Overview

overview

8

Static

static

1

oil-show-m...1.html

windows10-ltsc 2021-x64

8

Analysis

  • max time kernel
    1791s
  • max time network
    1430s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    18-11-2024 16:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    oil-show-machine-smooth-flow-gif-17354251.html

  • Size

    73KB

  • MD5

    f21d48811983854afd4649995aac443b

  • SHA1

    5e68a6d163e95284ab786efc457049ac9bcb543c

  • SHA256

    25992e276415f94cdf2efa9ec2e8fd60a2e10d1e86fb07951233c7681f9f6b5c

  • SHA512

    1729ac9d88c573c0178dce5a1b5bad8501c2ea10302ce141fdf4ae04161721b8a157060e83646079d9190eba100b1c94a43f27f12cd9058810be12131b6d4b6b

  • SSDEEP

    1536:r/YngD3oGQXBjokQV4PFDnjXuvjpRf3J+ce0iac:ryY4FvXuvjpRf3J+cVc

Score
8/10
adwarediscoveryevasionpersistencephishingprivilege_escalationstealertrojan

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs
    persistence
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 40 IoCs
  • Loads dropped DLL 36 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Checks system information in the registry 2 TTPs 24 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 1 IoCs
  • Probable phishing domain 1 TTPs 1 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 21 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 38 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 21 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 7 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Enumerates system info in registry 2 TTPs 8 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 39 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs
  • Suspicious use of AdjustPrivilegeToken 29 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 4 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\oil-show-machine-smooth-flow-gif-17354251.html
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4400
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbf5e046f8,0x7ffbf5e04708,0x7ffbf5e04718
      2⤵
        PID:824
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
        2⤵
          PID:4056
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4216
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
          2⤵
            PID:3980
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
            2⤵
              PID:4888
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
              2⤵
                PID:2352
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
                2⤵
                  PID:2396
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
                  2⤵
                    PID:3144
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                    2⤵
                      PID:1816
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6c9cc5460,0x7ff6c9cc5470,0x7ff6c9cc5480
                        3⤵
                          PID:3608
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4704
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
                        2⤵
                          PID:3416
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
                          2⤵
                            PID:4272
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
                            2⤵
                              PID:1732
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
                              2⤵
                                PID:4680
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
                                2⤵
                                  PID:1800
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
                                  2⤵
                                    PID:524
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
                                    2⤵
                                      PID:1416
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
                                      2⤵
                                        PID:2088
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
                                        2⤵
                                          PID:3588
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
                                          2⤵
                                            PID:3504
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
                                            2⤵
                                              PID:4568
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
                                              2⤵
                                                PID:2460
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3708 /prefetch:8
                                                2⤵
                                                  PID:4500
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
                                                  2⤵
                                                    PID:1084
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6580 /prefetch:8
                                                    2⤵
                                                      PID:3508
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
                                                      2⤵
                                                        PID:2060
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
                                                        2⤵
                                                          PID:5088
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
                                                          2⤵
                                                            PID:3416
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
                                                            2⤵
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:2888
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
                                                            2⤵
                                                              PID:5136
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
                                                              2⤵
                                                                PID:5344
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
                                                                2⤵
                                                                  PID:5436
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
                                                                  2⤵
                                                                    PID:5528
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
                                                                    2⤵
                                                                      PID:5660
                                                                    • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                                      "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      • Checks whether UAC is enabled
                                                                      • Drops file in Program Files directory
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Enumerates system info in registry
                                                                      • Modifies Internet Explorer settings
                                                                      • Modifies registry class
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      PID:5800
                                                                      • C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                                        MicrosoftEdgeWebview2Setup.exe /silent /install
                                                                        3⤵
                                                                        • Executes dropped EXE
                                                                        • System Location Discovery: System Language Discovery
                                                                        PID:2280
                                                                        • C:\Program Files (x86)\Microsoft\Temp\EUA7B6.tmp\MicrosoftEdgeUpdate.exe
                                                                          "C:\Program Files (x86)\Microsoft\Temp\EUA7B6.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                                                          4⤵
                                                                          • Event Triggered Execution: Image File Execution Options Injection
                                                                          • Checks computer location settings
                                                                          • Executes dropped EXE
                                                                          • Loads dropped DLL
                                                                          • Checks system information in the registry
                                                                          • System Location Discovery: System Language Discovery
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:4840
                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                            5⤵
                                                                            • Executes dropped EXE
                                                                            • Loads dropped DLL
                                                                            • System Location Discovery: System Language Discovery
                                                                            PID:5488
                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                            5⤵
