Overview

overview

8

Static

static

3

SolaraB2/S...er.exe

windows11-21h2-x64

8

Analysis

  • max time kernel
    2690s
  • max time network
    2592s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27-06-2024 23:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SolaraB2/Solara/SolaraBootstrapper.exe

  • Size

    797KB

  • MD5

    36b62ba7d1b5e149a2c297f11e0417ee

  • SHA1

    ce1b828476274375e632542c4842a6b002955603

  • SHA256

    8353c5ace62fda6aba330fb3396e4aab11d7e0476f815666bd96a978724b9e0c

  • SHA512

    fddec44631e7a800abf232648bbf417969cd5cc650f32c17b0cdc12a0a2afeb9a5dbf5c1f899bd2fa496bd22307bfc8d1237c94920fceafd84f47e13a6b98b94

  • SSDEEP

    12288:n1mzgHpbzEu8AgpQojA1j855xU9pHIRxSNN:1mzgH385QojA1j855xSHI

Score
8/10
adwarediscoveryevasionpersistenceprivilege_escalationstealertrojan

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs
    persistence
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 46 IoCs
  • Loads dropped DLL 52 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Blocklisted process makes network request 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Checks system information in the registry 2 TTPs 28 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 21 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 57 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 38 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 41 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 4 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\SolaraB2\Solara\SolaraBootstrapper.exe
    "C:\Users\Admin\AppData\Local\Temp\SolaraB2\Solara\SolaraBootstrapper.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1804
    • C:\Windows\SysWOW64\msiexec.exe
      "msiexec" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1292
    • C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe
      "C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe" /install /quiet /norestart
      2⤵
      • Executes dropped EXE
      PID:2336
      • C:\Windows\Temp\{B2DC6A87-6CD9-40A0-BF1B-4EC4824FEB56}\.cr\vc_redist.x64.exe
        "C:\Windows\Temp\{B2DC6A87-6CD9-40A0-BF1B-4EC4824FEB56}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe" -burn.filehandle.attached=556 -burn.filehandle.self=728 /install /quiet /norestart
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2936
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:492
    • C:\Windows\System32\MsiExec.exe
      C:\Windows\System32\MsiExec.exe -Embedding 1345CFDDEA3EEB01947BFA159A5A4C12
      2⤵
      • Loads dropped DLL
      PID:2084
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 818045ED4E2DC5C3238E4939037A21C8
      2⤵
      • Loads dropped DLL
      PID:4836
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding BE969E759FEDDDDA6BD45553D072DAB5 E Global\MSI0000
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2076
      • C:\Windows\SysWOW64\wevtutil.exe
        "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
        3⤵
          PID:572
          • C:\Windows\System32\wevtutil.exe
            "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
            4⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2844
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1244
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd9362ab58,0x7ffd9362ab68,0x7ffd9362ab78
        2⤵
          PID:3708
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:2
          2⤵
            PID:3796
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:8
            2⤵
              PID:364
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:8
              2⤵
                PID:3296
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:1
                2⤵
                  PID:4548
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:1
                  2⤵
                    PID:3344
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4260 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:1
                    2⤵
                      PID:2820
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:8
                      2⤵
                        PID:864
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:8
                        2⤵
                          PID:4800
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4108 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:8
                          2⤵
                            PID:2628
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:8
                            2⤵
                              PID:1996
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5040 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:8
                              2⤵
                                PID:1500
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4784 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:1
                                2⤵
                                  PID:3160
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3212 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:8
                                  2⤵
                                    PID:3576
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3252 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:8
                                    2⤵
                                      PID:4428
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:8
                                      2⤵
                                        PID:864
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2716 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:1
                                        2⤵
                                          PID:1448
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4888 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:1
                                          2⤵
                                            PID:332
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:8
                                            2⤵
                                              PID:3388
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3396 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:8
                                              2⤵
                                                PID:4056
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3500 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:8
                                                2⤵
                                                  PID:4044
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3264 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:2
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:780
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:8
                                                  2⤵
                                                  • NTFS ADS
                                                  PID:924
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4408 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:8
                                                  2⤵
                                                    PID:3616
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5240 --field-trial-handle=1844,i,2757733492519406381,6386394421347732096,131072 /prefetch:8
                                                    2⤵
                                                      PID:2628
                                                    • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                      "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
                                                      2⤵
                                                      • Executes dropped EXE
                                                      • Checks whether UAC is enabled
                                                      • Drops file in Program Files directory
                                                      • Enumerates system info in registry
                                                      • Modifies Internet Explorer settings
                                                      • Modifies registry class
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:3476
                                                      • C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                        MicrosoftEdgeWebview2Setup.exe /silent /install
                                                        3⤵
                                                        • Executes dropped EXE
                                                        • Drops file in Program Files directory
                                                        PID:4860
                                                        • C:\Program Files (x86)\Microsoft\Temp\EU80E9.tmp\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\Temp\EU80E9.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                                          4⤵
                                                          • Event Triggered Execution: Image File Execution Options Injection
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Checks system information in the registry
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:3572
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                            5⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Modifies registry class
                                                            PID:1012
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                            5⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Modifies registry class
                                                            PID:1980
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                              6⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • Modifies registry class
                                                              PID:1528
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                              6⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • Modifies registry class
                                                              PID:864
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                              6⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • Modifies registry class
                                                              PID:792
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjQ5OEFDRkEtQUI2Qi00MDY3LTlCODktOUFCNUZDOTc5RkE2fSIgdXNlcmlkPSJ7MDM5NzRFMEItMkFFRi00MDNELUJGMjYtQzY5MkJFRkQxQTBCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2NEIwNzVFQS00NzI1LTQ2RDgtQjE2OC05MDY5OTg2QzAwQkV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY2NzE1NTU5MTAiIGluc3RhbGxfdGltZV9tcz0iNTQzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                            5⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Checks system information in the registry
                                                            PID:868
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{F498ACFA-AB6B-4067-9B89-9AB5FC979FA6}" /silent
                                                            5⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            PID:3300
                                                      • C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
                                                        "C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe" -app -isInstallerLaunch
                                                        3⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Suspicious use of NtCreateThreadExHideFromDebugger
                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        • Suspicious use of UnmapMainImage
                                                        PID:2928
                                                  • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                    1⤵
                                                      PID:3300
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Checks system information in the registry
                                                      • Modifies data under HKEY_USERS
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:4544
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjQ5OEFDRkEtQUI2Qi00MDY3LTlCODktOUFCNUZDOTc5RkE2fSIgdXNlcmlkPSJ7MDM5NzRFMEItMkFFRi00MDNELUJGMjYtQzY5MkJFRkQxQTBCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGRjg3MEUzRi1CN0VDLTRFQTctQTM3RS1DMEM0NEJCRTY2NzZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY2NzQ5MzU0MDMiLz48L2FwcD48L3JlcXVlc3Q-
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Checks system information in the registry
                                                        • Modifies data under HKEY_USERS
                                                        PID:2264
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{35BB7FBD-B4F2-47EF-BFAB-50049E996A37}\MicrosoftEdge_X64_126.0.2592.81.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{35BB7FBD-B4F2-47EF-BFAB-50049E996A37}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                        2⤵
                                                        • Executes dropped EXE
                                                        PID:4936
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{35BB7FBD-B4F2-47EF-BFAB-50049E996A37}\EDGEMITMP_3CB1C.tmp\setup.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{35BB7FBD-B4F2-47EF-BFAB-50049E996A37}\EDGEMITMP_3CB1C.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{35BB7FBD-B4F2-47EF-BFAB-50049E996A37}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Drops file in Program Files directory
                                                          • Drops file in Windows directory
                                                          PID:2304
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{35BB7FBD-B4F2-47EF-BFAB-50049E996A37}\EDGEMITMP_3CB1C.tmp\setup.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{35BB7FBD-B4F2-47EF-BFAB-50049E996A37}\EDGEMITMP_3CB1C.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{35BB7FBD-B4F2-47EF-BFAB-50049E996A37}\EDGEMITMP_3CB1C.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.81 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff71e5caa40,0x7ff71e5caa4c,0x7ff71e5caa58
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Drops file in Windows directory
                                                            PID:3152
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9CA28A82-9396-4F73-BB3E-03ADEE12375E}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9CA28A82-9396-4F73-BB3E-03ADEE12375E}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe" /update /sessionid "{1317BC9D-D638-4678-A221-61644EED38B5}"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Drops file in Program Files directory
                                                        PID:764
                                                        • C:\Program Files (x86)\Microsoft\Temp\EU2E09.tmp\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\Temp\EU2E09.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{1317BC9D-D638-4678-A221-61644EED38B5}"
                                                          3⤵
                                                          • Event Triggered Execution: Image File Execution Options Injection
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Checks system information in the registry
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:2260
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Modifies registry class
                                                            PID:4624
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Modifies registry class
                                                            PID:2008
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • Modifies registry class
                                                              PID:1544
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • Modifies registry class
                                                              PID:4768
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • Modifies registry class
                                                              PID:4948
