Overview

overview

8

Static

static

3

Delta V3.61.zip

windows10-2004-x64

8

Delta V3.61.zip

windows10-ltsc 2021-x64

8

Resubmissions

07-11-2024 21:24

241107-z8z12ayfnb 8

07-11-2024 21:23

241107-z8jdaa1pdl 6

07-11-2024 21:21

241107-z7ptnsyjdx 7

Analysis

  • max time kernel
    1795s
  • max time network
    1709s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-11-2024 21:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Delta V3.61.zip

  • Size

    22.2MB

  • MD5

    2692ff99a5f94520b6caa33bbd0cf05e

  • SHA1

    0bf675fad129bc61f7c2763177a4314288cce4cd

  • SHA256

    507641e3047216809af93a127af70a266e273cd95c1cfaa06605a753b9166388

  • SHA512

    65d9665d29684325ca27a33ec187be8ccb142f98f662f888b944750ffcfcea43c496403331ab00e5e408dc5b1c3d39d7fc2defdecb1133a41dcc5d00c7c0392c

  • SSDEEP

    393216:p1DbvOskyq5reDYwFpIgDDLB3IwuZcnO7BjOOPhQEFu9QZay7qPF4zjop3Lr:zDbvOPADJpIelBnO7B6OPhjFu9eaDPFj

Score
8/10
adwarediscoveryevasionpersistencephishingprivilege_escalationstealertrojan