                                                                            • Executes dropped EXE
                                                                            • Loads dropped DLL
                                                                            • System Location Discovery: System Language Discovery
                                                                            • Modifies registry class
                                                                            PID:5516
                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                              6⤵
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • Modifies registry class
                                                                              PID:5744
                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                              6⤵
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • Modifies registry class
                                                                              PID:5144
                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                              6⤵
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • Modifies registry class
                                                                              PID:4972
                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OUE0NEYxMTUtMDc4QS00NTIxLUE2NzctNjY1QTRGQjA3ODlEfSIgdXNlcmlkPSJ7Rjk0QzlGM0QtMzdBMy00NDMxLUFFQTctMjM5NUVEMzRDQzlFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2RkVCNzk4Mi1CNjIyLTQxMTYtQjQwMy0zNEEzRkIzNzA2Q0N9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTQ3LjM3IiBuZXh0dmVyc2lvbj0iMS4zLjE3MS4zOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzQ0MzcxMjM2OCIgaW5zdGFsbF90aW1lX21zPSI1MjYiLz48L2FwcD48L3JlcXVlc3Q-
                                                                            5⤵
                                                                            • Executes dropped EXE
                                                                            • Loads dropped DLL
                                                                            • Checks system information in the registry
                                                                            • System Location Discovery: System Language Discovery
                                                                            • System Network Configuration Discovery: Internet Connection Discovery
                                                                            PID:2288
                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{9A44F115-078A-4521-A677-665A4FB0789D}" /silent
                                                                            5⤵
                                                                            • Executes dropped EXE
                                                                            • Loads dropped DLL
                                                                            • System Location Discovery: System Language Discovery
                                                                            PID:240
                                                                      • C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\RobloxPlayerBeta.exe
                                                                        "C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 5800
                                                                        3⤵
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        • Suspicious use of UnmapMainImage
                                                                        PID:4788
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
                                                                      2⤵
                                                                        PID:5748
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
                                                                        2⤵
                                                                          PID:1676
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
                                                                          2⤵
                                                                            PID:5960
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
                                                                            2⤵
                                                                              PID:5972
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
                                                                              2⤵
                                                                                PID:980
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
                                                                                2⤵
                                                                                  PID:5720
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:1
                                                                                  2⤵
                                                                                    PID:3812
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
                                                                                    2⤵
                                                                                      PID:3676
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:1
                                                                                      2⤵
                                                                                        PID:5956
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7544 /prefetch:8
                                                                                        2⤵
                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                        PID:5480
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,17864328994520733884,4337482183350140655,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6180 /prefetch:2
                                                                                        2⤵
                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                        PID:5300
                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                      1⤵
                                                                                        PID:324
                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                        1⤵
                                                                                          PID:4308
                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                          1⤵
                                                                                            PID:6116
                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                            1⤵
                                                                                            • Executes dropped EXE
                                                                                            • Loads dropped DLL
                                                                                            • Checks system information in the registry
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            • Modifies data under HKEY_USERS
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:6088
                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OUE0NEYxMTUtMDc4QS00NTIxLUE2NzctNjY1QTRGQjA3ODlEfSIgdXNlcmlkPSJ7Rjk0QzlGM0QtMzdBMy00NDMxLUFFQTctMjM5NUVEMzRDQzlFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGQkVERjI2OS1FRTEwLTQ1NDEtODM4OS03RUIwQTU1NUVERDJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzQ0OTUzMjM3NyIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Loads dropped DLL
                                                                                              • Checks system information in the registry
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              • System Network Configuration Discovery: Internet Connection Discovery
                                                                                              PID:6116
                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A48D5C6A-AFBB-4171-812D-08EE8FF152B3}\MicrosoftEdge_X64_131.0.2903.51.exe
                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A48D5C6A-AFBB-4171-812D-08EE8FF152B3}\MicrosoftEdge_X64_131.0.2903.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              PID:884
                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A48D5C6A-AFBB-4171-812D-08EE8FF152B3}\EDGEMITMP_767C7.tmp\setup.exe
                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A48D5C6A-AFBB-4171-812D-08EE8FF152B3}\EDGEMITMP_767C7.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A48D5C6A-AFBB-4171-812D-08EE8FF152B3}\MicrosoftEdge_X64_131.0.2903.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                                3⤵
                                                                                                • Checks computer location settings
                                                                                                • Executes dropped EXE
                                                                                                • Drops file in Program Files directory
                                                                                                • Drops file in Windows directory
                                                                                                PID:5652