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTMxN0JDOUQtRDYzOC00Njc4LUEyMjEtNjE2NDRFRUQzOEI1fSIgdXNlcmlkPSJ7MDM5NzRFMEItMkFFRi00MDNELUJGMjYtQzY5MkJFRkQxQTBCfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7NzhDRTM5QjQtOUUwQi00NzQwLTg0RkQtQTU0MTQ4OTcxMDQ4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODcuNDEiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTk1MzEyNDgiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMzk2MzY1NjQwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Checks system information in the registry
                                                            PID:3336
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjQ5OEFDRkEtQUI2Qi00MDY3LTlCODktOUFCNUZDOTc5RkE2fSIgdXNlcmlkPSJ7MDM5NzRFMEItMkFFRi00MDNELUJGMjYtQzY5MkJFRkQxQTBCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGMkI4Q0Y4RC1ENjIwLTREMkEtOTk2NS1FMDNCMDBDNDQ2QzJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjYuMC4yNTkyLjgxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2Njk5ODk1Njg5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjY5OTk3NTQ5MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk5MjU3MTU1NjkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzExMTBiZjYzLWM2Y2UtNDcxNC05NjliLWIzMDI4YjQ0MWM0Nz9QMT0xNzIwMTM2MDUyJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUpDQmNDSHE2UGR0WXpQanpOaXJrNnYzRzZNeiUyYjZVVm5HMGJlb2xGcG1HZ1BVV28zcG5HTkZqUjFUbXVkS1M3bk1hJTJmZklFeUtvUmZidkg2eUs5WmYlMmJRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTczMDgyMTY4IiB0b3RhbD0iMTczMDgyMTY4IiBkb3dubG9hZF90aW1lX21zPSIzMTYzNTAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5OTI1ODM1NDI4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTkzOTgzNTk5MCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAzODA5NDU0MTgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMzMyIiBkb3dubG9hZF90aW1lX21zPSIzMjI1NzgiIGRvd25sb2FkZWQ9IjE3MzA4MjE2OCIgdG90YWw9IjE3MzA4MjE2OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDQxMDciLz48L2FwcD48L3JlcXVlc3Q-
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Checks system information in the registry
                                                        PID:2460
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTMxN0JDOUQtRDYzOC00Njc4LUEyMjEtNjE2NDRFRUQzOEI1fSIgdXNlcmlkPSJ7MDM5NzRFMEItMkFFRi00MDNELUJGMjYtQzY5MkJFRkQxQTBCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntCREI3NTRGNy1FOEVELTRBQzAtQjA4Ny04ODdBM0Q4OUY4MjZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny40MSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk4NzM2MDU2MzciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTg3MzY4NTY3NSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAwMjA3NTU1MDYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy80YWQ5Y2I2ZS04MjQ1LTRlNDctYjI5OC0xZmY0YjA0MjU2ZTE_UDE9MTcyMDEzNjM2OSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1Bck5neXphUnZUdngzNzY2WDlRSHBHcndQbVB3NnJaNzNFUDd3bDlZczY0cjYlMmZTTFElMmJmZVkzJTJmNzBsRSUyZm51M3RqaG0zSzhtOGg0ZFZsWHpGUVgyV0hBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjEiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAwMjA3NzU2MDkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzRhZDljYjZlLTgyNDUtNGU0Ny1iMjk4LTFmZjRiMDQyNTZlMT9QMT0xNzIwMTM2MzY5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUFyTmd5emFSdlR2eDM3NjZYOVFIcEdyd1BtUHc2clo3M0VQN3dsOVlzNjRyNiUyZlNMUSUyYmZlWTMlMmY3MGxFJTJmbnUzdGpobTNLOG04aDRkVmxYekZRWDJXSEElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjM0Mzc2IiB0b3RhbD0iMTYzNDM3NiIgZG93bmxvYWRfdGltZV9tcz0iMTQ2MjQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAwMjA4MDU0NzAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAzODA5NTU0OTkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzYyNjI4MTM2NDY2MDU3MCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSItMSIgYWQ9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIj48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7MjU3RDQzOTktQTczMC00NURELUJDQjktMDhBQjI2MjJFNEREfSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Checks system information in the registry
                                                        PID:1600
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Checks system information in the registry
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:3064
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:2172
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Checks system information in the registry
                                                      • Modifies data under HKEY_USERS
                                                      PID:1744
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDg4RDQzMTEtQTFCMy00RkE2LTlFOEItNkE1QkI1MTA1MEU4fSIgdXNlcmlkPSJ7MDM5NzRFMEItMkFFRi00MDNELUJGMjYtQzY5MkJFRkQxQTBCfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QkFDQjVGNzQtQ0NBQy00QTk0LTg4MjUtREEwRTJBN0IyNjQxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7aFZmRGpNZEZHNkZnS3MwTno2ZW1yWUNTZzZUUXZEUG9tb2xSYXlRWEJLND0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjE1IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTgxNTMwNjAiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM2MjYyNTc3NzExODI5ODciPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MzI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzM5NjAxMzgxOSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Checks system information in the registry
                                                        PID:2768
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B36D6B2C-ABA9-4ED5-BD28-87E21D680E3B}\BGAUpdate.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B36D6B2C-ABA9-4ED5-BD28-87E21D680E3B}\BGAUpdate.exe" --edgeupdate-client --system-level
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Adds Run key to start application
                                                        PID:2468
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDg4RDQzMTEtQTFCMy00RkE2LTlFOEItNkE1QkI1MTA1MEU4fSIgdXNlcmlkPSJ7MDM5NzRFMEItMkFFRi00MDNELUJGMjYtQzY5MkJFRkQxQTBCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins3Mjc1QzVCRC0xRDgzLTQ2Q0YtOTU4NC0zMjAzNUZFRjkzMDl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9InsxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDB9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIyLjAuMC4zNCIgbGFuZz0iIiBicmFuZD0iRVVGSSIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNDA1MjMyODcyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM0MDUyMzI4NzIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQ4OTY3OTQ5MjAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcyMDEzNjcyMiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1ieTcwclBZSkRPa3VsdkE5ME5xbUVPaTQlMmZSNUdyWUx3YnFCWXFjTyUyYnZ6dTRnbW0waXZSQmFzcnZqczM2ZWl1enV1M0wxaGtGTDZwJTJmeTZLUzNEMlppUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIxNSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0ODk2OTUxMTA1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcyMDEzNjcyMiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1ieTcwclBZSkRPa3VsdkE5ME5xbUVPaTQlMmZSNUdyWUx3YnFCWXFjTyUyYnZ6dTRnbW0waXZSQmFzcnZqczM2ZWl1enV1M0wxaGtGTDZwJTJmeTZLUzNEMlppUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE4MDQ0NDQ4IiB0b3RhbD0iMTgwNDQ0NDgiIGRvd25sb2FkX3RpbWVfbXM9IjE0NDcwMyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0ODk2OTUxMTA1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQ5MDMwNDUzOTEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDkwNDYwNzQ4MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjM5MSIgZG93bmxvYWRfdGltZV9tcz0iMTQ5MTI1IiBkb3dubG9hZGVkPSIxODA0NDQ0OCIgdG90YWw9IjE4MDQ0NDQ4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSIxNTYiLz48L2FwcD48L3JlcXVlc3Q-
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Checks system information in the registry
                                                        PID:3312
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Checks system information in the registry
                                                      • Modifies data under HKEY_USERS
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:4948
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FCA1F5BC-A3F3-4ACF-A541-F9F6BE1E869F}\MicrosoftEdge_X64_126.0.2592.68.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FCA1F5BC-A3F3-4ACF-A541-F9F6BE1E869F}\MicrosoftEdge_X64_126.0.2592.68.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                        2⤵
                                                        • Executes dropped EXE
                                                        PID:4912
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FCA1F5BC-A3F3-4ACF-A541-F9F6BE1E869F}\EDGEMITMP_2A9E8.tmp\setup.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FCA1F5BC-A3F3-4ACF-A541-F9F6BE1E869F}\EDGEMITMP_2A9E8.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FCA1F5BC-A3F3-4ACF-A541-F9F6BE1E869F}\MicrosoftEdge_X64_126.0.2592.68.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                          3⤵
                                                          • Boot or Logon Autostart Execution: Active Setup
                                                          • Executes dropped EXE
                                                          • Installs/modifies Browser Helper Object
                                                          • Drops file in Program Files directory
                                                          • Drops file in Windows directory
                                                          • Modifies Internet Explorer settings
                                                          • Modifies registry class
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          • System policy modification
                                                          PID:4552
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FCA1F5BC-A3F3-4ACF-A541-F9F6BE1E869F}\EDGEMITMP_2A9E8.tmp\setup.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FCA1F5BC-A3F3-4ACF-A541-F9F6BE1E869F}\EDGEMITMP_2A9E8.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FCA1F5BC-A3F3-4ACF-A541-F9F6BE1E869F}\EDGEMITMP_2A9E8.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.68 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff785c5aa40,0x7ff785c5aa4c,0x7ff785c5aa58
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Drops file in Windows directory
                                                            PID:2312
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FCA1F5BC-A3F3-4ACF-A541-F9F6BE1E869F}\EDGEMITMP_2A9E8.tmp\setup.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FCA1F5BC-A3F3-4ACF-A541-F9F6BE1E869F}\EDGEMITMP_2A9E8.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Drops file in System32 directory
                                                            • Drops file in Windows directory
                                                            PID:1396
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FCA1F5BC-A3F3-4ACF-A541-F9F6BE1E869F}\EDGEMITMP_2A9E8.tmp\setup.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FCA1F5BC-A3F3-4ACF-A541-F9F6BE1E869F}\EDGEMITMP_2A9E8.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{FCA1F5BC-A3F3-4ACF-A541-F9F6BE1E869F}\EDGEMITMP_2A9E8.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.68 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff785c5aa40,0x7ff785c5aa4c,0x7ff785c5aa58
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • Drops file in Windows directory
                                                              PID:2380
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.68\Installer\setup.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.68\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Drops file in Windows directory
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:2524
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.68\Installer\setup.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.68\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.68\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.68 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6087daa40,0x7ff6087daa4c,0x7ff6087daa58
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • Drops file in Windows directory
                                                              PID:1956
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.68\Installer\setup.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.68\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
                                                            4⤵
                                                            • Executes dropped EXE
                                                            • Drops file in Windows directory
                                                            PID:3824
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.68\Installer\setup.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.68\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.68\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.68 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6087daa40,0x7ff6087daa4c,0x7ff6087daa58
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • Drops file in Windows directory
                                                              PID:4500
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Njc4OUExNkQtQjQ4RS00REQzLThGMjYtNzYzRTgwQ0NBQjc5fSIgdXNlcmlkPSJ7MDM5NzRFMEItMkFFRi00MDNELUJGMjYtQzY5MkJFRkQxQTBCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntGRTkyQTgwNS1GQ0IzLTQxOEEtQTVGMC1DODk5MTZDQkNFNjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtoVmZEak1kRkc2RmdLczBOejZlbXJZQ1NnNlRRdkRQb21vbFJheVFYQks0PSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg3LjQxIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0tdGFyZ2V0X2RldjtQcm9kdWN0c1RvUmVnaXN0ZXI9JTdCMUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwJTdEIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjI5Ij48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2Mzg3IiBwaW5nX2ZyZXNobmVzcz0ie0JCQTI5QjQ0LUU3MzktNEMzMi05MDY5LUJDM0JEODVFOEIxQX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIxMjYuMC4yNTkyLjY4IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM2MjYyODEzNjQ2NjA1NzAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0OTczODI2NDA1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0OTczOTgyNDU3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjI4MTk1MTE1MiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2FjNmY2MTFiLWVlYjctNGE0Mi1hNmQ0LThjZDcxNDI5NmExMT9QMT0xNzIwMTM2ODc5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUNITmJ6QSUyZlpieUNqY0pMZXJUdTFDM1pCciUyZlN5dU9yeWRISFhpTGd0c2lYc1l1SDdzYjk5eVFjQzVGYXRxWVdsaEpHbktXeWVEaW1wMUtTWFFOJTJmODVRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTYyODE5NTExNTIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2FjNmY2MTFiLWVlYjctNGE0Mi1hNmQ0LThjZDcxNDI5NmExMT9QMT0xNzIwMTM2ODc5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUNITmJ6QSUyZlpieUNqY0pMZXJUdTFDM1pCciUyZlN5dU9yeWRISFhpTGd0c2lYc1l1SDdzYjk5eVFjQzVGYXRxWVdsaEpHbktXeWVEaW1wMUtTWFFOJTJmODVRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTcyOTU3MjQwIiB0b3RhbD0iMTcyOTU3MjQwIiBkb3dubG9hZF90aW1lX21zPSIxMjg5NTMiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTYyODIxMDc2MTAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTYyOTU3MDE0NTIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjE2NzI2OTUxMzY0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMzU5IiBkb3dubG9hZF90aW1lX21zPSIxMzA3ODEiIGRvd25sb2FkZWQ9IjE3Mjk1NzI0MCIgdG90YWw9IjE3Mjk1NzI0MCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDMxMjUiLz48cGluZyBhY3RpdmU9IjAiIHJkPSI2Mzg3IiBwaW5nX2ZyZXNobmVzcz0ie0JBREE4OThGLTAyMDgtNDA4RC05Q0MxLTk0Q0FFNEI3MzcxQn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI2LjAuMjU5Mi44MSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGNvaG9ydD0icnJmQDAuOTQiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjM4NyIgcGluZ19mcmVzaG5lc3M9InsxNDVFMUUyRi1GRjk5LTRCN0MtOTNFNC0wQ0MzMUI0QkU0REJ9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Checks system information in the registry
                                                        PID:1744
                                                    • C:\Windows\System32\svchost.exe
                                                      C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
                                                      1⤵
                                                        PID:4724
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /c
                                                        1⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        PID:2156