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs
    persistence
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 44 IoCs
  • Loads dropped DLL 44 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Checks system information in the registry 2 TTPs 26 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 3 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 63 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 24 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 7 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 43 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 37 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of UnmapMainImage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 4 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Delta V3.61.zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1256
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:856
    • C:\Users\Admin\Desktop\Delta V3.61\Delta.exe
      "C:\Users\Admin\Desktop\Delta V3.61\Delta.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3484
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4TfpR6wUUu
        2⤵
        • Enumerates system info in registry
        • NTFS ADS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:4372
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb998746f8,0x7ffb99874708,0x7ffb99874718
          3⤵
            PID:4704
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
            3⤵
              PID:3780
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
              3⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:1560
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
              3⤵
                PID:2168
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
                3⤵
                  PID:860
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
                  3⤵
                    PID:4024
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
                    3⤵
                      PID:4444
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4044 /prefetch:8
                      3⤵
                        PID:3576
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3988 /prefetch:8
                        3⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2088
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
                        3⤵
                          PID:5076
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
                          3⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4356
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
                          3⤵
                            PID:5144
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
                            3⤵
                              PID:5156
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
                              3⤵
                                PID:5404
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
                                3⤵
                                  PID:5412
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
                                  3⤵
                                    PID:5920
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
                                    3⤵
                                      PID:1032
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
                                      3⤵
                                        PID:3556
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
                                        3⤵
                                          PID:3040
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
                                          3⤵
                                            PID:1576
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
                                            3⤵
                                              PID:3820
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2684 /prefetch:8
                                              3⤵
                                                PID:5296
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
                                                3⤵
                                                  PID:1756
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6712 /prefetch:8
                                                  3⤵
                                                    PID:5380
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6496 /prefetch:8
                                                    3⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:5676
                                                  • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                    "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
                                                    3⤵
                                                    • Executes dropped EXE
                                                    • Checks whether UAC is enabled
                                                    • Drops file in Program Files directory
                                                    • System Location Discovery: System Language Discovery
                                                    • Enumerates system info in registry
                                                    • Modifies Internet Explorer settings
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:1092
                                                    • C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc_temp\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                      MicrosoftEdgeWebview2Setup.exe /silent /install
                                                      4⤵
                                                      • Executes dropped EXE
                                                      • Drops file in Program Files directory
                                                      • System Location Discovery: System Language Discovery
                                                      PID:2848
                                                      • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\MicrosoftEdgeUpdate.exe
                                                        "C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                                        5⤵
                                                        • Event Triggered Execution: Image File Execution Options Injection
                                                        • Checks computer location settings
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Checks system information in the registry
                                                        • Drops file in Program Files directory
                                                        • System Location Discovery: System Language Discovery
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:3024
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                          6⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • System Location Discovery: System Language Discovery
                                                          • Modifies registry class
                                                          PID:5716
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                          6⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • System Location Discovery: System Language Discovery
                                                          • Modifies registry class
                                                          PID:976
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                            7⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Modifies registry class
                                                            PID:1832
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                            7⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Modifies registry class
                                                            PID:1904
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                            7⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Modifies registry class
                                                            PID:4892
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUQ5MzZBOUYtNTdEMC00QTBFLTg1MDUtMDNENzE5QzBCOTM2fSIgdXNlcmlkPSJ7QTM0MjlCQ0QtRDExQi00OEE5LTkwNzItNEM3N0I2Q0E5RTJGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyNUE3OEVGOS00RTdCLTRFRTYtODI4Qi1DNDVDNDM4OTZGQkR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MjUyODk0NzIyIiBpbnN0YWxsX3RpbWVfbXM9IjY1OSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                          6⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Checks system information in the registry
                                                          • System Location Discovery: System Language Discovery
                                                          • System Network Configuration Discovery: Internet Connection Discovery
                                                          PID:1580
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{1D936A9F-57D0-4A0E-8505-03D719C0B936}" /silent
                                                          6⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • System Location Discovery: System Language Discovery
                                                          PID:5572
                                                    • C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe
                                                      "C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 1092
                                                      4⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of NtCreateThreadExHideFromDebugger
                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of UnmapMainImage
                                                      PID:3092
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,3471029952882624290,17414113862495654292,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4528 /prefetch:2
                                                    3⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:6132
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:1164
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:2104
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Checks system information in the registry
                                                    • System Location Discovery: System Language Discovery
                                                    • Modifies data under HKEY_USERS
                                                    PID:3352
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUQ5MzZBOUYtNTdEMC00QTBFLTg1MDUtMDNENzE5QzBCOTM2fSIgdXNlcmlkPSJ7QTM0MjlCQ0QtRDExQi00OEE5LTkwNzItNEM3N0I2Q0E5RTJGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCOEE1MEFDQi1ENEJELTQyODItQTFCNC1ENDBDN0Y1NjAwNjR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYyNTc2MDQ3NjYiLz48L2FwcD48L3JlcXVlc3Q-
                                                      2⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Checks system information in the registry
                                                      • System Location Discovery: System Language Discovery
                                                      • System Network Configuration Discovery: Internet Connection Discovery
                                                      PID:3872
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8BF13701-A337-4E8E-9768-5539A65F5FE1}\MicrosoftEdge_X64_130.0.2849.56.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8BF13701-A337-4E8E-9768-5539A65F5FE1}\MicrosoftEdge_X64_130.0.2849.56.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                      2⤵
                                                      • Executes dropped EXE
                                                      • Drops file in Program Files directory
                                                      PID:2088
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8BF13701-A337-4E8E-9768-5539A65F5FE1}\EDGEMITMP_9E422.tmp\setup.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8BF13701-A337-4E8E-9768-5539A65F5FE1}\EDGEMITMP_9E422.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8BF13701-A337-4E8E-9768-5539A65F5FE1}\MicrosoftEdge_X64_130.0.2849.56.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                        3⤵
                                                        • Checks computer location settings
                                                        • Executes dropped EXE
                                                        • Drops file in Program Files directory
                                                        PID:5164
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8BF13701-A337-4E8E-9768-5539A65F5FE1}\EDGEMITMP_9E422.tmp\setup.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8BF13701-A337-4E8E-9768-5539A65F5FE1}\EDGEMITMP_9E422.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8BF13701-A337-4E8E-9768-5539A65F5FE1}\EDGEMITMP_9E422.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.56 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff7281ed730,0x7ff7281ed73c,0x7ff7281ed748
                                                          4⤵
                                                          • Executes dropped EXE
                                                          PID:5168
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUQ5MzZBOUYtNTdEMC00QTBFLTg1MDUtMDNENzE5QzBCOTM2fSIgdXNlcmlkPSJ7QTM0MjlCQ0QtRDExQi00OEE5LTkwNzItNEM3N0I2Q0E5RTJGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins3RTNDNjk5RS1FQ0NELTQyRkEtOEUxMy1CM0VBQ0U1MkY2NDR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMwLjAuMjg0OS41NiIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjI2NzMzNDg0NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYyNjc0MjQ2OTgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NzI2MDA0Njc0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8zNDZhZDlkMS03NDZlLTQ1YzctOGZlMC1kNmM4N2E3M2EyNjE_UDE9MTczMTYxOTcwNiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1HeUlMZGdERlpRMCUyZkI2aVdWM080RiUyYndzV2puSlRqZXpVN0E4TFlyNHV5TDAxa3JRTGtkQXpNQlp5Y3lsVGFPRlhhN1B4aGF3Q2RieFpFU1YwVVlDcWclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzQ5MzM2MDAiIHRvdGFsPSIxNzQ5MzM2MDAiIGRvd25sb2FkX3RpbWVfbXM9IjM5MjEyIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjcyNjA5NDY5MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY3NDAxMTQ3NzciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjczNDg3NDQ2NzQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI2MzEiIGRvd25sb2FkX3RpbWVfbXM9IjQ1ODU3IiBkb3dubG9hZGVkPSIxNzQ5MzM2MDAiIHRvdGFsPSIxNzQ5MzM2MDAiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjYwODU5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                      2⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Checks system information in the registry
                                                      • System Location Discovery: System Language Discovery
                                                      • System Network Configuration Discovery: Internet Connection Discovery
                                                      PID:560
                                                  • C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe
                                                    "C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe"
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Suspicious use of NtCreateThreadExHideFromDebugger
                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of UnmapMainImage
                                                    PID:2696
                                                  • C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe
                                                    "C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe"
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Suspicious use of NtCreateThreadExHideFromDebugger
                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of UnmapMainImage
                                                    PID:5260
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Checks system information in the registry
                                                    • System Location Discovery: System Language Discovery
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:5888
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Checks system information in the registry
                                                    • System Location Discovery: System Language Discovery
                                                    • Modifies data under HKEY_USERS
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:856
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E858C0DA-573F-4509-867D-66ACE5E9F247}\MicrosoftEdgeUpdateSetup_X86_1.3.195.31.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E858C0DA-573F-4509-867D-66ACE5E9F247}\MicrosoftEdgeUpdateSetup_X86_1.3.195.31.exe" /update /sessionid "{45534900-6BFC-4B97-AC98-BBDF2424A469}"
                                                      2⤵
                                                      • Executes dropped EXE
                                                      • Drops file in Program Files directory
                                                      • System Location Discovery: System Language Discovery
                                                      PID:2708
                                                      • C:\Program Files (x86)\Microsoft\Temp\EU4990.tmp\MicrosoftEdgeUpdate.exe
                                                        "C:\Program Files (x86)\Microsoft\Temp\EU4990.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{45534900-6BFC-4B97-AC98-BBDF2424A469}"
                                                        3⤵
