fb3e

                SHA256

                20e6aedbc28a142c1275e2ee4b69ab8ed3f3d51e4bb7712e0d6174cb64bdec0c

                SHA512

                726468d4b28c654e0e469bd4618003ec80ea80d16371e3d6048f440bb32160a74705f5b4e01b58452d9fbd539db52305d133afe8cb8288b5634dffa6ebed60aa

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp1c370b8c-c150-4367-a0cb-0a30ea8671a4\tools\mx1.exe
                Filesize

                1.3MB

                MD5

                2903de10542e3b3a2ff2aee1d0291189

                SHA1

                19f53f081c27203609e46dd11ead7eab908f6b30

                SHA256

                21cd6884068e71a4e9ef4a9f687f9f87d84cce36f7797175f4d76fabce87a1a0

                SHA512

                354955f1e8ef47d7c58dfbbcf5069e3b4b748fd233307b772a31c2b63b5683ce3001ccabd765fdde469d22f9b73e224bc78f4dcc0c0bc797ec5c37ccbbf253e3

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp266c4ba1-7f5d-4954-8e84-16d5303e7a12\files\VC_redist.x64.19.exe
                Filesize

                14.3MB

                MD5

                264c296cc0bf00db6ba8e7bf8cc4e706

                SHA1

                837a49f9eaacda7c077a8bbea149a52d766b81c0

                SHA256

                7d7105c52fcd6766beee1ae162aa81e278686122c1e44890712326634d0b055e

                SHA512

                9f197af069535896f866d2853689c8e0243fe5c89feeaf6a027315f31bb0086bb0a6234e77a4427481fb2dbe32c3c0d748f9de82ee439086745658a825bed5e9

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp266c4ba1-7f5d-4954-8e84-16d5303e7a12\postflight\vcredist-postflight.bat
                Filesize

                342B

                MD5

                2896b5c307eb33c9e30f25704f1e805f

                SHA1

                4678cf9958a7314206e54e5d055ad7a4f65400a0

                SHA256

                4e1329927ec28e08fcbe6af712705c571ef2ad72435d994b55be6c494f96fe45

                SHA512

                1f1600c5721b77ff675c9f95b7bdf6fa83984af31459ffb35d69b0529df4012584b84c4e02505151bef3f84e484b3fd04be23a712e7d1f8dfdf9e4508b016db1

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp4e65565a-6097-4411-ad71-143936dc80b9\postflight\mxredirect-windows-postflight.bat
                Filesize

                630B

                MD5

                7f4b4e211a4df311c4c353dc9c34d038

                SHA1

                5c46b580f5b37be9effcd76e9f4fa29a56f6dc1d

                SHA256

                c276acfec8e0181a2ae35dff29c1b051091fba70e9aa1d076cc0a4429fc20a5a

                SHA512

                a78600025a16e6a69b6b2861061fd2721fb68019dc5dcb7d8850fe4c6f0cfe353fe5d968fbb205cf6fad8ab9a0ab795f4170585ba01cffefe0d4cff01a80cc42

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp4e65565a-6097-4411-ad71-143936dc80b9\resources\mxredirect.log.config
                Filesize

                616B

                MD5

                373cd25ef8b1b01a13121d92855680d8

                SHA1

                4d94d4ce9f09ac5ce5e15ef95d067b6508aa70e0

                SHA256

                61cd3d1b458f7d7012504bfb237a969b9cc08ec03bfcae801aa4ff9b8a806f78

                SHA512

                2d5dfb93feceef016d670b94e06a7510df727091fbbe8416cc2551a66a2ed8f5eab80a270465d64003e930376965eb8224102373c97bf5971761db35ebe607c4

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp4e65565a-6097-4411-ad71-143936dc80b9\tools\mxredirect.exe
                Filesize

                692KB

                MD5

                4cceb8905113d439744ee148e34e7821

                SHA1

                abc1abd7964b6bf6f6dc0e5c44e5f5391d8b268a

                SHA256

                fc3a66fb8d3683496a9c864c5903dccefba5d88feee9568cefdf9f6e4f3c1891

                SHA512

                b6ef84b9012dc26002c1bf10211e3d56b5e8120c2d331dd11ccaf7d60f4f86ad70837ed5113e8c263f30749793273b0761e5cc2661430bfb430c363b1d044ba9

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmp8b105ada-3013-4583-9abc-97dc87fb30d7\bin\rguninstaller.exe
                Filesize

                698KB

                MD5

                1f29793a7524fb76ec9fb5541ef9d0aa

                SHA1

                d86b1ae5bac48eb7fb6201caaac600a2027f9b4e

                SHA256

                979eb511ab9a6cec73187e3ec04e7ebbb80af9fe94176cc51092bdd16da05d75

                SHA512

                6dbf5ead5fd33c14ba3ab9ae780e677dcbe5e418065de7e03a8ccb09b19d3a4dcb1f7440847735463bb52e0250ac38bc0fbec86d40e17d46332b67204da00169

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmpd5a916f8-79cc-42ed-9f60-b80a8ae59c36\app\MxNotify.exe
                Filesize

                1.1MB

                MD5

                70d9b62275daa012c6de319c1d6a9502

                SHA1

                f0dd67f778e8548856fd7068e5169eaea85176e2

                SHA256

                3f0404c19cf4cb370a8ccfdce8893173345c3ddfc5d32ce34a80653800731a24

                SHA512

                44364e3abf3ec16fb9a0aadc49f5943deae537dc437fbaa6359a037b12e66f071bb120b62f3d671dd30a59bdbe4c1161b657003a379f9276fb92ee6f3432e547