                                                      Network

                                                      MITRE ATT&CK Enterprise v15

                                                      Reconnaissance

                                                      Resource Development

                                                      Initial Access

                                                      Execution

                                                      Persistence

                                                      Boot or Logon Autostart Execution

                                                      2
                                                      T1547

                                                      Active Setup

                                                      1
                                                      T1547.014

                                                      Registry Run Keys / Startup Folder

                                                      1
                                                      T1547.001

                                                      Browser Extensions

                                                      1
                                                      T1176

                                                      Event Triggered Execution

                                                      2
                                                      T1546

                                                      Component Object Model Hijacking

                                                      1
                                                      T1546.015

                                                      Image File Execution Options Injection

                                                      1
                                                      T1546.012

                                                      Privilege Escalation

                                                      Boot or Logon Autostart Execution

                                                      2
                                                      T1547

                                                      Active Setup

                                                      1
                                                      T1547.014

                                                      Registry Run Keys / Startup Folder

                                                      1
                                                      T1547.001

                                                      Event Triggered Execution

                                                      2
                                                      T1546

                                                      Component Object Model Hijacking

                                                      1
                                                      T1546.015

                                                      Image File Execution Options Injection

                                                      1
                                                      T1546.012

                                                      Defense Evasion

                                                      Modify Registry

                                                      5
                                                      T1112

                                                      Credential Access

                                                      Discovery

                                                      Peripheral Device Discovery

                                                      1
                                                      T1120

                                                      Query Registry

                                                      5
                                                      T1012

                                                      System Information Discovery

                                                      5
                                                      T1082

                                                      Lateral Movement

                                                      Collection

                                                      Command and Control

                                                      Exfiltration

                                                      Impact

                                                      Replay Monitor

                                                      Loading Replay Monitor...