                                                        • Event Triggered Execution: Image File Execution Options Injection
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Checks system information in the registry
                                                        • System Location Discovery: System Language Discovery
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:5396
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • System Location Discovery: System Language Discovery
                                                          • Modifies registry class
                                                          PID:4916
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • System Location Discovery: System Language Discovery
                                                          • Modifies registry class
                                                          PID:1088
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                            5⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Modifies registry class
                                                            PID:728
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                            5⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Modifies registry class
                                                            PID:328
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                            5⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Modifies registry class
                                                            PID:3244
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDU1MzQ5MDAtNkJGQy00Qjk3LUFDOTgtQkJERjI0MjRBNDY5fSIgdXNlcmlkPSJ7QTM0MjlCQ0QtRDExQi00OEE5LTkwNzItNEM3N0I2Q0E5RTJGfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7ODA3RjU1M0QtRUJDMy00NTJCLUEwN0ItOTdGQkZCRjEwOUVCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjMxIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzMxMDE0OTAzIj48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDQ3NjA1MDIyMyIvPjwvYXBwPjwvcmVxdWVzdD4
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Checks system information in the registry
                                                          • System Location Discovery: System Language Discovery
                                                          • System Network Configuration Discovery: Internet Connection Discovery
                                                          PID:4716
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDU1MzQ5MDAtNkJGQy00Qjk3LUFDOTgtQkJERjI0MjRBNDY5fSIgdXNlcmlkPSJ7QTM0MjlCQ0QtRDExQi00OEE5LTkwNzItNEM3N0I2Q0E5RTJGfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntGM0M4QTk3Ni1DMkM1LTRFQkMtQTkyRC0wRjU0QzU2NDkzRDh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMzEiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NzQ4Mzg5NTk0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk3NDg3MDE4MzMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNDU5MzY1NzM3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNDllMGVjNjYtZDA3ZS00OTg4LTk0OWQtYjdkNzliNjE5OGM1P1AxPTE3MzE2MjAwNTQmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9aGx0VUc3TndyZWVDcXVEb3RvcEk4MlkwNUU3dm4wRlVkRmphQm1jVGYwcUNkJTJiTHplemxySW05TiUyYjdrTmJIWWNRanl1VGMzVHRKT3Y3RndZanpORFFBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA0NTkzNjU3MzciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzQ5ZTBlYzY2LWQwN2UtNDk4OC05NDlkLWI3ZDc5YjYxOThjNT9QMT0xNzMxNjIwMDU0JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWhsdFVHN053cmVlQ3F1RG90b3BJODJZMDVFN3ZuMEZVZEZqYUJtY1RmMHFDZCUyYkx6ZXpsckltOU4lMmI3a05iSFljUWp5dVRjM1R0Sk92N0Z3WWp6TkRRQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2Mzc0NDgiIHRvdGFsPSIxNjM3NDQ4IiBkb3dubG9hZF90aW1lX21zPSI2Njc4NSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDQ1OTUyMjAwNiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDQ2NDY3ODkxNiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxwaW5nIHI9IjMxIiByZD0iNjQ4OSIgcGluZ19mcmVzaG5lc3M9Ins4MDhEQTZDMi03NkQ5LTQ3OUUtQTNBNy0yMDVCNzJGM0ZDQUJ9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzc1NDg4MzgwMzAwNzMwMCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9IjMxIiByPSIzMSIgYWQ9IjY0ODkiIHJkPSI2NDg5IiBwaW5nX2ZyZXNobmVzcz0iezA1Mzc0N0U0LTc1MjMtNDQ0MS04QUVCLTJBNjJEOTUwQTlGQ30iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTMwLjAuMjg0OS41NiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2NTE3Ij48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7MDFFQTkxNUEtNDRGNC00RTYyLTlEMzctMERBMTYzNjdENzNEfSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                      2⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Checks system information in the registry
                                                      • System Location Discovery: System Language Discovery
                                                      • System Network Configuration Discovery: Internet Connection Discovery
                                                      PID:6128
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault3cdd577fh7347h47deh8a5ehb4ef75c1bd61
                                                    1⤵
                                                      PID:1588
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0xfc,0x138,0x7ffb998746f8,0x7ffb99874708,0x7ffb99874718
                                                        2⤵
                                                          PID:5824
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,12395879959882470643,16542559098736712467,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
                                                          2⤵
                                                            PID:184
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,12395879959882470643,16542559098736712467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
                                                            2⤵
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:5144
                                                        • C:\Windows\SysWOW64\DllHost.exe
                                                          C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                          1⤵
                                                          • System Location Discovery: System Language Discovery
                                                          PID:2820
                                                        • C:\Windows\explorer.exe
                                                          C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
                                                          1⤵
                                                          • Modifies Internet Explorer settings
                                                          PID:1820
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                          1⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • System Location Discovery: System Language Discovery
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          PID:2632
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                          1⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Checks system information in the registry
                                                          • System Location Discovery: System Language Discovery
                                                          • Modifies data under HKEY_USERS
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          PID:1164
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MEZGQTQ5MDktRUI1NC00MDJELTkyQkQtQTZFNTEwODJGNzVCfSIgdXNlcmlkPSJ7QTM0MjlCQ0QtRDExQi00OEE5LTkwNzItNEM3N0I2Q0E5RTJGfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7Q0ZCMUQ0NkQtMDRFMS00RDg2LUI5NDgtRDdDMUZFRjREMTkzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O2xoVmkxMlFjazZTbDB1VTFPQjZZMTUyOWJSNmJzZXk0K2N1N2RIeHM2Y2s9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIzMSIgaW5zdGFsbGRhdGV0aW1lPSIxNzI4MjkyOTAyIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNzI3NjU0Njg2NTIwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQwMTk0OTMzNTAiLz48L2FwcD48L3JlcXVlc3Q-
                                                            2⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Checks system information in the registry
                                                            • System Location Discovery: System Language Discovery
                                                            • System Network Configuration Discovery: Internet Connection Discovery
                                                            PID:2144
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B97B9AB2-4958-4A5C-B386-A9E5A8619985}\MicrosoftEdge_X64_130.0.2849.68.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B97B9AB2-4958-4A5C-B386-A9E5A8619985}\MicrosoftEdge_X64_130.0.2849.68.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                            2⤵
                                                            • Executes dropped EXE
                                                            PID:2932
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B97B9AB2-4958-4A5C-B386-A9E5A8619985}\EDGEMITMP_87D62.tmp\setup.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B97B9AB2-4958-4A5C-B386-A9E5A8619985}\EDGEMITMP_87D62.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B97B9AB2-4958-4A5C-B386-A9E5A8619985}\MicrosoftEdge_X64_130.0.2849.68.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                              3⤵
                                                              • Boot or Logon Autostart Execution: Active Setup
                                                              • Executes dropped EXE
                                                              • Installs/modifies Browser Helper Object
                                                              • Drops file in Program Files directory
                                                              • Modifies Internet Explorer settings
                                                              • Modifies registry class
                                                              • Suspicious use of AdjustPrivilegeToken
                                                              • System policy modification
                                                              PID:916
                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B97B9AB2-4958-4A5C-B386-A9E5A8619985}\EDGEMITMP_87D62.tmp\setup.exe
                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B97B9AB2-4958-4A5C-B386-A9E5A8619985}\EDGEMITMP_87D62.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.92 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B97B9AB2-4958-4A5C-B386-A9E5A8619985}\EDGEMITMP_87D62.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.68 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff7df06d730,0x7ff7df06d73c,0x7ff7df06d748
                                                                4⤵
                                                                • Executes dropped EXE
                                                                PID:6132
                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B97B9AB2-4958-4A5C-B386-A9E5A8619985}\EDGEMITMP_87D62.tmp\setup.exe
                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B97B9AB2-4958-4A5C-B386-A9E5A8619985}\EDGEMITMP_87D62.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
                                                                4⤵
                                                                • Executes dropped EXE
                                                                • Drops file in System32 directory
                                                                • Modifies data under HKEY_USERS
                                                                PID:2020
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B97B9AB2-4958-4A5C-B386-A9E5A8619985}\EDGEMITMP_87D62.tmp\setup.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B97B9AB2-4958-4A5C-B386-A9E5A8619985}\EDGEMITMP_87D62.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.92 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B97B9AB2-4958-4A5C-B386-A9E5A8619985}\EDGEMITMP_87D62.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.68 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff7df06d730,0x7ff7df06d73c,0x7ff7df06d748
                                                                  5⤵
                                                                  • Executes dropped EXE
                                                                  PID:5148
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.68\Installer\setup.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.68\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
                                                                4⤵
                                                                • Executes dropped EXE
                                                                PID:6120
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.68\Installer\setup.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.68\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.92 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.68\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.68 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff7ecd9d730,0x7ff7ecd9d73c,0x7ff7ecd9d748
                                                                  5⤵
                                                                  • Executes dropped EXE
                                                                  PID:1844
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.68\Installer\setup.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.68\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
                                                                4⤵
                                                                • Executes dropped EXE
                                                                PID:2740
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.68\Installer\setup.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.68\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.92 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.68\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.68 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff7ecd9d730,0x7ff7ecd9d73c,0x7ff7ecd9d748
                                                                  5⤵
                                                                  • Executes dropped EXE
                                                                  • Drops file in Program Files directory
                                                                  PID:5156
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MEZGQTQ5MDktRUI1NC00MDJELTkyQkQtQTZFNTEwODJGNzVCfSIgdXNlcmlkPSJ7QTM0MjlCQ0QtRDExQi00OEE5LTkwNzItNEM3N0I2Q0E5RTJGfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntGOTg3QThBOS0xMDMzLTQ5QzMtODI1RC0wMEMwMjhFRTNCMjd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS4zMSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJJc09uSW50ZXJ2YWxDb21tYW5kc0FsbG93ZWQ9JTVCJTIyLXRhcmdldF9kZXYlMjAtbWluX2Jyb3dzZXJfdmVyc2lvbl9jYW5hcnlfZGV2JTIwMTMxLjAuMjg3MS4wJTIyJTVEIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjY2Ij48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2NTIwIiBwaW5nX2ZyZXNobmVzcz0ie0FDMDVERUY1LUFCRTgtNDJBNC05RkI0LUQ0MEEwOTZFQzBDRn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjciIG5leHR2ZXJzaW9uPSIxMzAuMC4yODQ5LjY4IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM3NTQ4ODkxNDc0ODAzMDAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MDMyMzA1NzU3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MDMyNDYyMTc0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDYzOTMzNzA1OSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzdmYWEwMGQ4LWZlYTEtNDk2YS04MTYzLWFmNDQ5N2E3NmIxNj9QMT0xNzMxNjIwNDgzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVZmSDZDbkJKWFcycCUyYkhkJTJiVUl1VVIwSyUyYm1EQ3RvWFNDU1ZNWXhKUjQ4YXR0WHltSXd4VTlWNVBSdEdDdm1JVU82OHI2bm5zdlh3NEZzZHFydDNwMHdRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQ2Mzk5NjIwOTgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzdmYWEwMGQ4LWZlYTEtNDk2YS04MTYzLWFmNDQ5N2E3NmIxNj9QMT0xNzMxNjIwNDgzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVZmSDZDbkJKWFcycCUyYkhkJTJiVUl1VVIwSyUyYm1EQ3RvWFNDU1ZNWXhKUjQ4YXR0WHltSXd4VTlWNVBSdEdDdm1JVU82OHI2bm5zdlh3NEZzZHFydDNwMHdRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc1MDQ2MjAwIiB0b3RhbD0iMTc1MDQ2MjAwIiBkb3dubG9hZF90aW1lX21zPSI1NDYyNSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDY0MDI3NDU4NiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDY1MzU1NTkxMyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTUyNTY5OTM0NTgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI3NjYiIGRvd25sb2FkX3RpbWVfbXM9IjYwNzM0IiBkb3dubG9hZGVkPSIxNzUwNDYyMDAiIHRvdGFsPSIxNzUwNDYyMDAiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjYwMzI4Ii8-PHBpbmcgYWN0aXZlPSIxIiBhZD0iNjUyMCIgcmQ9IjY1MjAiIHBpbmdfZnJlc2huZXNzPSJ7QTdFREJEN0EtQzVBRC00RkNCLUJFMTYtRDg1ODcwNTE2MzE4fSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMzAuMC4yODQ5LjU2IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjY1MTciIGNvaG9ydD0icnJmQDAuMjMiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjY1MjAiIHBpbmdfZnJlc2huZXNzPSJ7NTY2MzJGRUItMTYxNi00RkFGLUJGRTUtOEE3QkZCMDNFREQwfSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                            2⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Checks system information in the registry
                                                            • System Location Discovery: System Language Discovery
                                                            • System Network Configuration Discovery: Internet Connection Discovery
                                                            PID:212