                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A48D5C6A-AFBB-4171-812D-08EE8FF152B3}\EDGEMITMP_767C7.tmp\setup.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A48D5C6A-AFBB-4171-812D-08EE8FF152B3}\EDGEMITMP_767C7.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A48D5C6A-AFBB-4171-812D-08EE8FF152B3}\EDGEMITMP_767C7.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.51 --initial-client-data=0x178,0x184,0x180,0x1a0,0x1a4,0x7ff75f1d2918,0x7ff75f1d2924,0x7ff75f1d2930
                                                                                                  4⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Drops file in Windows directory
                                                                                                  PID:1248
                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OUE0NEYxMTUtMDc4QS00NTIxLUE2NzctNjY1QTRGQjA3ODlEfSIgdXNlcmlkPSJ7Rjk0QzlGM0QtMzdBMy00NDMxLUFFQTctMjM5NUVEMzRDQzlFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntEN0Q0ODJCRS00MEUxLTQ3NjUtOUU3RC0wQjAwN0Q0N0RDQjd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMS4wLjI5MDMuNTEiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc0OTA5NjIxNjUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NDkxMDYyNjY1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA2NTgzODIyODUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzI2ZDM5ZjliLTAyZTEtNGUyNy04NGUyLWI1NGIyNGRjNjgzZT9QMT0xNzMyNTUzODQ0JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUZGamlSUXk3eE5wTjBMbVFYODduY0JBeEhTWGh1dndIbkgwbEpXRmk2YiUyZnloJTJmQ3JDdnZCM3ljTHo4TmdIdGJ2eGslMmI1SkhxWjlXVmhmQW40WkY0b3hRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc2NjA3ODI0IiB0b3RhbD0iMTc2NjA3ODI0IiBkb3dubG9hZF90aW1lX21zPSIzMDkzNjkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDY1ODU5MjQ4NiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNjc3MDAyNTExIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTMzMDc5MjM1NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjIxNzMiIGRvd25sb2FkX3RpbWVfbXM9IjMxNjc0NCIgZG93bmxvYWRlZD0iMTc2NjA3ODI0IiB0b3RhbD0iMTc2NjA3ODI0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2NTM3NiIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Loads dropped DLL
                                                                                              • Checks system information in the registry
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              • System Network Configuration Discovery: Internet Connection Discovery
                                                                                              PID:2740
                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5E549D29-D4DB-4C7B-B866-6481D3A8EE9B}\MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe
                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5E549D29-D4DB-4C7B-B866-6481D3A8EE9B}\MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe" /update /sessionid "{443022AE-3F6D-47B1-9C50-909205611B3E}"
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Drops file in Program Files directory
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              PID:3248
                                                                                              • C:\Program Files (x86)\Microsoft\Temp\EUC468.tmp\MicrosoftEdgeUpdate.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Temp\EUC468.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{443022AE-3F6D-47B1-9C50-909205611B3E}"
                                                                                                3⤵
                                                                                                • Event Triggered Execution: Image File Execution Options Injection
                                                                                                • Executes dropped EXE
                                                                                                • Loads dropped DLL
                                                                                                • Checks system information in the registry
                                                                                                • System Location Discovery: System Language Discovery
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                PID:4572
                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                                                  4⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Loads dropped DLL
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  • Modifies registry class
                                                                                                  PID:1132
                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                                                  4⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Loads dropped DLL
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  • Modifies registry class
                                                                                                  PID:5928
                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                    5⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    • Modifies registry class
                                                                                                    PID:5924
                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                    5⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    • Modifies registry class
                                                                                                    PID:1636
                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                    5⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    • Modifies registry class
                                                                                                    PID:5904
                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDQzMDIyQUUtM0Y2RC00N0IxLTlDNTAtOTA5MjA1NjExQjNFfSIgdXNlcmlkPSJ7Rjk0QzlGM0QtMzdBMy00NDMxLUFFQTctMjM5NUVEMzRDQzlFfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7Mzg3NjYzOEEtNzk0RS00QkE0LTkwNjEtMEE2QTZFQTk0RTg1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4zNSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRldGltZT0iMTczMTk0OTAzOCI-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE0NTk3NDI2NDQiLz48L2FwcD48L3JlcXVlc3Q-
                                                                                                  4⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Loads dropped DLL
                                                                                                  • Checks system information in the registry
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                  PID:3504
                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDQzMDIyQUUtM0Y2RC00N0IxLTlDNTAtOTA5MjA1NjExQjNFfSIgdXNlcmlkPSJ7Rjk0QzlGM0QtMzdBMy00NDMxLUFFQTctMjM5NUVEMzRDQzlFfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntGMTEyMEY4MS1BMzA1LTQ2MEUtOEI4MC1GMjRCNjU5QUQxQ0N9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjM1IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA2MjUxNzIzOTMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA2MjUyNjI0NzMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNDI3NjcyMzgxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNjhkNTc3YTAtMWY0YS00MzRmLWJkY2UtMTQ4ZWRjMWU0YTQwP1AxPTE3MzI1NTQxNTgmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9R1lKMHlWMVptcE9sZTdTaGg0d2JpUmFieFNoJTJiOXU5ZkpGaDhleWVTNUVLV1dFR1RYRXhxdHdSNVIyUTBXTkdobFlMbDNQR2lCZ0tJdGNTZUZVTnZndyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSI3Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNDI3NzA3MDAzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy82OGQ1NzdhMC0xZjRhLTQzNGYtYmRjZS0xNDhlZGMxZTRhNDA_UDE9MTczMjU1NDE1OCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1HWUoweVYxWm1wT2xlN1NoaDR3YmlSYWJ4U2glMmI5dTlmSkZoOGV5ZVM1RUtXV0VHVFhFeHF0d1I1UjJRMFdOR2hsWUxsM1BHaUJnS0l0Y1NlRlVOdmd3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTYzNTkyMCIgdG90YWw9IjE2MzU5MjAiIGRvd25sb2FkX3RpbWVfbXM9IjgwMTE2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNDI3NzUyNTE2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNDMzMDUyNDg1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iMjYiIHJkPSI2NTA1IiBwaW5nX2ZyZXNobmVzcz0iezBFNjk1RUE3LTg4MEYtNEQzOC1CNkEzLTA4MjJBNEZERTVFN30iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNzY0MjIzNjM0MDMzMDgwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iMjYiIHI9IjI2IiBhZD0iNjUwNSIgcmQ9IjY1MDUiIHBpbmdfZnJlc2huZXNzPSJ7NUY2OUY1OTktQkNCNC00Nzg0LTlCNzUtRkM0REQ5MDA4RTk4fSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Loads dropped DLL
                                                                                              • Checks system information in the registry
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              • System Network Configuration Discovery: Internet Connection Discovery
                                                                                              PID:1556
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                            1⤵
                                                                                            • Drops file in Windows directory
                                                                                            • Enumerates system info in registry
                                                                                            • Modifies data under HKEY_USERS
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            • Suspicious use of SendNotifyMessage
                                                                                            PID:4260
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffbf5b3cc40,0x7ffbf5b3cc4c,0x7ffbf5b3cc58