                                                      Downloads

                                                      • C:\Config.Msi\e57e08f.rbs
                                                        Filesize

                                                        1.0MB

                                                        MD5

                                                        76ca6b7637bbb4a83ab6c6cfa2846dcd

                                                        SHA1

                                                        e6f026f7266873e353cfefc78f1b9efe971410b1

                                                        SHA256

                                                        7cceace058c4fd055cc5e1f09c487e987c54357e3eb9eec39eeac7db69eb5b5f

                                                        SHA512

                                                        d4fc6cf32a0d0469831399f5d918c20f15c3b3235f73c4140c20e0ebbcbd5f2d1d5001bbc9c706f48290891c5d52f85712ac770f5c314e22578c7b0270b978b4

                                                        Download Submit

                                                      • C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.68\Installer\setup.exe
                                                        Filesize

                                                        6.5MB

                                                        MD5

                                                        05e320ae544022adea3f8c441646765d

                                                        SHA1

                                                        3c6266b8a8c0132a97b2785bcb9ae7546ac02cc9

                                                        SHA256

                                                        e1618f31f476932871871ebc6e63d57aad643b74ea892d3d305e4125df1e6f10

                                                        SHA512

                                                        c1cf5c001ddd6b3b3c68b697f8ec9f1cbd48b5881f9fc805d74eb14a13eedcdf71e958ca1b790353a4edc64008558295741cfb785e0a3824a8f3a62bc985d387

                                                        Download Submit

                                                      • C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Installer\setup.exe
                                                        Filesize

                                                        6.5MB

                                                        MD5

                                                        7c44a5cba89f38d967b1f4e11225da0f

                                                        SHA1

                                                        44837f2ff9b3ebc7c371ee5f9e0cd5dcaad508dd

                                                        SHA256

                                                        a10c3e0b2ec1286bfe6b3fe9005a9132fad01be9afc4bdd5adb29f174b8fb706

                                                        SHA512

                                                        25b4cae7fc6d200dab70e94461b7f2e7899813975cab498fb367a32aa2e187fb7b1330545b60f6340d53fe5e04a1ecfb5d6b8bf004ac26ecaa7a8f6e387dfe99

                                                        Download Submit

                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe
                                                        Filesize

                                                        17.2MB

                                                        MD5

                                                        3f208f4e0dacb8661d7659d2a030f36e

                                                        SHA1

                                                        07fe69fd12637b63f6ae44e60fdf80e5e3e933ff

                                                        SHA256

                                                        d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b

                                                        SHA512

                                                        6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740

                                                        Download Submit

                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.41\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
                                                        Filesize

                                                        1.6MB

                                                        MD5

                                                        a9ad77a4111f44c157a1a37bb29fd2b9

                                                        SHA1

                                                        f1348bcbc950532ac2b48b18acd91533f3ac0be2

                                                        SHA256

                                                        200a59abdeb32cc4d2cec4079be205f18b5f45bae42acb7940151f9780569889

                                                        SHA512

                                                        68f58a15ef5ba5d49d8476bee4a488e9a721f703a645ddd29148915d555ca2eb451635c3b762e5a0f786d69bb5cba9bffac3eeee196f1ec7ad669e2d729fe898

                                                        Download Submit

                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        Filesize

                                                        3.7MB

                                                        MD5

                                                        670550dd4221b2d53e739c33750ad895

                                                        SHA1

                                                        c63b42de2b669870c92301c8e1ebe3c1d0243ae7

                                                        SHA256

                                                        a588a724109c066abc1075cc6822fa1cea1a7fee1385886d37b551d9a89fe9c8

                                                        SHA512

                                                        d2d8191eaf40704cdafe81701e0e8690bd545beaa54863e6f953f4675bd1a71e8bc10885afe3ddd4de2b3ed143dfa5abec4adda75060be1fa76d592766fb4e1c

                                                        Download Submit

                                                      • C:\Program Files (x86)\Microsoft\Temp\EU80E9.tmp\EdgeUpdate.dat
                                                        Filesize

                                                        12KB

                                                        MD5

                                                        369bbc37cff290adb8963dc5e518b9b8

                                                        SHA1

                                                        de0ef569f7ef55032e4b18d3a03542cc2bbac191

                                                        SHA256

                                                        3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

                                                        SHA512

                                                        4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

                                                        Download Submit

                                                      • C:\Program Files (x86)\Microsoft\Temp\EU80E9.tmp\MicrosoftEdgeComRegisterShellARM64.exe
                                                        Filesize

                                                        179KB

                                                        MD5

                                                        7a160c6016922713345454265807f08d

                                                        SHA1

                                                        e36ee184edd449252eb2dfd3016d5b0d2edad3c6

                                                        SHA256

                                                        35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

                                                        SHA512

                                                        c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

                                                        Download Submit

                                                      • C:\Program Files (x86)\Microsoft\Temp\EU80E9.tmp\MicrosoftEdgeUpdate.exe
                                                        Filesize

                                                        201KB

                                                        MD5

                                                        4dc57ab56e37cd05e81f0d8aaafc5179

                                                        SHA1

                                                        494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                                        SHA256

                                                        87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                                        SHA512

                                                        320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                                        Download Submit

                                                      • C:\Program Files (x86)\Microsoft\Temp\EU80E9.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                        Filesize

                                                        212KB

                                                        MD5

                                                        60dba9b06b56e58f5aea1a4149c743d2

                                                        SHA1

                                                        a7e456acf64dd99ca30259cf45b88cf2515a69b3

                                                        SHA256

                                                        4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

                                                        SHA512

                                                        e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

                                                        Download Submit

                                                      • C:\Program Files (x86)\Microsoft\Temp\EU80E9.tmp\MicrosoftEdgeUpdateCore.exe
                                                        Filesize

                                                        257KB

                                                        MD5

                                                        c044dcfa4d518df8fc9d4a161d49cece

                                                        SHA1

                                                        91bd4e933b22c010454fd6d3e3b042ab6e8b2149

                                                        SHA256

                                                        9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

                                                        SHA512

                                                        f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

                                                        Download Submit

                                                      • C:\Program Files (x86)\Microsoft\Temp\EU80E9.tmp\NOTICE.TXT
                                                        Filesize

                                                        4KB

                                                        MD5

                                                        6dd5bf0743f2366a0bdd37e302783bcd

                                                        SHA1

                                                        e5ff6e044c40c02b1fc78304804fe1f993fed2e6

                                                        SHA256

                                                        91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

                                                        SHA512

                                                        f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

                                                        Download Submit

                                                      • C:\Program Files (x86)\Microsoft\Temp\EU80E9.tmp\msedgeupdate.dll
                                                        Filesize

                                                        2.0MB

                                                        MD5

                                                        965b3af7886e7bf6584488658c050ca2

                                                        SHA1

                                                        72daabdde7cd500c483d0eeecb1bd19708f8e4a5

                                                        SHA256

                                                        d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

                                                        SHA512

                                                        1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

                                                        Download Submit

                                                      • C:\Program Files (x86)\Microsoft\Temp\EU80E9.tmp\msedgeupdateres_en.dll
                                                        Filesize

                                                        27KB

                                                        MD5

                                                        4a1e3cf488e998ef4d22ac25ccc520a5

                                                        SHA1

                                                        dc568a6e3c9465474ef0d761581c733b3371b1cd

                                                        SHA256

                                                        9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

                                                        SHA512

                                                        ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

                                                        Download Submit

                                                      • C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
                                                        Filesize

                                                        5.4MB

                                                        MD5

                                                        4fa63f4ccb9b1fca93ab82e51c6d4750

                                                        SHA1

                                                        1f26018c15ed5e14140ed44c28cf52a7b892fc86

                                                        SHA256

                                                        685f8b14eb645f892a666cf61cf691d086fe0d3e344a245323f1fe75034869fb

                                                        SHA512

                                                        a25031fb2afe1baebe9b46266192574c6c73b7fcd8e3e2897873d97b3f6232c5228fa4f633b1df98b9410808d5afe1dd470cd8f3f6dbc0c52526311b769554ab

                                                        Download Submit

                                                      • C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                        Filesize

                                                        1.5MB

                                                        MD5

                                                        610b1b60dc8729bad759c92f82ee2804

                                                        SHA1

                                                        9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

                                                        SHA256

                                                        921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

                                                        SHA512

                                                        0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

                                                        Download Submit

                                                      • C:\Program Files\nodejs\node_etw_provider.man
                                                        Filesize