                                                        Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Reconnaissance

                                                        Resource Development

                                                        Initial Access

                                                        Execution

                                                        Persistence

                                                        Boot or Logon Autostart Execution

                                                        1
                                                        T1547

                                                        Active Setup

                                                        1
                                                        T1547.014

                                                        Browser Extensions

                                                        1
                                                        T1176

                                                        Event Triggered Execution

                                                        2
                                                        T1546

                                                        Component Object Model Hijacking

                                                        1
                                                        T1546.015

                                                        Image File Execution Options Injection

                                                        1
                                                        T1546.012

                                                        Privilege Escalation

                                                        Boot or Logon Autostart Execution

                                                        1
                                                        T1547

                                                        Active Setup

                                                        1
                                                        T1547.014

                                                        Event Triggered Execution

                                                        2
                                                        T1546

                                                        Component Object Model Hijacking

                                                        1
                                                        T1546.015

                                                        Image File Execution Options Injection

                                                        1
                                                        T1546.012

                                                        Defense Evasion

                                                        Modify Registry

                                                        4
                                                        T1112

                                                        Credential Access

                                                        Discovery

                                                        Browser Information Discovery

                                                        1
                                                        T1217

                                                        Query Registry

                                                        5
                                                        T1012

                                                        System Information Discovery

                                                        5
                                                        T1082

                                                        System Location Discovery

                                                        1
                                                        T1614

                                                        System Language Discovery

                                                        1
                                                        T1614.001

                                                        System Network Configuration Discovery

                                                        1
                                                        T1016

                                                        Internet Connection Discovery

                                                        1
                                                        T1016.001

                                                        Lateral Movement

                                                        Collection

                                                        Command and Control

                                                        Web Service

                                                        1
                                                        T1102

                                                        Exfiltration

                                                        Impact

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.56\Installer\setup.exe
                                                          Filesize

                                                          6.5MB

                                                          MD5

                                                          9a98f71bb7812ab88c517ba0d278d4c9

                                                          SHA1

                                                          459b635444042ad0eeb453cdba5078c52ddba161

                                                          SHA256

                                                          273f8406a9622ddd0e92762837af4598770b5efe6aa8a999da809e77b7b7882f

                                                          SHA512

                                                          5685717b2192b477b5c5708687462aa2d23999f565a43b7d67388f48eb9a3d33d9a3da54474ce632a0aee1bc4de8a6172a818239033d4a035f045e15947868f3

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.68\Installer\setup.exe
                                                          Filesize

                                                          6.5MB

                                                          MD5

                                                          f6718e31d7d4f5533d0e37f10be482be

                                                          SHA1

                                                          86d7ecb6ea92632fba9aea98c8cacc34e16f2974

                                                          SHA256

                                                          9e6148a3fe08dc8292f4df78e79a3ccbaf69099ce92acc01aedd371b90a06827

                                                          SHA512

                                                          52080bce605eaeceae6e3ca854ebec2923454e82fb26fa2fa707d521244f598bf9612834d8db402b52cee383b53ee8969f47c234ff2a8c138486b28ae598e9bd

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.31\MicrosoftEdgeUpdateSetup_X86_1.3.195.31.exe
                                                          Filesize

                                                          1.6MB

                                                          MD5

                                                          96da7b3dc4fb1d5dcf2c417ee046f447

                                                          SHA1

                                                          e84a715aa7484e56c9f33d05da3bfa1ca0f1387b

                                                          SHA256

                                                          44487270c94902abed843606f7dd7b10923abbecce86c1cd85b3f25156eb60da

                                                          SHA512

                                                          8630835de1a5952e57b9c0db112854050145ca923018985984cca60003b986314f60146eba54ab52933f600ef7d61949f254627c0fd5459b724315968685d733

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\EdgeUpdate.dat
                                                          Filesize

                                                          12KB

                                                          MD5

                                                          369bbc37cff290adb8963dc5e518b9b8

                                                          SHA1

                                                          de0ef569f7ef55032e4b18d3a03542cc2bbac191

                                                          SHA256

                                                          3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

                                                          SHA512

                                                          4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\MicrosoftEdgeComRegisterShellARM64.exe
                                                          Filesize

                                                          179KB

                                                          MD5

                                                          7a160c6016922713345454265807f08d

                                                          SHA1

                                                          e36ee184edd449252eb2dfd3016d5b0d2edad3c6

                                                          SHA256

                                                          35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

                                                          SHA512

                                                          c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\MicrosoftEdgeUpdate.exe
                                                          Filesize

                                                          201KB

                                                          MD5

                                                          4dc57ab56e37cd05e81f0d8aaafc5179

                                                          SHA1

                                                          494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                                          SHA256

                                                          87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                                          SHA512

                                                          320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                          Filesize

                                                          212KB

                                                          MD5

                                                          60dba9b06b56e58f5aea1a4149c743d2

                                                          SHA1

                                                          a7e456acf64dd99ca30259cf45b88cf2515a69b3

                                                          SHA256

                                                          4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

                                                          SHA512

                                                          e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\MicrosoftEdgeUpdateCore.exe
                                                          Filesize

                                                          257KB

                                                          MD5

                                                          c044dcfa4d518df8fc9d4a161d49cece

                                                          SHA1

                                                          91bd4e933b22c010454fd6d3e3b042ab6e8b2149

                                                          SHA256

                                                          9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

                                                          SHA512

                                                          f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\NOTICE.TXT
                                                          Filesize

                                                          4KB

                                                          MD5

                                                          6dd5bf0743f2366a0bdd37e302783bcd

                                                          SHA1

                                                          e5ff6e044c40c02b1fc78304804fe1f993fed2e6

                                                          SHA256

                                                          91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

                                                          SHA512

                                                          f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\msedgeupdate.dll
                                                          Filesize

                                                          2.0MB

                                                          MD5

                                                          965b3af7886e7bf6584488658c050ca2

                                                          SHA1

                                                          72daabdde7cd500c483d0eeecb1bd19708f8e4a5

                                                          SHA256

                                                          d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

                                                          SHA512

                                                          1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\msedgeupdateres_af.dll
                                                          Filesize

                                                          28KB

                                                          MD5

                                                          567aec2d42d02675eb515bbd852be7db

                                                          SHA1

                                                          66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

                                                          SHA256

                                                          a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

                                                          SHA512

                                                          3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\msedgeupdateres_am.dll
                                                          Filesize

                                                          24KB

                                                          MD5

                                                          f6c1324070b6c4e2a8f8921652bfbdfa

                                                          SHA1

                                                          988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

                                                          SHA256

                                                          986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

                                                          SHA512

                                                          63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\msedgeupdateres_ar.dll
                                                          Filesize

                                                          26KB

                                                          MD5

                                                          570efe7aa117a1f98c7a682f8112cb6d

                                                          SHA1

                                                          536e7c49e24e9aa068a021a8f258e3e4e69fa64f

                                                          SHA256

                                                          e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

                                                          SHA512

                                                          5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\msedgeupdateres_as.dll
                                                          Filesize

                                                          28KB

                                                          MD5

                                                          a8d3210e34bf6f63a35590245c16bc1b

                                                          SHA1

                                                          f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

                                                          SHA256

                                                          3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

                                                          SHA512

                                                          6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\msedgeupdateres_az.dll
                                                          Filesize

                                                          29KB

                                                          MD5

                                                          7937c407ebe21170daf0975779f1aa49

                                                          SHA1

                                                          4c2a40e76209abd2492dfaaf65ef24de72291346

                                                          SHA256

                                                          5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

                                                          SHA512

                                                          8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\msedgeupdateres_bg.dll
                                                          Filesize

                                                          29KB

                                                          MD5

                                                          8375b1b756b2a74a12def575351e6bbd

                                                          SHA1

                                                          802ec096425dc1cab723d4cf2fd1a868315d3727

                                                          SHA256

                                                          a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

                                                          SHA512

                                                          aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\msedgeupdateres_bn-IN.dll
                                                          Filesize