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmpd5a916f8-79cc-42ed-9f60-b80a8ae59c36\postflight\mxnotify-windows-postflight.bat
                Filesize

                106B

                MD5

                d2926859650503d8e62b0db8e6a2c18b

                SHA1

                373fd2b988df44b574693e8781cdc1213360633c

                SHA256

                aa8c150f29af2200de9ce0336c55bc5c76a64f5434d7f8da26c0cecebc573798

                SHA512

                52040403587f9a0c7f2d5fb6f3de86f649276ad8f42a63eba45b87d58f69a2551191f2a8720d6364bf108638d5650400f782088ebeb2c0b665ebdf510761009e

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmpe1ffa55b-69b7-428a-93ba-af5243fd8a8a\bin\MicrosoftEdgeWebview2Setup.exe
                Filesize

                1.7MB

                MD5

                6abf61dd5a6318d76a11ce43b4bee001

                SHA1

                546fac452bb8892bed42b79b17dc0c86ca5ae7dc

                SHA256

                389601cbd7e9256ce22348e3ceb2c33e39ddc7a8c75db897d269dc23b17ad11d

                SHA512

                e454b2bb8ee2bf1355613afdf8389076fae5ffb8305ca2748cb05b597b54f039647e9aced03946dd6c0057305de80ca69db09cb2e539c6645fb2da6abf12ea7b

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\tmpe1ffa55b-69b7-428a-93ba-af5243fd8a8a\bin\install-mswebview.bat
                Filesize

                68B

                MD5

                9e307d7ca44484c85fecf3d1cf7b1a59

                SHA1

                590497a3a89c0cbfa9d9db7429a2c4712aaa078f

                SHA256

                d5b69e95318804f103ebcdd26a77e27224decf02962c0f5d8e83fe615b1dd228

                SHA512

                f3e8bb2adbeeb84e699f70dfddd72e86ca0f05827b9f788478c5143d616d1382725e404720213bd056afe5851907553c0e5f1eac10737301b6f73ef7a5f4973d

                Download Submit

              • C:\Users\Admin\Desktop\Red Giant Magic Bullet Suite 2024.0\Maxon_App_2024.0.0_Win.exe
                Filesize

                36.1MB

                MD5

                60abaff7aadffb7a6b794859dd39f8fd

                SHA1

                abec95384036d9d99d94d00c4c2b1db452afd9c9

                SHA256

                760560b03a07975649da6a74ca9cc46f5ce5b7c9d38b10f6daaa6fcefae77efb

                SHA512

                9b23560fa7be23c2d059365c953f354bbc9780f11eeca1c5924441019a964dfb631c388715371ef5a3a383d10f968591100482d8204f8c0e07526ebe68b82641

                Download Submit

              • C:\Windows\Temp\{B83B0961-D745-438C-8F52-3F11B9994A86}\.ba\logo.png
                Filesize

                1KB

                MD5

                d6bd210f227442b3362493d046cea233

                SHA1

                ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

                SHA256

                335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

                SHA512

                464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

                Download Submit

              • C:\Windows\Temp\{B83B0961-D745-438C-8F52-3F11B9994A86}\.ba\wixstdba.dll
                Filesize

                191KB

                MD5

                eab9caf4277829abdf6223ec1efa0edd

                SHA1

                74862ecf349a9bedd32699f2a7a4e00b4727543d

                SHA256

                a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

                SHA512

                45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

                Download Submit

              • C:\Windows\Temp\{D27D9870-4C3C-403F-B641-68C404133D02}\.cr\VC_redist.x64.19.exe
                Filesize

                632KB

                MD5

                562711caf0d942d286fd28d34ebf9fdf

                SHA1

                001b037c732b497e390bd756901e64ce0d84d885

                SHA256

                3556010aa72b67d16dc6b406aecf493185c92f38ad410924959175fd39192b61

                SHA512

                447ea79c0fe30b5458d139d903bf738126c8159250a5b732ca9afdb7536be3ef5c81857852034fbdf385d9bbc43e1c77dc9618f7ad0b60ff3d9c526711c30060

                Download Submit

              • memory/1316-1857-0x0000000000AE0000-0x0000000000B15000-memory.dmp

                Filesize

                212KB

                Download

              • memory/1772-1221-0x00007FFB5DAF0000-0x00007FFB5DAF1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1772-1222-0x00007FFB5EE30000-0x00007FFB5EE31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1972-1238-0x00007FFB5D720000-0x00007FFB5D721000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2724-1167-0x00007FFB5D720000-0x00007FFB5D721000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4360-1007-0x0000000000300000-0x0000000000337000-memory.dmp

                Filesize

                220KB

                Download

              • memory/4360-1008-0x00000000739F0000-0x0000000073C6A000-memory.dmp

                Filesize

                2.5MB

                Download

              • memory/4360-1028-0x00000000739F0000-0x0000000073C6A000-memory.dmp

                Filesize

                2.5MB

                Download

              • memory/4360-1055-0x0000000000300000-0x0000000000337000-memory.dmp

                Filesize

                220KB

                Download

              • memory/5532-1589-0x000001EF40670000-0x000001EF40671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5532-1597-0x000001EF40670000-0x000001EF40671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5532-1593-0x000001EF40670000-0x000001EF40671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5532-1595-0x000001EF40670000-0x000001EF40671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5532-1598-0x000001EF40670000-0x000001EF40671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5532-1599-0x000001EF40670000-0x000001EF40671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5532-1596-0x000001EF40670000-0x000001EF40671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5532-1594-0x000001EF40670000-0x000001EF40671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5532-1588-0x000001EF40670000-0x000001EF40671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/5532-1587-0x000001EF40670000-0x000001EF40671000-memory.dmp

                Filesize

                4KB

                Download