                                                        10KB

                                                        MD5

                                                        1d51e18a7247f47245b0751f16119498

                                                        SHA1

                                                        78f5d95dd07c0fcee43c6d4feab12d802d194d95

                                                        SHA256

                                                        1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

                                                        SHA512

                                                        1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

                                                        Download Submit

                                                      • C:\Program Files\nodejs\node_etw_provider.man
                                                        Filesize

                                                        8KB

                                                        MD5

                                                        d3bc164e23e694c644e0b1ce3e3f9910

                                                        SHA1

                                                        1849f8b1326111b5d4d93febc2bafb3856e601bb

                                                        SHA256

                                                        1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

                                                        SHA512

                                                        91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

                                                        Download Submit

                                                      • C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md
                                                        Filesize

                                                        818B

                                                        MD5

                                                        2916d8b51a5cc0a350d64389bc07aef6

                                                        SHA1

                                                        c9d5ac416c1dd7945651bee712dbed4d158d09e1

                                                        SHA256

                                                        733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

                                                        SHA512

                                                        508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

                                                        Download Submit

                                                      • C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license
                                                        Filesize

                                                        1KB

                                                        MD5

                                                        5ad87d95c13094fa67f25442ff521efd

                                                        SHA1

                                                        01f1438a98e1b796e05a74131e6bb9d66c9e8542

                                                        SHA256

                                                        67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

                                                        SHA512

                                                        7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

                                                        Download Submit

                                                      • C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE
                                                        Filesize

                                                        754B

                                                        MD5

                                                        d2cf52aa43e18fdc87562d4c1303f46a

                                                        SHA1

                                                        58fb4a65fffb438630351e7cafd322579817e5e1

                                                        SHA256

                                                        45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

                                                        SHA512

                                                        54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

                                                        Download Submit

                                                      • C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md
                                                        Filesize

                                                        771B

                                                        MD5

                                                        e9dc66f98e5f7ff720bf603fff36ebc5

                                                        SHA1

                                                        f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

                                                        SHA256

                                                        b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

                                                        SHA512

                                                        8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

                                                        Download Submit

                                                      • C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE
                                                        Filesize

                                                        730B

                                                        MD5

                                                        072ac9ab0c4667f8f876becedfe10ee0

                                                        SHA1

                                                        0227492dcdc7fb8de1d14f9d3421c333230cf8fe

                                                        SHA256

                                                        2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

                                                        SHA512

                                                        f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

                                                        Download Submit

                                                      • C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json
                                                        Filesize

                                                        1KB

                                                        MD5

                                                        d116a360376e31950428ed26eae9ffd4

                                                        SHA1

                                                        192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

                                                        SHA256

                                                        c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

                                                        SHA512

                                                        5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

                                                        Download Submit

                                                      • C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE
                                                        Filesize

                                                        802B

                                                        MD5

                                                        d7c8fab641cd22d2cd30d2999cc77040

                                                        SHA1

                                                        d293601583b1454ad5415260e4378217d569538e

                                                        SHA256

                                                        04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

                                                        SHA512

                                                        278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

                                                        Download Submit

                                                      • C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js
                                                        Filesize

                                                        16KB

                                                        MD5

                                                        bc0c0eeede037aa152345ab1f9774e92

                                                        SHA1

                                                        56e0f71900f0ef8294e46757ec14c0c11ed31d4e

                                                        SHA256

                                                        7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

                                                        SHA512

                                                        5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

                                                        Download Submit

                                                      • C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE
                                                        Filesize

                                                        780B

                                                        MD5

                                                        b020de8f88eacc104c21d6e6cacc636d

                                                        SHA1

                                                        20b35e641e3a5ea25f012e13d69fab37e3d68d6b

                                                        SHA256

                                                        3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

                                                        SHA512

                                                        4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

                                                        Download Submit

                                                      • C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE
                                                        Filesize

                                                        763B

                                                        MD5

                                                        7428aa9f83c500c4a434f8848ee23851

                                                        SHA1

                                                        166b3e1c1b7d7cb7b070108876492529f546219f

                                                        SHA256

                                                        1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

                                                        SHA512

                                                        c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

                                                        Download Submit

                                                      • C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts
                                                        Filesize

                                                        4KB

                                                        MD5

                                                        f0bd53316e08991d94586331f9c11d97

                                                        SHA1

                                                        f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

                                                        SHA256

                                                        dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

                                                        SHA512

                                                        fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

                                                        Download Submit

                                                      • C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE
                                                        Filesize

                                                        771B

                                                        MD5

                                                        1d7c74bcd1904d125f6aff37749dc069

                                                        SHA1

                                                        21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

                                                        SHA256

                                                        24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

                                                        SHA512

                                                        b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

                                                        Download Submit

                                                      • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                                        Filesize

                                                        15KB

                                                        MD5

                                                        59b96829304c62e543f7f3834d8d1476

                                                        SHA1

                                                        c00d7859bbe889723679f8b6eccbf10ad2bfefc2

                                                        SHA256

                                                        0228358bef377c38fa2572d031d858843ed8d96fb1d5fd308690452f94cc0255

                                                        SHA512

                                                        b2e8439a90b6ade277bb076fa1363b0559be1d06e5e42d98be7b5fbbee9aa91d1b5bceccd8a04d8ce6e6312f7fdbae0c4bc66a37fca1d1cce7acf950bf065697

                                                        Download Submit

                                                      • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url
                                                        Filesize

                                                        168B

                                                        MD5

                                                        db7dbbc86e432573e54dedbcc02cb4a1

                                                        SHA1

                                                        cff9cfb98cff2d86b35dc680b405e8036bbbda47

                                                        SHA256

                                                        7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

                                                        SHA512

                                                        8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

                                                        Download Submit

                                                      • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url
                                                        Filesize

                                                        133B

                                                        MD5

                                                        35b86e177ab52108bd9fed7425a9e34a

                                                        SHA1

                                                        76a1f47a10e3ab829f676838147875d75022c70c

                                                        SHA256

                                                        afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

                                                        SHA512

                                                        3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
                                                        Filesize

                                                        211KB

                                                        MD5

                                                        151fb811968eaf8efb840908b89dc9d4

                                                        SHA1

                                                        7ec811009fd9b0e6d92d12d78b002275f2f1bee1

                                                        SHA256

                                                        043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

                                                        SHA512

                                                        83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                        Filesize

                                                        168B

                                                        MD5

                                                        0a796a03f511be84567d42e0dc392c77

                                                        SHA1

                                                        c7d96936197f637c3e6844c5e860a50a260a9fd9

                                                        SHA256

                                                        814d12b05f4d1b52c21198a349976ba02c75f963f4eb14abe84dbda2d457660d

                                                        SHA512

                                                        6b582d2067d09d3c95433438b57861b3ba77e8787305a533fdf5d8db716d921478af077f0c617c28f092aa567e0b0ed575d01eeebd86ac2e55cbe99dec5905ce

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                        Filesize

                                                        168B

                                                        MD5

                                                        1264361e71486fd1011bce056b4f1b8e

                                                        SHA1

                                                        bcf8cf58a8feafccf12b1de6a3fa5c170e930c6d

                                                        SHA256

                                                        3bc9e03277a85e04403f26779036c5426662e3324f6c90648411c253a895a453

                                                        SHA512

                                                        03efd9f61b848812ce2f5d00405ffd5c5f6b95d1eddf14c4832e8be50def8a5ef429303935bf7ad3ba7ca2fa516f2b84b96ccbc02a0687cd5ae16ffa02cf3a7f

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                        Filesize

                                                        2KB

                                                        MD5

                                                        78105d4c2302b12fde89bd8240135a2a

                                                        SHA1

                                                        ef4a4811e6937818fdc5e9749100e6c9691ed3d1

                                                        SHA256

                                                        663307a48d87eaf8bb4f3822203749d5a6c5025e04c3c5f2f6416a3cc24d049b

                                                        SHA512

                                                        38286015c25c800a989c04f7ba011b3b04302e51afa133ef350352eeb7c4b089941ccc197589a928eaaad17ae906fa63843c4c865e058acb2cad13c6c18ea11f

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                        Filesize