                                                          29KB

                                                          MD5

                                                          a94cf5e8b1708a43393263a33e739edd

                                                          SHA1

                                                          1068868bdc271a52aaae6f749028ed3170b09cce

                                                          SHA256

                                                          5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

                                                          SHA512

                                                          920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\msedgeupdateres_bn.dll
                                                          Filesize

                                                          29KB

                                                          MD5

                                                          7dc58c4e27eaf84ae9984cff2cc16235

                                                          SHA1

                                                          3f53499ddc487658932a8c2bcf562ba32afd3bda

                                                          SHA256

                                                          e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

                                                          SHA512

                                                          bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\msedgeupdateres_bs.dll
                                                          Filesize

                                                          28KB

                                                          MD5

                                                          e338dccaa43962697db9f67e0265a3fc

                                                          SHA1

                                                          4c6c327efc12d21c4299df7b97bf2c45840e0d83

                                                          SHA256

                                                          99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

                                                          SHA512

                                                          e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
                                                          Filesize

                                                          29KB

                                                          MD5

                                                          2929e8d496d95739f207b9f59b13f925

                                                          SHA1

                                                          7c1c574194d9e31ca91e2a21a5c671e5e95c734c

                                                          SHA256

                                                          2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

                                                          SHA512

                                                          ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\msedgeupdateres_ca.dll
                                                          Filesize

                                                          30KB

                                                          MD5

                                                          39551d8d284c108a17dc5f74a7084bb5

                                                          SHA1

                                                          6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

                                                          SHA256

                                                          8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

                                                          SHA512

                                                          6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\msedgeupdateres_cs.dll
                                                          Filesize

                                                          28KB

                                                          MD5

                                                          16c84ad1222284f40968a851f541d6bb

                                                          SHA1

                                                          bc26d50e15ccaed6a5fbe801943117269b3b8e6b

                                                          SHA256

                                                          e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

                                                          SHA512

                                                          d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\msedgeupdateres_cy.dll
                                                          Filesize

                                                          28KB

                                                          MD5

                                                          34d991980016595b803d212dc356d765

                                                          SHA1

                                                          e3a35df6488c3463c2a7adf89029e1dd8308f816

                                                          SHA256

                                                          252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

                                                          SHA512

                                                          8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\msedgeupdateres_da.dll
                                                          Filesize

                                                          28KB

                                                          MD5

                                                          d34380d302b16eab40d5b63cfb4ed0fe

                                                          SHA1

                                                          1d3047119e353a55dc215666f2b7b69f0ede775b

                                                          SHA256

                                                          fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

                                                          SHA512

                                                          45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\msedgeupdateres_de.dll
                                                          Filesize

                                                          30KB

                                                          MD5

                                                          aab01f0d7bdc51b190f27ce58701c1da

                                                          SHA1

                                                          1a21aabab0875651efd974100a81cda52c462997

                                                          SHA256

                                                          061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

                                                          SHA512

                                                          5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\msedgeupdateres_el.dll
                                                          Filesize

                                                          30KB

                                                          MD5

                                                          ac275b6e825c3bd87d96b52eac36c0f6

                                                          SHA1

                                                          29e537d81f5d997285b62cd2efea088c3284d18f

                                                          SHA256

                                                          223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

                                                          SHA512

                                                          bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\msedgeupdateres_en-GB.dll
                                                          Filesize

                                                          27KB

                                                          MD5

                                                          d749e093f263244d276b6ffcf4ef4b42

                                                          SHA1

                                                          69f024c769632cdbb019943552bac5281d4cbe05

                                                          SHA256

                                                          fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

                                                          SHA512

                                                          48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

                                                          Download Submit

                                                        • C:\Program Files (x86)\Microsoft\Temp\EUD6AF.tmp\msedgeupdateres_en.dll
                                                          Filesize

                                                          27KB

                                                          MD5

                                                          4a1e3cf488e998ef4d22ac25ccc520a5

                                                          SHA1

                                                          dc568a6e3c9465474ef0d761581c733b3371b1cd

                                                          SHA256

                                                          9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

                                                          SHA512

                                                          ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

                                                          Download Submit

                                                        • C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
                                                          Filesize

                                                          6.7MB

                                                          MD5

                                                          3ce67509dc5518ed68a5689739774588

                                                          SHA1

                                                          00399c8ae50279d8c1fbe019572f2f14271325ee

                                                          SHA256

                                                          cabe8ea571b71a2f1d47014463c4f3593a2a932595b6835e32ebe0ec0a6482ee

                                                          SHA512

                                                          b5bfbe751d10674ba2eb34fd905b9e74059213891fdcba87123d8c5cd8011c829fe166679775ef1bac9859bf772e6b828b21db6a3398a3917822a166da4b7d13

                                                          Download Submit

                                                        • C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc_temp\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                          Filesize

                                                          1.5MB

                                                          MD5

                                                          610b1b60dc8729bad759c92f82ee2804

                                                          SHA1

                                                          9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

                                                          SHA256

                                                          921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

                                                          SHA512

                                                          0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

                                                          Download Submit

                                                        • C:\Program Files\MsEdgeCrashpad\settings.dat
                                                          Filesize

                                                          280B

                                                          MD5

                                                          6db0e6604c850b00dab7b4820a7812c8

                                                          SHA1

                                                          c98308874d0762dba89351b10cc43a777091d210

                                                          SHA256

                                                          6848e9f99d8e0057b47bc7818890c84d8e3c55d4f3886ab762014e45809684c8

                                                          SHA512

                                                          0d10d47f039dff8195ad127f0f969dd4d587a964986b79a5bd855ee3003f6d205de75ef26aeb103f78442deb694b0b829ac89fd480b42d138a01c6eadb3be46b

                                                          Download Submit

                                                        • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                                          Filesize

                                                          96KB

                                                          MD5

                                                          0a4ed40085484dacf25881be0c391233

                                                          SHA1

                                                          e49db4675e99ebb4a90b2f1ee5ab781c475eba19

                                                          SHA256

                                                          f809439ba44096a95b7334c5c95a27479556cfe72cd17b20ef9d9b9b0c524fd7

                                                          SHA512

                                                          343f4560561f193e9df6e36bb09e1562a52399c136bdb02462414fb5ac7953adef3752859d1970e11f63a6154fdf547fe674e10a0e752776caa36a7afcbdb5ee

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                          Filesize

                                                          152B

                                                          MD5

                                                          c8bb30e8100687d93d3272d3acc82cdc

                                                          SHA1

                                                          4eb090b67fb7913e1ce2a2f590b4df9412b3d028

                                                          SHA256

                                                          78e3320030a6f37d3c8930906b1bdf1427743114ac06611b55aad02c5439af89

                                                          SHA512

                                                          cf047e733a6f9d70b5b9c4694a16bb1f852e097f1968639eda8ac94dd067926fa245a4124cba6fd674e6e8bccb03329c67b861cc487e6221de1322615644e507

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                          Filesize

                                                          152B

                                                          MD5

                                                          36988ca14952e1848e81a959880ea217

                                                          SHA1

                                                          a0482ef725657760502c2d1a5abe0bb37aebaadb

                                                          SHA256

                                                          d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

                                                          SHA512

                                                          d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                          Filesize

                                                          152B

                                                          MD5

                                                          fab8d8d865e33fe195732aa7dcb91c30

                                                          SHA1

                                                          2637e832f38acc70af3e511f5eba80fbd7461f2c

                                                          SHA256

                                                          1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

                                                          SHA512

                                                          39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\22490de2-6f23-48a8-935e-4226dfe6612d.tmp
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          1389c667858a779d4169c5fc28cbe0bd

                                                          SHA1

                                                          725bcf7a57bf0d08b71f47fb43537a02967400cc

                                                          SHA256

                                                          02e11ad92afd3d4812e1693d3a5952279401b817db98b9084529f2e4ed748e39

                                                          SHA512

                                                          38b680c8b9097c6e904a28a8e4c99986a7e720f98bfdeee65816d6cbf857ef552421d4d29e29290d0de2f3aead3be9a7de798fdc9b578f7853a96f601e0fe65c