                                                                                              2⤵
                                                                                                PID:2184
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,11534770364141968564,6733176876901934684,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1904 /prefetch:2
                                                                                                2⤵
                                                                                                  PID:2880
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1776,i,11534770364141968564,6733176876901934684,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2136 /prefetch:3
                                                                                                  2⤵
                                                                                                    PID:5868
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,11534770364141968564,6733176876901934684,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2488 /prefetch:8
                                                                                                    2⤵
                                                                                                      PID:5460
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,11534770364141968564,6733176876901934684,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3148 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:4700
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,11534770364141968564,6733176876901934684,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3320 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:2380
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4596,i,11534770364141968564,6733176876901934684,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4572 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:1636
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3692,i,11534770364141968564,6733176876901934684,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4636 /prefetch:8
                                                                                                            2⤵
                                                                                                              PID:2016
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4656,i,11534770364141968564,6733176876901934684,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4800 /prefetch:8
                                                                                                              2⤵
                                                                                                                PID:216
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4784,i,11534770364141968564,6733176876901934684,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4788 /prefetch:8
                                                                                                                2⤵
                                                                                                                  PID:5468
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4400,i,11534770364141968564,6733176876901934684,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5048 /prefetch:8
                                                                                                                  2⤵
                                                                                                                    PID:372
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5172,i,11534770364141968564,6733176876901934684,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4908 /prefetch:8
                                                                                                                    2⤵
                                                                                                                      PID:2012
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5068,i,11534770364141968564,6733176876901934684,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5128 /prefetch:8
                                                                                                                      2⤵
                                                                                                                        PID:5592
                                                                                                                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                                      1⤵
                                                                                                                        PID:1412
                                                                                                                      • C:\Windows\system32\svchost.exe
                                                                                                                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                                                        1⤵
                                                                                                                          PID:2868
                                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                                          C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
                                                                                                                          1⤵
                                                                                                                            PID:5396
                                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                                                                            1⤵
                                                                                                                            • Executes dropped EXE
                                                                                                                            • Loads dropped DLL
                                                                                                                            • Checks system information in the registry
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                                            PID:4204
                                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                                                                            1⤵
                                                                                                                            • Executes dropped EXE
                                                                                                                            • Loads dropped DLL
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                                            PID:4544
                                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                                                            1⤵
                                                                                                                            • Executes dropped EXE
                                                                                                                            • Loads dropped DLL
                                                                                                                            • Checks system information in the registry
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            • Modifies data under HKEY_USERS
                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                                            PID:3956
                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0ZEQTgxOTYtNUMxMy00RTVELUIzQkYtNUUwMjkyNjEzRDU2fSIgdXNlcmlkPSJ7Rjk0QzlGM0QtMzdBMy00NDMxLUFFQTctMjM5NUVEMzRDQzlFfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RUMxNjZEOTktMjc0Mi00REI1LTlFN0YtMjU3ODhDMjhGQjZEfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtkbDR4SjNjSlNUTUR1bjNKZEwvNFp4RzlqSkxCbkNWditzTGZIVjZ1U1k0PSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMjYiIGluc3RhbGxkYXRldGltZT0iMTcyOTY5MzkyNSIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzc0MTY2NjMxMDk3MDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NzExNDM2MDA4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                                              2⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Loads dropped DLL
                                                                                                                              • Checks system information in the registry
                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                              • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                              PID:2788
                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{39E9C645-07C9-4B71-9FC9-5859B949EAB5}\MicrosoftEdge_X64_131.0.2903.51.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{39E9C645-07C9-4B71-9FC9-5859B949EAB5}\MicrosoftEdge_X64_131.0.2903.51.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                                                                                              2⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              PID:1412
                                                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{39E9C645-07C9-4B71-9FC9-5859B949EAB5}\EDGEMITMP_58317.tmp\setup.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{39E9C645-07C9-4B71-9FC9-5859B949EAB5}\EDGEMITMP_58317.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{39E9C645-07C9-4B71-9FC9-5859B949EAB5}\MicrosoftEdge_X64_131.0.2903.51.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                                                                                                3⤵