                                                        168B

                                                        MD5

                                                        33b706c45e127b50e324dc4b746a1124

                                                        SHA1

                                                        c24b7277d90c3d69c0827c4d283af2eed49ca27c

                                                        SHA256

                                                        474df5f02f3bd5d2ea801a41c1588ff144529910eb1af8eddb6434802098b6ec

                                                        SHA512

                                                        7de0daabe2f3071d66720c95fffe8edb1f153b1688f220efce8a2467261dcc330c92bef645bae6d560328cf03b730f9ab7661458c608e7a00374ff94eec23930

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
                                                        Filesize

                                                        264KB

                                                        MD5

                                                        674785e73db6a968bae3290984a8d631

                                                        SHA1

                                                        ef1d7b963a3b7a76f71a45c0555e7e9bab4217db

                                                        SHA256

                                                        ce4d79194db5d9cfc258ba130f080df0472536f7de753546544581e6e3c3b62b

                                                        SHA512

                                                        f93da086d85d6ff09b42ee7ffc130d7ee33a6c4504472530f735fd4cddabd8e2521c3e9e1d778331e7eee26bea653d5d5d43d532f389e4b704eb827d169f0428

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\9c23480f-d69f-4fff-991e-ad65e44d8bd8.tmp
                                                        Filesize

                                                        356B

                                                        MD5

                                                        449747d5346582fb1f2867f303adf39d

                                                        SHA1

                                                        bacfb4f0d699ce2ac3cc54ddd3e87f4baa7b7fe3

                                                        SHA256

                                                        290ca544f5149938b8733cb2ef62ca072d27b22d1631238ce6778835053f6abf

                                                        SHA512

                                                        64321299d3df07020dd184b74673e1cabc17b2d12ef1bbd62e5852608043daafc9602269d3ffa0e0bf77f4580f5f8f37712126bde886fa5338d7bb33278ebbc0

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                        Filesize

                                                        1KB

                                                        MD5

                                                        4ee00fde76ecf7d0013717da0a86e119

                                                        SHA1

                                                        daa45a26a976608ea4aad8dfc3ec2caf35c4e0b5

                                                        SHA256

                                                        6dcbddad1a79697331f35f25677ca45934e3a97f58767b38c4702930c9dd3cf3

                                                        SHA512

                                                        fb789dea6832a5b31046f19f9b7e987d69095a17ccdfa4fc85aaf2e391e2324db0b36c16a6dcebcefa314c99df19b7d33413af76adf8e57687700b855ce1c737

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                        Filesize

                                                        4KB

                                                        MD5

                                                        de3f24b3538298be0477be01c29900b7

                                                        SHA1

                                                        6374653793a264af49a039414d2053df2ab805c9

                                                        SHA256

                                                        4ed5e23df6f872042d8fbcf8bb055ff3724baf5383e7d33d06c503f6bb867b2f

                                                        SHA512

                                                        4d9c8d0ce4e9c3e92cb4330454177fb8152a68f368101aec9f6116ccd4d03231993a2950d23992e0fd679b38a725c87fd25ec790f2168e7a99b47c6db926ab56

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                        Filesize

                                                        4KB

                                                        MD5

                                                        2909a3ae534449002c86c4a147b47bf1

                                                        SHA1

                                                        042ac64232710d7c44b9a858db46071ac51214e1

                                                        SHA256

                                                        02461585ea801811c8f78a45f62eba12b3b5aaa6eade1c515c913e21c646e031

                                                        SHA512

                                                        7b8e5708b8d6d99d89ac2ed32f2be343a20fcc6e38ff57fd10522d4ef3bdea0e948fc60030f68dbe4ba377164f64190c808d380046227f8425329cfd70867f6c

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                        Filesize

                                                        4KB

                                                        MD5

                                                        ec22bdfb0f1add7672efb7b73a1c61f6

                                                        SHA1

                                                        94bb08260250708cc92eb059463f32579c5bfd3b

                                                        SHA256

                                                        20bd362e6acddc69cf0ad34fc63f7940f02411c28aad22c149f470271a591f82

                                                        SHA512

                                                        0768030eaaef0ccc656a354aaa3f77bde6accdd5a4f4fa04abf51968d4125eaf0a330b241e6225e0a5e2f6e6f75561957b15714f56d11fc43deb8ac2787452de

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                        Filesize

                                                        2KB

                                                        MD5

                                                        81a5aed0135ccef1db8726bb54fd1649

                                                        SHA1

                                                        ee2273faf11a751794313885773c975fccd5609e

                                                        SHA256

                                                        dcfcd9e01c8109f2af020d2a91cb85c2643370d83950c4d1c09fd5bac7912f6c

                                                        SHA512

                                                        e45ea45bfcbd474ce88c8c27b7905a7bd48f18ac7edde6343a81e9a53a8ce30940dd7f1d852d75e27c123dfc440b358516be1295a662d5d47292cefe621cd9d7

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                        Filesize

                                                        2B

                                                        MD5

                                                        d751713988987e9331980363e24189ce

                                                        SHA1

                                                        97d170e1550eee4afc0af065b78cda302a97674c

                                                        SHA256

                                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                        SHA512

                                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                        Filesize

                                                        1KB

                                                        MD5

                                                        df44b3551dd8cffe4d41e7c139342483

                                                        SHA1

                                                        0dcb48591f131a3e43f238d442e86d93484320ee

                                                        SHA256

                                                        0e9e36f4a725da919eef3250e619eef2661a0a44be7753d44cf56a0e5f28b555

                                                        SHA512

                                                        70258bf51adbf73abf2b4c0d35b544305feb6582f166faeace1dd07420e16546d64eb544a7f0fcd540b342b56b797edd83608a629abb32cc4d8ffb2eb9a1211c

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                        Filesize

                                                        1KB

                                                        MD5

                                                        1d5bdb0ab1efaf152ec7e26970f92230

                                                        SHA1

                                                        2dc73a27a0c3e1087c9dd027815604127d26b39d

                                                        SHA256

                                                        4e3c380cf111c94ca5642cd1790936699d74416f0d86426515a4b96cbc7b0b18

                                                        SHA512

                                                        24e18be6b1e0ad4bd50b6fedab3162b67ad333529daf30352ed764cebfa5785f60c00430e13aeeabfd90896d08f8300637cd813f587829efdf774285edb99e72

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                        Filesize

                                                        1KB

                                                        MD5

                                                        ca626b630a1d38e2e4be8742b006dd74

                                                        SHA1

                                                        f8a2581458dc1d99976ac8fc7ea1d1a54ca494cb

                                                        SHA256

                                                        75a96dd23933fbb2dbbb10bdac7694fbfa534e8aee2d9c260389f2fee0c577a7

                                                        SHA512

                                                        88715fdcdaed41cafef0bd86bb54e7a2814c0eef3dae75891f7a982e1856cc46f5b454c620204cbbe30d13c57c9efbbd46d3923cbc76a65cbaf95d45b0d990c9

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                        Filesize

                                                        1KB

                                                        MD5

                                                        5c9445d8998f5ca86313269c2d9b504c

                                                        SHA1

                                                        34eab003a858ad74847a4746a43fa5506464bd65

                                                        SHA256

                                                        a83d1ad65e0fe8743f1740e5c1a480b6f4274117b216cd0176679c3d17b5e0f8

                                                        SHA512

                                                        d6e29569963ac574037f7c0aca415c988c273d8b2b561afd5167a363a91b9290a93570d922b158b9929415f3b716d6a67a7ea414d9d6dc6fde0e9a4383a804e8

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                        Filesize

                                                        7KB

                                                        MD5

                                                        7c374d4e2bfc5c2ed46f0e4be145b0bf

                                                        SHA1

                                                        a14bd682e471397eb4f17284dac05d8a410c3e2e

                                                        SHA256

                                                        2ad7229ada2bb996d1c4c328933fd5e353f84af3fdc875b65cff082332c3a976

                                                        SHA512

                                                        07354ec01f879b083637dc9d805001b915de768849b435cd6a1b443b01d59c3cbf0e1852c4ebbab6ddb0147dc765cff762f662c43ab24047c28f46b7f8abab30

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                        Filesize