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                          Filesize

                                                          3KB

                                                          MD5

                                                          04aac59261c7dc7c53b06114ba556193

                                                          SHA1

                                                          7f1f7cd403d67b60b78c468020dd46c2fdf5e4b4

                                                          SHA256

                                                          8fbe8d796cb11cdc994ccbaf35087f044eb195a4509f3c0c544eac5edfa1871b

                                                          SHA512

                                                          57a96229b37dfe5f9822c9033bbdee454ed48adb0998b42f9205c33c2fce68f91d59e535503b8093e0cc0eeace09f6f70d9ecb90f71cc560ec6d17d33ed80994

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                          Filesize

                                                          480B

                                                          MD5

                                                          a195bf4048d498940c89debce0eced29

                                                          SHA1

                                                          91aa973239bd648674e64ee20db5ed3feb6b4913

                                                          SHA256

                                                          39f6e642dde14c5078d8284ee387f749406bd2df4da84b331f52aa0a7830c9e3

                                                          SHA512

                                                          e2cb1184e716f037a349f94cc25a9ec8a17b87f2f689bc558e926e9ad6415a2d5af2dba042932620052e15ea311953616fccd653c956f7d6f92fbfa1711fb2c8

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                          Filesize

                                                          536B

                                                          MD5

                                                          2cc237ae133a84071169ad6b066368dc

                                                          SHA1

                                                          a41e48d430d2511b05623d0d8daa7cd5e7e13dd0

                                                          SHA256

                                                          8174f92885566c525e282172c5e7746282e9c3ce7d1eb2dc9d5be8b1240fcb1f

                                                          SHA512

                                                          999f1387c76df68a009a527b858a711173d366fcba430d05bdce8fca3d21cb874f12cadd3074702465087ab29d1da22366275b1464abe0f561e25d7a04914429

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          774104d70427242838109fef08a2b25d

                                                          SHA1

                                                          cc72a688bb53385d44a193d3d946618d9be6ef15

                                                          SHA256

                                                          0551614414d3e8394ba7a0f3c575aa9c9dd7e94dadf5ca6ad97e56aecec9c964

                                                          SHA512

                                                          926f7abde3c6b687315713e127612cc5e3e4c983c93a13ac7ca4061a4be98bfe5d036b1b0c4b2e419559a8bb562cfd3c908ff2f37019eb3b0a17657e7a3ea3b2

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          a24cd3e786584c2b5b54dce3640049e7

                                                          SHA1

                                                          a3d2aab80f496a21d67515ee329a2cd1dd2ce6f8

                                                          SHA256

                                                          cb7964f61953a0085c44b6618b3b0426a7a94100bbf438692c8f68f05d655f96

                                                          SHA512

                                                          f9756786513c79c07f00740f8a48af1bcd33571f940db6a71be1fffd5bf244bd1b7061c662f90e44c3d8fc243bd3c12338c8a5e30127681d78e9263005349443

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          24f1dc027e144050444cff91747bfdbb

                                                          SHA1

                                                          cbdb07313bc1f7bd9a0db4f03ec7161002aa6659

                                                          SHA256

                                                          6c9d1f38a9c4ce51f29737fd824f6c76f04ef3a93be3ced06a2f11a9c53e4f75

                                                          SHA512

                                                          fea98c0ac965e15d121ce7687ce734bc7841039115b18add4a7d17ec5cc088f1391ef0efb99bae7eb94a8b05c29102989b3cc34b6b27ae82f95a3f53190a7bdf

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          5KB

                                                          MD5

                                                          0cbdd3f0ef4086d3d626988c22054707

                                                          SHA1

                                                          82ed8ae84a881c50c3956dca6782c0d05d444e0d

                                                          SHA256

                                                          12abe98334b62dc9cade4013acdf6fb8a9c684a847cbd8463bcff87999ed3b68

                                                          SHA512

                                                          9370609d4141400ec6105534b05b1bee1b871282daf255a6ed570fc7827706a5ed88e1908b8c5e08e967bf35cd5e50823e1b267ec1a179717c07cbf4fd5ee2e3

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          6KB

                                                          MD5

                                                          3c0e629924e50384d25456f44b9c5a4e

                                                          SHA1

                                                          ecd041e4ad7d3fc8e76126bbf2b65263a6e88bd9

                                                          SHA256

                                                          fd762478d836f1bda9a2f6b3902ed4cd6daed54a8f491ecb8edb6965c4494434

                                                          SHA512

                                                          015648934014e7535272e56e922d2fab346cb2476d49fad6985bb675a93835a463709dbafb737700ef4419b29372eb246abec3eea6ffe0aaaf706632ceeb5825

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          3ec4357a2c86fa9ff830662ae9bd2668

                                                          SHA1

                                                          514345473fe32ff9dacf3476c29cf2dca0314ccd

                                                          SHA256

                                                          220851ef6a083f02bb03779726e8d2847a9cbfe46cdbda3f4b25c2c85716ba26

                                                          SHA512

                                                          af74d49db93102467d9c2420b9040a1d51dc563220d908b81fcf4132bc60f4664fea4f46562c226aa6fbb56a505d8d6b58f3e7a21e2c60ee5bfaf302d9a1f1de

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                          Filesize

                                                          872B

                                                          MD5

                                                          b917f0d579123ecf4b75f89e846efa5d

                                                          SHA1

                                                          751ca1a648dd50ac57bba1f1aa0549f9457750e1

                                                          SHA256

                                                          7ae329389e34dfc8f705c2a8c6cf5dcc10759d26a2bb38cb87dc503cd2caf0ed

                                                          SHA512

                                                          114268e08a63ebfd658e9b01410a6249e9f433b25d4c6e233a9e8d5cf86591dfbd4ddf757f599640b3160d4194a102df686a1e3f5a1e17473b6d4d49c279a3eb

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                          Filesize

                                                          2KB

                                                          MD5

                                                          8f01b7d3008d73f3f54f4f54632c5896

                                                          SHA1

                                                          94311bdcb575a6c2671d96242975a844c9e9600a

                                                          SHA256

                                                          550f733e5c3f40fe670d7ee44bfc043499163cc9d36fe2b6dbb9bef60f1f6922

                                                          SHA512

                                                          699b8d831b37a4b989337faefbe9d88e49c96fa35fc553958ee2682ebf5272e5e43ded390efc1fc9584e94c46710753926fd40f898471468a4982fc921bc3623

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                          Filesize

                                                          2KB

                                                          MD5

                                                          347db49bd9c13d5b6ea041aa7be0e368

                                                          SHA1

                                                          5a3f6c5f597b2a5dc15d77d32e4837487d313530

                                                          SHA256

                                                          235e125463a73298a08b0d565892e937602a11048461c37faa90c6f2fbb6ecb8

                                                          SHA512

                                                          3f71cc8dfe5801847e334c874ab96ca3a6bc95dd2f722b074e60b8a1612ddfa142ae8ade8f7401637d6d68407f53fca4159e762d6a2264fb6d2abf7ae5adfc01

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                          Filesize

                                                          2KB

                                                          MD5

                                                          8e2fff2324dcd07969e1754134b17970

                                                          SHA1

                                                          630ed82a041c9b3359a648fa0bbcc23093a0b1a0

                                                          SHA256

                                                          13c96a94a2b3e9d21c14f2bfd7d4eacd83216e83fdfbedf3d5ed9619a49f168c

                                                          SHA512

                                                          db9c38403fb7900f389a8dff8d2c513a0ae6b347da92c998872d1ae458866e1fd1603ab4c66c6afd09d37a5f4c909700b5790d96b91e6f261f175163b872da57

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                          Filesize