                                                                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Installs/modifies Browser Helper Object
                                                                                                                                • Drops file in Program Files directory
                                                                                                                                • Drops file in Windows directory
                                                                                                                                • Modifies Internet Explorer settings
                                                                                                                                • Modifies registry class
                                                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                                                • System policy modification
                                                                                                                                PID:1752
                                                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{39E9C645-07C9-4B71-9FC9-5859B949EAB5}\EDGEMITMP_58317.tmp\setup.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{39E9C645-07C9-4B71-9FC9-5859B949EAB5}\EDGEMITMP_58317.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{39E9C645-07C9-4B71-9FC9-5859B949EAB5}\EDGEMITMP_58317.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.51 --initial-client-data=0x2a0,0x2a4,0x2a8,0x27c,0x2ac,0x7ff6ade82918,0x7ff6ade82924,0x7ff6ade82930
                                                                                                                                  4⤵
                                                                                                                                  • Executes dropped EXE
                                                                                                                                  • Drops file in Windows directory
                                                                                                                                  PID:5980
                                                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{39E9C645-07C9-4B71-9FC9-5859B949EAB5}\EDGEMITMP_58317.tmp\setup.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{39E9C645-07C9-4B71-9FC9-5859B949EAB5}\EDGEMITMP_58317.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
                                                                                                                                  4⤵
                                                                                                                                  • Executes dropped EXE
                                                                                                                                  • Drops file in System32 directory
                                                                                                                                  • Drops file in Windows directory
                                                                                                                                  • Modifies data under HKEY_USERS
                                                                                                                                  PID:3948
                                                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{39E9C645-07C9-4B71-9FC9-5859B949EAB5}\EDGEMITMP_58317.tmp\setup.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{39E9C645-07C9-4B71-9FC9-5859B949EAB5}\EDGEMITMP_58317.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{39E9C645-07C9-4B71-9FC9-5859B949EAB5}\EDGEMITMP_58317.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.51 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6ade82918,0x7ff6ade82924,0x7ff6ade82930
                                                                                                                                    5⤵
                                                                                                                                    • Executes dropped EXE
                                                                                                                                    • Drops file in Windows directory
                                                                                                                                    PID:3332
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
                                                                                                                                  4⤵
                                                                                                                                  • Executes dropped EXE
                                                                                                                                  • Drops file in Windows directory
                                                                                                                                  PID:2512
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.51 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7152d2918,0x7ff7152d2924,0x7ff7152d2930
                                                                                                                                    5⤵
                                                                                                                                    • Executes dropped EXE
                                                                                                                                    • Drops file in Windows directory
                                                                                                                                    PID:2488
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
                                                                                                                                  4⤵
                                                                                                                                  • Executes dropped EXE
                                                                                                                                  • Drops file in Windows directory
                                                                                                                                  PID:1776
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.51\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.51 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7152d2918,0x7ff7152d2924,0x7ff7152d2930
                                                                                                                                    5⤵
                                                                                                                                    • Executes dropped EXE
                                                                                                                                    • Drops file in Windows directory
                                                                                                                                    PID:1068
                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0ZEQTgxOTYtNUMxMy00RTVELUIzQkYtNUUwMjkyNjEzRDU2fSIgdXNlcmlkPSJ7Rjk0QzlGM0QtMzdBMy00NDMxLUFFQTctMjM5NUVEMzRDQzlFfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins5RTBCMzQxRC01NDJBLTQ0QTctQUJGQi04MzFGNjZBOUJCMEJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xOTUuMzUiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iSXNPbkludGVydmFsQ29tbWFuZHNBbGxvd2VkPSU1QiUyMi10YXJnZXRfZGV2JTIwLW1pbl9icm93c2VyX3ZlcnNpb25fY2FuYXJ5X2RldiUyMDEzMS4wLjI4NzEuMCUyMiU1RCIgaW5zdGFsbGFnZT0iMCIgY29ob3J0PSJycmZAMC45MyI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjUzMSIgcGluZ19mcmVzaG5lc3M9InswRkVBQkFFMS01NEZELTQxOEItQjU1RC01MjQwRjg4QkM5NzZ9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iMTMxLjAuMjkwMy41MSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNzY0MjIzNjM0MDMzMDgwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDc2OTg3MzQ5NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDc3MDAyOTc5NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDgwNTgxMTgwOCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDgyMjIyMzY3NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTUzNTE1OTI4MTgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIzNTc4IiBkb3dubG9hZGVkPSIxNzY2MDc4MjQiIHRvdGFsPSIxNzY2MDc4MjQiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIyIiBpbnN0YWxsX3RpbWVfbXM9IjUyOTIyIi8-PHBpbmcgYWN0aXZlPSIwIiByZD0iNjUzMSIgcGluZ19mcmVzaG5lc3M9Ins1MkU0NzUyQi02OUZFLTREQUMtOEJDMi1DRkFEMjk5MEJFNEF9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEzMS4wLjI5MDMuNTEiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZT0iNjUzMSIgY29ob3J0PSJycmZAMC44OSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0ie0ZDRDREMjFDLUI2MEUtNDYyRS1CMEM3LTgwRTBDREIxRjg1NX0iLz48L2FwcD48L3JlcXVlc3Q-
                                                                                                                              2⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Loads dropped DLL
                                                                                                                              • Checks system information in the registry
                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                              • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                              PID:2060