                                                        7KB

                                                        MD5

                                                        0886c61761d9358ad3b702a8fe59d57c

                                                        SHA1

                                                        d3b710e1d40311fbe0ed6ce298fb94b2dc06adc7

                                                        SHA256

                                                        8b2e2b5e64dd467c905a5d61b00f0dd37c26b80141a883e47f71b8844940f236

                                                        SHA512

                                                        998c3c02d6ce1ce707011483ebdd28f6c58107cb0dce426ae54952b67a4ace026fdcd64f6623623fa85b3cf760f8ec9cdedc95d475540337c3a1d294de560c39

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                        Filesize

                                                        7KB

                                                        MD5

                                                        e3b95630d726e456b9ce26597b033955

                                                        SHA1

                                                        15d8957f3defda67f657ca59b1a332cea62b39f6

                                                        SHA256

                                                        e2f8f1e81b35202f9262c7905b73746d224a6bd31824c71b5247923e10d1d98c

                                                        SHA512

                                                        ef8c06b13a495a63c3808015fdab71662978dae864360f42f3477579e3bf18a0384dcd8f69a08ef71b28fbbb4b441fd2478c50fc9d7ce46041aee3004ddeb35e

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                        Filesize

                                                        7KB

                                                        MD5

                                                        5125e68acef4bb1e1c2549945ca1fb8f

                                                        SHA1

                                                        7ddf6b865321c7e7c599bda197bde1e8276544ba

                                                        SHA256

                                                        68171fcb61dcfd1cbbaf4c5f181df3cd1535c3659a5ae712b5e30e5b1a16768d

                                                        SHA512

                                                        c9694d82bd87e7ef8f3c1fbe5b164d58a14e7560f49bd11319da06343901fb0f3aacf857eed08ef53d48ad0607ba26c056fdcf131c64d5fa9fe4bc24bf66f2ee

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                        Filesize

                                                        8KB

                                                        MD5

                                                        8e01708fed118a01917b57f17ae76f68

                                                        SHA1

                                                        5a230b0e176f6635f44a2e3b6026e9b1ecce97c9

                                                        SHA256

                                                        6f52b5825577f171d9a4fae57cbf329c7e43f905e4df1722060cf8daff32bf23

                                                        SHA512

                                                        05faa9b5e71bb1fd0a2efc58d65bdfa358c5f5d62bba8b85ca8d931e8dd6148aba545616aa7715dd430ffddc8c8a12325e2b458007f5d1494e64812b892f65b6

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                        Filesize

                                                        6KB

                                                        MD5

                                                        d35b45824c38056c572ab477f51360b0

                                                        SHA1

                                                        8742b2ace32d6901a21a5d3ab42136785256f169

                                                        SHA256

                                                        5cf7d761a372d3bb1bd8e32d347ded3aa56505ff15a0e7f4a13245a43602f57c

                                                        SHA512

                                                        0a6fef1fb7f0eaaab7666e9a89aaebd00d3878c888747109b2fc254eda7da5b40d8d619638eb3034f3da18e61aee3ee8dec4c9efacacce272eec8c5e94ac0d61

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                        Filesize

                                                        7KB

                                                        MD5

                                                        58fc2f6a6495156105d12e850427a54c

                                                        SHA1

                                                        3768c5689082c3897101327173f1f2eb283db7d4

                                                        SHA256

                                                        ef803d5ab069dd0d53212db408b617d4b23ea66f79b783fcd283c316268aeaac

                                                        SHA512

                                                        9243d8b66cb4fa63f11e9c93568f76fbbd42135b97b08b6c1a8474961e8fb39a83f3f833efac54270af4a98b043bfc4b4fedf3c52b7af994e3c25fed4db5ee9e

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                        Filesize

                                                        16KB

                                                        MD5

                                                        04f4bb17219ae068f45b38f1b9231481

                                                        SHA1

                                                        ec2fa25604eafbb799a2f15458a9241226e92769

                                                        SHA256

                                                        f7baf4c85f003058d6dafe87f92c556198b4b377ac21fcc5578c619527d9c978

                                                        SHA512

                                                        5169c03150a64ec15af81534b649f29d611653466d75bae5e6b4e2efcd20f087ada17cf65f90ec76f33902ed5e20659d820bd8d071a61b4361d0ff82c5f41657

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                        Filesize

                                                        140KB

                                                        MD5

                                                        80368bac0e720520c0c82afd0d501452

                                                        SHA1

                                                        ac0711c22c7acc3094a41cf09f16d880b3132ecb

                                                        SHA256

                                                        df2e9428601328dd68d0480629409a99268d6a269516e7bd14dde5f7b4bfc0c1

                                                        SHA512

                                                        5d3ecf21218ad8768dd21aa22e854aec580a19edcf9aae05a0736dc8905c4aef34a2de7ceedcd2d46c52fc653226629e2d79bd9bc58e6d02d9e73566e3a7fa6a

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                        Filesize

                                                        304KB

                                                        MD5

                                                        492dfda46abfc6dfd6465db88960d69a

                                                        SHA1

                                                        d81d0c61da13020de1e0ab0ac23069068b6af7ed

                                                        SHA256

                                                        6407e17cf11165310053596cf11b5c6619ba51558c3dd141caab396c24ebbcfb

                                                        SHA512

                                                        066d20a36dd3009cfaba4c2ec95fe9a8137e4b3dfdf69ddf6890ef78d874fd2ba755cca737bc9ab683e7e1ec8898167f36c353eee303d8430aa17ea0df6c2a17

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                        Filesize

                                                        283KB

                                                        MD5

                                                        256778ad05948d08c937c606374fbf74

                                                        SHA1

                                                        36004a9941e0bdd86de917808ba212c4501cf894

                                                        SHA256

                                                        df8e2dca63e95d127e91525c037d0bc2bdd7ec04341312d1d8cc6cbc286b61e6

                                                        SHA512

                                                        38abf12052bbc0e65aa48309ae143200aec49cf491c4bb44d2d5c1949e656a58ef4fad1a2ce41b621ec7a16260b7a2dec60cf81a8b58f1bb581bef39449bff07

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                        Filesize

                                                        283KB

                                                        MD5

                                                        46db20e841ea4711ec4216658f93d1a4

                                                        SHA1

                                                        d98eb07d2b1f7c8298c46a2064f4a187d4f9dbee

                                                        SHA256

                                                        3c2ff65d9688e8ff2bb0aa65ed3c9087062dc25f578255473a8c775e0e662d6e

                                                        SHA512

                                                        c91a29276503da0ff9eaf871c42a40e11bb374c6eb5d2310376776fb9c1fd7e1eb5893941976d6263835b864a523005feefbebdb792f3082c98550d8ce77763c

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                        Filesize

                                                        310KB

                                                        MD5

                                                        a821429db4d2d1179336d52363df03b0

                                                        SHA1

                                                        9c54a599de3eafc516acefe75f71708aa7ffb4f9

                                                        SHA256

                                                        d58cb45617de49967e590fb6c2da310f05de1f6ad0a8e2fa8d044ce739a5928f

                                                        SHA512

                                                        54de7ca87070d77dac2edd4372886f32d36db2e61bff39802bb79716707f2f4a03d6c06ae05eaacfa042bcba047f61771edb9926ba3eb0ae5c2ff500b7fda60b

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                        Filesize

                                                        283KB

                                                        MD5

                                                        eaa4c9fce6a4638e96f1fad403988516

                                                        SHA1

                                                        6a58825c593a28434cf52b19ba1a0df10ab1d105

                                                        SHA256

                                                        0799da94218bc1c94422fc120039f38f91c9b964332d9e7bf064e8aee463b6fe

                                                        SHA512

                                                        7232a50837f0de7d30cbb21a66cff706d169efd8cfd2631688fb34440bfa7ffb416f6937922e37a3157e4410ab9f61fce170248fbe62a6987dc177a377d6c7b3

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
                                                        Filesize

                                                        106KB

                                                        MD5

                                                        f1b7e54dd2878a3ffa94a1b50df9416a

                                                        SHA1

                                                        038cafbc1ee1a6e869a5dc3448c638b2b7ec6917

                                                        SHA256

                                                        f916b618f03c0451d4ed0376c672748efe7193dc64d6e2b8d5db49e0b72fc488

                                                        SHA512

                                                        4b6cf801dcbbf1af8b57419c0a5431fd7f1d2e7c9fb45af008b6f4db86b72eaca6443f0dc5c2a70a1fe489ca6e402b7851a0c2019f0d6bcd4e718fbaf5c64d62