                                                          2KB

                                                          MD5

                                                          71448bf6f16c904f87f873f306ba60fa

                                                          SHA1

                                                          9e3cf9e4e6f94ce53728e8bf3f980a4b0283131a

                                                          SHA256

                                                          8a1c357ca53f76a6ea8c94c6b0e3651b4b48cffcc9824f64add56a8c42a2bc48

                                                          SHA512

                                                          6d1ebd22cad18fc2c6cb696ba7a0a9c6f82512c78fe503c3c5954d8cf4c05ef1f25348437225855f82f518a4d3cc2ca237279fa2e53f7c85d8a0386012f53ea2

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593241.TMP
                                                          Filesize

                                                          370B

                                                          MD5

                                                          f175d912ea4f36626677bb2035ac76af

                                                          SHA1

                                                          90125db26d42dfbece723c9fd89fc606b38a1ece

                                                          SHA256

                                                          c68e0e381e92cdb784819d07cfdeb3a0b1f084d1ff5f084d105093a1ba1571a0

                                                          SHA512

                                                          4daa6b564a4fc80d015e1c41843324078e3cc28a8d10a60153fbb11ccc1ad22a43018397e12954732e11490e7830e23ba6259cd6036045c2749183910b8d758e

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                          Filesize

                                                          16B

                                                          MD5

                                                          46295cac801e5d4857d09837238a6394

                                                          SHA1

                                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                          SHA256

                                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                          SHA512

                                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                          Filesize

                                                          16B

                                                          MD5

                                                          206702161f94c5cd39fadd03f4014d98

                                                          SHA1

                                                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                          SHA256

                                                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                          SHA512

                                                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          11KB

                                                          MD5

                                                          80709f94392b213f129c8fb90bc9f3eb

                                                          SHA1

                                                          9fb5eb6ab73e06ed3723100340cbdb9a7d26bb83

                                                          SHA256

                                                          318b58b5b89c225ce972c2017262857fead82308d334eeaacd65cd24f2f99d39

                                                          SHA512

                                                          4de1dab1cdf77e2b7fc20247e51a190015fcb8f792411a0ba043be876e1fb23370a99c7532bfcd22c47201e9a4e73c57bc6dca76b81f9e99745a7f39f3222988

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          10KB

                                                          MD5

                                                          87cbe8a12150073a8c551a65dfdcdd76

                                                          SHA1

                                                          9b658017cb4b0f7856e6314e2b93b587f0d92e5e

                                                          SHA256

                                                          eb909d7839fab555da8b756a3b1bbac5747c0a79d0729230609bb59a39e251fa

                                                          SHA512

                                                          e59ae1a5b744fa747dd2994053d39d7f0973b41ae4cf925f8502cf9f3a9e6c4e2ad15605358b7baa5ce7a84aaa7995ae6f1040fed077ece7fce07c170c124014

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          11KB

                                                          MD5

                                                          4e1c1be8f5f7c1d15a98c364c9c91a72

                                                          SHA1

                                                          e8b267b03563d3fdf6bed4db30c82172631b77d2

                                                          SHA256

                                                          1692f94530020e2f0585591d027af732eb367a8727ca7f1c0bfe34e3a8bf615b

                                                          SHA512

                                                          f765b16633cf24adf4bd583d8d509bc833bd662cc176d3402fdf4caca662b4adb921b2f76338ab830338217246d2052e0063f1d5ef71b51c14b7d4091136b27c

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Delta V3.61\Delta.exe
                                                          Filesize

                                                          17.0MB

                                                          MD5

                                                          774ffee84d8e760761b8819edd2bc252

                                                          SHA1

                                                          74ff2bcc3baf64790181b97dc09ab951d9440379

                                                          SHA256

                                                          3c2cbcfb0dc0b92e1a0f15e725a1f8c4756a990e298098d94087cdd3fd491758

                                                          SHA512

                                                          935624fdaa9ae57d4515a456a9383c20240988848046fcab69948450413e573167c0f17a456f0f5120ec13e3215759ad11c4857873900606116c3e495dd69650

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Delta V3.61\ICSharpCode.AvalonEdit.dll
                                                          Filesize

                                                          598KB

                                                          MD5

                                                          b6142f182a86adf382ea845935a327bc

                                                          SHA1

                                                          841367a389b4df1207224a26f9e201e593d551d1

                                                          SHA256

                                                          7225253a9ca59db879340f9ea8ee4f48006ceadf878d04b446522007fbe3ebb3

                                                          SHA512

                                                          a5e4941409b4b06fdf44ec5ebfb5d99cec47b1f348e266e7dc20254e5465deb1abf60d67092b5aa1bd14f52d637b52b380382f838d601b0f3734ea5a406fb068

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Delta V3.61\Newtonsoft.Json.dll
                                                          Filesize

                                                          685KB

                                                          MD5

                                                          081d9558bbb7adce142da153b2d5577a

                                                          SHA1

                                                          7d0ad03fbda1c24f883116b940717e596073ae96

                                                          SHA256

                                                          b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

                                                          SHA512

                                                          2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Delta V3.61\bin\lua.xshd
                                                          Filesize

                                                          3KB

                                                          MD5

                                                          e2b537e027b3251fb82e213739e66376

                                                          SHA1

                                                          e47888a238dcf90097ecd3c8860b0f9b02ded0e3

                                                          SHA256

                                                          5c508701141f851aeb0ad9088759f7da15bc33f9e7459ea8c8d4e1ec7b4eaa60

                                                          SHA512

                                                          1e347301cdc75933d709eddeace7cc9d62a7e9685f5badde3e1ec6f3cdbb37bbb8b95c23632e11b283e0464ab4c84e79c644660a1f0c09f51729e30571555f7e

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Delta V3.61\bin\modules.json
                                                          Filesize

                                                          639B

                                                          MD5

                                                          87b829dbc0f63d72bff5664fa2177dd9

                                                          SHA1

                                                          aaee2d27a5a0290af3f14a8a20a84667aff498fc

                                                          SHA256

                                                          df98a2a55cd20d372e43356f931a1bd5aad946b44e92f407405e9ac65539458e

                                                          SHA512

                                                          e827da6e7e4d85e328b51a2b2c1ed4db7b0b453a5cdca066b210b58c0c8d9c912e90324f45a3682450a4ee2519806eb5295226acd7ec7d40e952ce061f350318

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\Delta V3.61\bin\vers.txt
                                                          Filesize

                                                          5B

                                                          MD5

                                                          8ec516f474a8e25c087b7046e5ce5fa5

                                                          SHA1

                                                          47e4e5e5db6430b04cc2b2047c0059540c03075a

                                                          SHA256

                                                          9ef2074444610f6b60ee6c9bc840ae83b0dcf1669ce282abf7aecb74d2dfc8b3

                                                          SHA512

                                                          e26db8507f89eaf5c689174dd30d2b02e26a120370217a058e28602ce1c92b3469174a98396f37526b44c3d3be7744ec189f2f32e4930d758c765962f5aff0f1

                                                          Download Submit

                                                        • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                          Filesize

                                                          6.7MB

                                                          MD5

                                                          7203cce6d4862929a7e29350acfc01a9

                                                          SHA1

                                                          3f24c3fe84bbe6d446bc96f1f000347517e46541

                                                          SHA256

                                                          874b8d538afd95fec999ba0e9151aaad9a8377929cc190d8a41ac3965461bf91

                                                          SHA512

                                                          e84419e12340f864b0f067cdd3edb7fc2de6e4a0386e9b135d6c5cc754462e0f59c077d812867abb5cac4ff2b314994611737440c86b2497fd4328c176eaea91