                                                                                                                          Network

                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                          Reconnaissance

                                                                                                                          Resource Development

                                                                                                                          Initial Access

                                                                                                                          Phishing

                                                                                                                          1
                                                                                                                          T1566

                                                                                                                          Execution

                                                                                                                          Persistence

                                                                                                                          Boot or Logon Autostart Execution

                                                                                                                          1
                                                                                                                          T1547

                                                                                                                          Active Setup

                                                                                                                          1
                                                                                                                          T1547.014

                                                                                                                          Browser Extensions

                                                                                                                          1
                                                                                                                          T1176

                                                                                                                          Event Triggered Execution

                                                                                                                          2
                                                                                                                          T1546

                                                                                                                          Component Object Model Hijacking

                                                                                                                          1
                                                                                                                          T1546.015

                                                                                                                          Image File Execution Options Injection

                                                                                                                          1
                                                                                                                          T1546.012

                                                                                                                          Privilege Escalation

                                                                                                                          Boot or Logon Autostart Execution

                                                                                                                          1
                                                                                                                          T1547

                                                                                                                          Active Setup

                                                                                                                          1
                                                                                                                          T1547.014

                                                                                                                          Event Triggered Execution

                                                                                                                          2
                                                                                                                          T1546

                                                                                                                          Component Object Model Hijacking

                                                                                                                          1
                                                                                                                          T1546.015

                                                                                                                          Image File Execution Options Injection

                                                                                                                          1
                                                                                                                          T1546.012

                                                                                                                          Defense Evasion

                                                                                                                          Modify Registry

                                                                                                                          4
                                                                                                                          T1112

                                                                                                                          Credential Access

                                                                                                                          Discovery

                                                                                                                          Browser Information Discovery

                                                                                                                          1
                                                                                                                          T1217

                                                                                                                          Query Registry

                                                                                                                          5
                                                                                                                          T1012

                                                                                                                          System Information Discovery

                                                                                                                          5
                                                                                                                          T1082

                                                                                                                          System Location Discovery

                                                                                                                          1
                                                                                                                          T1614

                                                                                                                          System Language Discovery

                                                                                                                          1
                                                                                                                          T1614.001

                                                                                                                          System Network Configuration Discovery

                                                                                                                          1
                                                                                                                          T1016

                                                                                                                          Internet Connection Discovery

                                                                                                                          1
                                                                                                                          T1016.001

                                                                                                                          Lateral Movement

                                                                                                                          Collection

                                                                                                                          Command and Control

                                                                                                                          Exfiltration

                                                                                                                          Impact

                                                                                                                          Replay Monitor

                                                                                                                          Loading Replay Monitor...

                                                                                                                          Downloads

                                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.35\MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe
                                                                                                                            Filesize

                                                                                                                            1.6MB

                                                                                                                            MD5

                                                                                                                            dc1543edd0dcd56536304bdf56ef93f1

                                                                                                                            SHA1

                                                                                                                            1a8b2c7791f2faa1eb0a98478edee1c45847075c

                                                                                                                            SHA256

                                                                                                                            ccbb3d9a4877999a55b2ca6b8128481e91c4b56780f581226f916c0fb2db0772

                                                                                                                            SHA512

                                                                                                                            2a6b4aa39bc3e4d234909077d5c6d75b9968c1778d505cc12431afd7aebd01eb65ed2f6f0c53c67f18eed7e97b67a93bab8c44574e3918ccd5cfcd8681767056

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{39E9C645-07C9-4B71-9FC9-5859B949EAB5}\EDGEMITMP_58317.tmp\SETUP.EX_
                                                                                                                            Filesize