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
                                                        Filesize

                                                        86KB

                                                        MD5

                                                        bd2bef1be6d44699599b5e74c350181b

                                                        SHA1

                                                        ae6a2b487a820e20551ce8d385cfef3bda63a947

                                                        SHA256

                                                        14be4a41a3b1f657392723b33dffb15fe93a62d9f99323e631840f6311c4e5e7

                                                        SHA512

                                                        2811b39193e3f7252f1e60ccb904dc749e770c9fa01fc32242925f36a4a7c706e1678433d12216bafe9f798b58f6b52a55eadd2f09f9bec94a8405bbf50b4f82

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58ba52.TMP
                                                        Filesize

                                                        83KB

                                                        MD5

                                                        e18fae94c6deb22c2c0427f65280879d

                                                        SHA1

                                                        33a72ed611c52bb79b23917f101e5035e69a11fb

                                                        SHA256

                                                        dcd8811e03693f7bceecefb88412342122d967cfcab604e19252adbc06cde854

                                                        SHA512

                                                        8cb141e3fe53866d795095976ab89d3b23f3800cc7706ee16097cd64a4f1e0f611f08196027251015d832d8664b7e566087f733672d0c6cd712c150cba5bd382

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\b022682dd39d113f2d5a65a172dbd28f
                                                        Filesize

                                                        5.8MB

                                                        MD5

                                                        b022682dd39d113f2d5a65a172dbd28f

                                                        SHA1

                                                        aa874df3d3d0a9539c53a8a0c96c4c119bae2c52

                                                        SHA256

                                                        47a2e8bbef18d5491be3c449d9a5464a8804d9d1a85bc7e24ff80876e85104a3

                                                        SHA512

                                                        d6746ca7c1e10b1ed7fb48d857210ce5cd0f0542c81fdbf00a6afaf4607f30020ccc09f4c41ef9f50bc2562bf6e4380e7abaef1d5a5b1e91773281bcd9e58525

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi
                                                        Filesize

                                                        30.1MB

                                                        MD5

                                                        0e4e9aa41d24221b29b19ba96c1a64d0

                                                        SHA1

                                                        231ade3d5a586c0eb4441c8dbfe9007dc26b2872

                                                        SHA256

                                                        5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

                                                        SHA512

                                                        e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Temp\vc_redist.x64.exe
                                                        Filesize

                                                        24.1MB

                                                        MD5

                                                        e091e9e5ede4161b45b880ccd6e140b0

                                                        SHA1

                                                        1a18b960482c2a242df0e891de9e3a125e439122

                                                        SHA256

                                                        cee28f29f904524b7f645bcec3dfdfe38f8269b001144cd909f5d9232890d33b

                                                        SHA512

                                                        fa8627055bbeb641f634b56059e7b5173e7c64faaa663e050c20d01d708a64877e71cd0b974282c70cb448e877313b1cf0519cf6128c733129b045f2b961a09b

                                                        Download Submit

                                                      • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier
                                                        Filesize

                                                        26B

                                                        MD5

                                                        fbccf14d504b7b2dbcb5a5bda75bd93b

                                                        SHA1

                                                        d59fc84cdd5217c6cf74785703655f78da6b582b

                                                        SHA256

                                                        eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                        SHA512

                                                        aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                        Download Submit

                                                      • C:\Users\Admin\Downloads\Unconfirmed 154284.crdownload
                                                        Filesize

                                                        5.5MB

                                                        MD5

                                                        94740510822524d579f869a81e02f5ea

                                                        SHA1

                                                        0e87d714e9eec2eee7c3af028e8e66e7478a107f

                                                        SHA256

                                                        ad927962330c2d2cf2bf7c33c1a5395df5ccd4ceabfb10c72db240041d773dda

                                                        SHA512

                                                        7cb3e72b0f1bdcbd53096fdec470fec9a6aa56d56b5f4bfa86b6afaa3ddbd2be6878f7874feb2c15647a627cea34a1fee7be35f6d1dffbf6a5a9c0bf8efa1d24

                                                        Download Submit

                                                      • C:\Windows\Installer\MSIF2CC.tmp
                                                        Filesize

                                                        122KB

                                                        MD5

                                                        9fe9b0ecaea0324ad99036a91db03ebb

                                                        SHA1

                                                        144068c64ec06fc08eadfcca0a014a44b95bb908

                                                        SHA256

                                                        e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

                                                        SHA512

                                                        906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

                                                        Download Submit

                                                      • C:\Windows\Installer\MSIF31C.tmp
                                                        Filesize

                                                        211KB

                                                        MD5

                                                        a3ae5d86ecf38db9427359ea37a5f646

                                                        SHA1

                                                        eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

                                                        SHA256

                                                        c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

                                                        SHA512

                                                        96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

                                                        Download Submit

                                                      • C:\Windows\Installer\MSIF706.tmp
                                                        Filesize

                                                        297KB

                                                        MD5

                                                        7a86ce1a899262dd3c1df656bff3fb2c

                                                        SHA1

                                                        33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

                                                        SHA256

                                                        b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

                                                        SHA512

                                                        421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

                                                        Download Submit

                                                      • C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
                                                        Filesize

                                                        280B

                                                        MD5

                                                        f5d2b1485a79e35705793feaab2e04ed

                                                        SHA1

                                                        8dde98a1b34ec5a1c0cd1263edfec013f68955a8

                                                        SHA256

                                                        bdc72c0e974cc0f525534f1c2551f816af5b7fdafe418bf1564de65577b259e1

                                                        SHA512

                                                        9368a33ad2a81d7cb0a40e9469c4923c9a3e445fdef746273c3d2789aa48f9bdb70c46ec5eabdd217edc1ae82118daafad34796e2ef2bf4bf5ac71e87dab4961

                                                        Download Submit

                                                      • C:\Windows\Temp\{A5FA85DF-14A0-4DF1-BE9C-D0F8F3D9C58F}\.ba\logo.png
                                                        Filesize

                                                        1KB

                                                        MD5

                                                        d6bd210f227442b3362493d046cea233

                                                        SHA1

                                                        ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

                                                        SHA256

                                                        335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

                                                        SHA512

                                                        464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

                                                        Download Submit

                                                      • memory/1804-39-0x0000000074E50000-0x0000000075601000-memory.dmp

                                                        Filesize

                                                        7.7MB

                                                        Download

                                                      • memory/1804-0-0x0000000074E5E000-0x0000000074E5F000-memory.dmp

                                                        Filesize

                                                        4KB

                                                        Download

                                                      • memory/1804-9-0x0000000074E5E000-0x0000000074E5F000-memory.dmp

                                                        Filesize

                                                        4KB

                                                        Download

                                                      • memory/1804-3470-0x0000000006820000-0x00000000068B2000-memory.dmp

                                                        Filesize

                                                        584KB

                                                        Download

                                                      • memory/1804-3-0x0000000074E50000-0x0000000075601000-memory.dmp

                                                        Filesize

                                                        7.7MB

                                                        Download

                                                      • memory/1804-2-0x0000000005670000-0x0000000005C16000-memory.dmp

                                                        Filesize

                                                        5.6MB

                                                        Download

                                                      • memory/1804-1-0x0000000000640000-0x000000000070E000-memory.dmp

                                                        Filesize

                                                        824KB

                                                        Download

                                                      • memory/3572-3320-0x000000006FB70000-0x000000006FD80000-memory.dmp

                                                        Filesize

                                                        2.1MB

                                                        Download

                                                      • memory/3572-3324-0x000000006FB70000-0x000000006FD80000-memory.dmp

                                                        Filesize

                                                        2.1MB

                                                        Download

                                                      • memory/3572-3181-0x000000006FB70000-0x000000006FD80000-memory.dmp

                                                        Filesize

                                                        2.1MB

                                                        Download

                                                      • memory/3572-3123-0x000000006FB70000-0x000000006FD80000-memory.dmp

                                                        Filesize

                                                        2.1MB

                                                        Download

                                                      • memory/3572-3122-0x0000000000770000-0x00000000007A5000-memory.dmp

                                                        Filesize

                                                        212KB

                                                        Download

                                                      • memory/3572-3129-0x000000006FB70000-0x000000006FD80000-memory.dmp

                                                        Filesize

                                                        2.1MB

                                                        Download