                                                          Download Submit

                                                        • memory/3024-989-0x0000000000AE0000-0x0000000000B15000-memory.dmp

                                                          Filesize

                                                          212KB

                                                          Download

                                                        • memory/3024-925-0x000000006BA40000-0x000000006BC50000-memory.dmp

                                                          Filesize

                                                          2.1MB

                                                          Download

                                                        • memory/3024-899-0x000000006BA40000-0x000000006BC50000-memory.dmp

                                                          Filesize

                                                          2.1MB

                                                          Download

                                                        • memory/3024-898-0x0000000000AE0000-0x0000000000B15000-memory.dmp

                                                          Filesize

                                                          212KB

                                                          Download

                                                        • memory/3092-1014-0x00007FFBB5CC0000-0x00007FFBB5CD0000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3092-1004-0x00007FFBB6AF0000-0x00007FFBB6B00000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3092-1028-0x00007FFBB6D70000-0x00007FFBB6D80000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3092-1029-0x00007FFBB6D90000-0x00007FFBB6D9B000-memory.dmp

                                                          Filesize

                                                          44KB

                                                          Download

                                                        • memory/3092-1030-0x00007FFBB6D90000-0x00007FFBB6D9B000-memory.dmp

                                                          Filesize

                                                          44KB

                                                          Download

                                                        • memory/3092-1031-0x00007FFBB6D90000-0x00007FFBB6D9B000-memory.dmp

                                                          Filesize

                                                          44KB

                                                          Download

                                                        • memory/3092-1032-0x00007FFBB6D90000-0x00007FFBB6D9B000-memory.dmp

                                                          Filesize

                                                          44KB

                                                          Download

                                                        • memory/3092-1027-0x00007FFBB6D70000-0x00007FFBB6D80000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3092-1021-0x00007FFBB5F60000-0x00007FFBB5F70000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3092-1022-0x00007FFBB6010000-0x00007FFBB601E000-memory.dmp

                                                          Filesize

                                                          56KB

                                                          Download

                                                        • memory/3092-1023-0x00007FFBB6010000-0x00007FFBB601E000-memory.dmp

                                                          Filesize

                                                          56KB

                                                          Download

                                                        • memory/3092-1024-0x00007FFBB6010000-0x00007FFBB601E000-memory.dmp

                                                          Filesize

                                                          56KB

                                                          Download

                                                        • memory/3092-992-0x00007FFBB7E30000-0x00007FFBB7E40000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3092-996-0x00007FFBB7F90000-0x00007FFBB7FC0000-memory.dmp

                                                          Filesize

                                                          192KB

                                                          Download

                                                        • memory/3092-1001-0x00007FFBB8020000-0x00007FFBB8025000-memory.dmp

                                                          Filesize

                                                          20KB

                                                          Download

                                                        • memory/3092-1000-0x00007FFBB7F90000-0x00007FFBB7FC0000-memory.dmp

                                                          Filesize

                                                          192KB

                                                          Download

                                                        • memory/3092-999-0x00007FFBB7F90000-0x00007FFBB7FC0000-memory.dmp

                                                          Filesize

                                                          192KB

                                                          Download

                                                        • memory/3092-998-0x00007FFBB7F90000-0x00007FFBB7FC0000-memory.dmp

                                                          Filesize

                                                          192KB

                                                          Download

                                                        • memory/3092-997-0x00007FFBB7F90000-0x00007FFBB7FC0000-memory.dmp

                                                          Filesize

                                                          192KB

                                                          Download

                                                        • memory/3092-995-0x00007FFBB7F40000-0x00007FFBB7F50000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3092-994-0x00007FFBB7F40000-0x00007FFBB7F50000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3092-993-0x00007FFBB7E30000-0x00007FFBB7E40000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3092-1002-0x00007FFBB6A60000-0x00007FFBB6A70000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3092-1010-0x00007FFBB6B10000-0x00007FFBB6B20000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3092-1009-0x00007FFBB6B10000-0x00007FFBB6B20000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3092-1008-0x00007FFBB6B10000-0x00007FFBB6B20000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3092-1007-0x00007FFBB6B10000-0x00007FFBB6B20000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3092-1006-0x00007FFBB6B10000-0x00007FFBB6B20000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3092-1005-0x00007FFBB6AF0000-0x00007FFBB6B00000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3092-1025-0x00007FFBB6010000-0x00007FFBB601E000-memory.dmp

                                                          Filesize

                                                          56KB

                                                          Download

                                                        • memory/3092-1003-0x00007FFBB6A60000-0x00007FFBB6A70000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3092-1016-0x00007FFBB5E30000-0x00007FFBB5E60000-memory.dmp

                                                          Filesize

                                                          192KB

                                                          Download

                                                        • memory/3092-1019-0x00007FFBB5E30000-0x00007FFBB5E60000-memory.dmp

                                                          Filesize

                                                          192KB

                                                          Download

                                                        • memory/3092-1018-0x00007FFBB5E30000-0x00007FFBB5E60000-memory.dmp

                                                          Filesize

                                                          192KB

                                                          Download

                                                        • memory/3092-1017-0x00007FFBB5E30000-0x00007FFBB5E60000-memory.dmp

                                                          Filesize

                                                          192KB

                                                          Download

                                                        • memory/3092-1015-0x00007FFBB5E30000-0x00007FFBB5E60000-memory.dmp

                                                          Filesize

                                                          192KB

                                                          Download

                                                        • memory/3092-1026-0x00007FFBB6010000-0x00007FFBB601E000-memory.dmp

                                                          Filesize

                                                          56KB

                                                          Download

                                                        • memory/3092-1013-0x00007FFBB5CC0000-0x00007FFBB5CD0000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3092-1011-0x00007FFBB5BB0000-0x00007FFBB5BC0000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3092-1012-0x00007FFBB5BB0000-0x00007FFBB5BC0000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3092-1020-0x00007FFBB5F60000-0x00007FFBB5F70000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3484-38-0x0000000006F90000-0x00000000072E4000-memory.dmp

                                                          Filesize

                                                          3.3MB

                                                          Download

                                                        • memory/3484-44-0x000000000C0E0000-0x000000000C0E8000-memory.dmp

                                                          Filesize

                                                          32KB

                                                          Download

                                                        • memory/3484-57-0x00000000102E0000-0x0000000010372000-memory.dmp

                                                          Filesize

                                                          584KB

                                                          Download

                                                        • memory/3484-25-0x00000000063B0000-0x00000000063B8000-memory.dmp

                                                          Filesize

                                                          32KB

                                                          Download

                                                        • memory/3484-36-0x0000000006AE0000-0x0000000006AFE000-memory.dmp

                                                          Filesize

                                                          120KB

                                                          Download

                                                        • memory/3484-26-0x0000000006400000-0x0000000006438000-memory.dmp

                                                          Filesize

                                                          224KB

                                                          Download

                                                        • memory/3484-42-0x0000000007400000-0x000000000749C000-memory.dmp

                                                          Filesize

                                                          624KB

                                                          Download

                                                        • memory/3484-35-0x0000000006A10000-0x0000000006A32000-memory.dmp

                                                          Filesize

                                                          136KB

                                                          Download

                                                        • memory/3484-56-0x0000000010A70000-0x0000000011014000-memory.dmp

                                                          Filesize

                                                          5.6MB

                                                          Download

                                                        • memory/3484-32-0x0000000006A60000-0x0000000006AD6000-memory.dmp

                                                          Filesize

                                                          472KB

                                                          Download

                                                        • memory/3484-27-0x00000000063C0000-0x00000000063CE000-memory.dmp

                                                          Filesize

                                                          56KB

                                                          Download

                                                        • memory/3484-31-0x00000000065F0000-0x00000000066A0000-memory.dmp

                                                          Filesize

                                                          704KB

                                                          Download

                                                        • memory/3484-140-0x00000000752DE000-0x00000000752DF000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/3484-173-0x00000000752D0000-0x0000000075A80000-memory.dmp

                                                          Filesize

                                                          7.7MB

                                                          Download

                                                        • memory/3484-24-0x00000000752D0000-0x0000000075A80000-memory.dmp

                                                          Filesize

                                                          7.7MB

                                                          Download

                                                        • memory/3484-23-0x00000000005A0000-0x00000000016A6000-memory.dmp

                                                          Filesize

                                                          17.0MB

                                                          Download

                                                        • memory/3484-22-0x00000000752DE000-0x00000000752DF000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download