                                                                                                                            2.6MB

                                                                                                                            MD5

                                                                                                                            60c4164e5d4cc0649649b1241a5a14f6

                                                                                                                            SHA1

                                                                                                                            748d85cca4cbcd2fc5949cd5f23382a57d346091

                                                                                                                            SHA256

                                                                                                                            e26afbe1b5a10139c66c4950d86d357766aafb8521abfd85b525dc2348962c29

                                                                                                                            SHA512

                                                                                                                            f3b3337dcbc3a1b6b02420b26f6c496bd9bf01da45593e23b4a50b7be02f27e1a5b506236b097c69ce5cee90430ce677780007b7a768117912cd5b85bdbc9339

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{39E9C645-07C9-4B71-9FC9-5859B949EAB5}\EDGEMITMP_58317.tmp\setup.exe
                                                                                                                            Filesize

                                                                                                                            6.6MB

                                                                                                                            MD5

                                                                                                                            e8ecc691b6b345c25ea749591911d934

                                                                                                                            SHA1

                                                                                                                            b54f8b8ece5c4221c4180edfdef39df38a36ba21

                                                                                                                            SHA256

                                                                                                                            e226aafcb47b85afe8962b885921dd982bbeb356ddd1c66e5a6f42be80dd052a

                                                                                                                            SHA512

                                                                                                                            9364268b3e7333a6d52e3ab1eedb15c9cee98d5139be0708790275ef05abba12f32c2a39546b4c81f799d7ee662d5f705af9de28b0fca12a64c72ebcccd4f066

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA7B6.tmp\EdgeUpdate.dat
                                                                                                                            Filesize

                                                                                                                            12KB

                                                                                                                            MD5

                                                                                                                            369bbc37cff290adb8963dc5e518b9b8

                                                                                                                            SHA1

                                                                                                                            de0ef569f7ef55032e4b18d3a03542cc2bbac191

                                                                                                                            SHA256

                                                                                                                            3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

                                                                                                                            SHA512

                                                                                                                            4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA7B6.tmp\MicrosoftEdgeComRegisterShellARM64.exe
                                                                                                                            Filesize

                                                                                                                            179KB

                                                                                                                            MD5

                                                                                                                            7a160c6016922713345454265807f08d

                                                                                                                            SHA1

                                                                                                                            e36ee184edd449252eb2dfd3016d5b0d2edad3c6

                                                                                                                            SHA256

                                                                                                                            35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

                                                                                                                            SHA512

                                                                                                                            c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA7B6.tmp\MicrosoftEdgeUpdate.exe
                                                                                                                            Filesize

                                                                                                                            201KB

                                                                                                                            MD5

                                                                                                                            4dc57ab56e37cd05e81f0d8aaafc5179

                                                                                                                            SHA1

                                                                                                                            494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                                                                                                            SHA256

                                                                                                                            87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                                                                                                            SHA512

                                                                                                                            320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA7B6.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                            Filesize

                                                                                                                            212KB

                                                                                                                            MD5

                                                                                                                            60dba9b06b56e58f5aea1a4149c743d2

                                                                                                                            SHA1

                                                                                                                            a7e456acf64dd99ca30259cf45b88cf2515a69b3

                                                                                                                            SHA256

                                                                                                                            4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

                                                                                                                            SHA512

                                                                                                                            e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA7B6.tmp\MicrosoftEdgeUpdateCore.exe
                                                                                                                            Filesize

                                                                                                                            257KB

                                                                                                                            MD5

                                                                                                                            c044dcfa4d518df8fc9d4a161d49cece

                                                                                                                            SHA1

                                                                                                                            91bd4e933b22c010454fd6d3e3b042ab6e8b2149

                                                                                                                            SHA256

                                                                                                                            9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

                                                                                                                            SHA512

                                                                                                                            f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA7B6.tmp\NOTICE.TXT
                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            MD5

                                                                                                                            6dd5bf0743f2366a0bdd37e302783bcd

                                                                                                                            SHA1

                                                                                                                            e5ff6e044c40c02b1fc78304804fe1f993fed2e6

                                                                                                                            SHA256

                                                                                                                            91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

                                                                                                                            SHA512

                                                                                                                            f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA7B6.tmp\msedgeupdate.dll
                                                                                                                            Filesize

                                                                                                                            2.0MB

                                                                                                                            MD5

                                                                                                                            965b3af7886e7bf6584488658c050ca2

                                                                                                                            SHA1

                                                                                                                            72daabdde7cd500c483d0eeecb1bd19708f8e4a5

                                                                                                                            SHA256

                                                                                                                            d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

                                                                                                                            SHA512

                                                                                                                            1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA7B6.tmp\msedgeupdateres_af.dll
                                                                                                                            Filesize

                                                                                                                            28KB

                                                                                                                            MD5

                                                                                                                            567aec2d42d02675eb515bbd852be7db

                                                                                                                            SHA1

                                                                                                                            66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

                                                                                                                            SHA256

                                                                                                                            a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

                                                                                                                            SHA512

                                                                                                                            3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA7B6.tmp\msedgeupdateres_am.dll
                                                                                                                            Filesize

                                                                                                                            24KB

                                                                                                                            MD5

                                                                                                                            f6c1324070b6c4e2a8f8921652bfbdfa

                                                                                                                            SHA1

                                                                                                                            988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

                                                                                                                            SHA256

                                                                                                                            986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

                                                                                                                            SHA512

                                                                                                                            63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA7B6.tmp\msedgeupdateres_ar.dll
                                                                                                                            Filesize

                                                                                                                            26KB

                                                                                                                            MD5

                                                                                                                            570efe7aa117a1f98c7a682f8112cb6d

                                                                                                                            SHA1

                                                                                                                            536e7c49e24e9aa068a021a8f258e3e4e69fa64f

                                                                                                                            SHA256

                                                                                                                            e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

                                                                                                                            SHA512

                                                                                                                            5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA7B6.tmp\msedgeupdateres_as.dll
                                                                                                                            Filesize

                                                                                                                            28KB

                                                                                                                            MD5

                                                                                                                            a8d3210e34bf6f63a35590245c16bc1b

                                                                                                                            SHA1

                                                                                                                            f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

                                                                                                                            SHA256

                                                                                                                            3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

                                                                                                                            SHA512

                                                                                                                            6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA7B6.tmp\msedgeupdateres_az.dll
                                                                                                                            Filesize

                                                                                                                            29KB

                                                                                                                            MD5

                                                                                                                            7937c407ebe21170daf0975779f1aa49

                                                                                                                            SHA1

                                                                                                                            4c2a40e76209abd2492dfaaf65ef24de72291346

                                                                                                                            SHA256

                                                                                                                            5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

                                                                                                                            SHA512

                                                                                                                            8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA7B6.tmp\msedgeupdateres_bg.dll
                                                                                                                            Filesize

                                                                                                                            29KB

                                                                                                                            MD5

                                                                                                                            8375b1b756b2a74a12def575351e6bbd

                                                                                                                            SHA1

                                                                                                                            802ec096425dc1cab723d4cf2fd1a868315d3727

                                                                                                                            SHA256

                                                                                                                            a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

                                                                                                                            SHA512

                                                                                                                            aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA7B6.tmp\msedgeupdateres_bn-IN.dll
                                                                                                                            Filesize

                                                                                                                            29KB

                                                                                                                            MD5

                                                                                                                            a94cf5e8b1708a43393263a33e739edd

                                                                                                                            SHA1

                                                                                                                            1068868bdc271a52aaae6f749028ed3170b09cce

                                                                                                                            SHA256

                                                                                                                            5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

                                                                                                                            SHA512

                                                                                                                            920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA7B6.tmp\msedgeupdateres_bn.dll
                                                                                                                            Filesize

                                                                                                                            29KB

                                                                                                                            MD5

                                                                                                                            7dc58c4e27eaf84ae9984cff2cc16235

                                                                                                                            SHA1

                                                                                                                            3f53499ddc487658932a8c2bcf562ba32afd3bda

                                                                                                                            SHA256

                                                                                                                            e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

                                                                                                                            SHA512

                                                                                                                            bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA7B6.tmp\msedgeupdateres_bs.dll
                                                                                                                            Filesize

                                                                                                                            28KB

                                                                                                                            MD5

                                                                                                                            e338dccaa43962697db9f67e0265a3fc

                                                                                                                            SHA1

                                                                                                                            4c6c327efc12d21c4299df7b97bf2c45840e0d83

                                                                                                                            SHA256

                                                                                                                            99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

                                                                                                                            SHA512

                                                                                                                            e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA7B6.tmp\msedgeupdateres_en.dll
                                                                                                                            Filesize

                                                                                                                            27KB

                                                                                                                            MD5

                                                                                                                            4a1e3cf488e998ef4d22ac25ccc520a5

                                                                                                                            SHA1

                                                                                                                            dc568a6e3c9465474ef0d761581c733b3371b1cd

                                                                                                                            SHA256

                                                                                                                            9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

                                                                                                                            SHA512

                                                                                                                            ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
                                                                                                                            Filesize

                                                                                                                            6.8MB

                                                                                                                            MD5

                                                                                                                            7478745f2ffdcebdb1c5ccbd482312b8

                                                                                                                            SHA1

                                                                                                                            6f754125fdea66ca783875f7c6c0f96be14211d3

                                                                                                                            SHA256

                                                                                                                            ae19ae02450f9e885abbed2e40fbabf9992acf61fd206d6ec0da8fcc2ecfeecb

                                                                                                                            SHA512

                                                                                                                            9ff8e19eb3471d69654a9a83fdc62f9d340dfee344a1cc89802ab4924921edc2c4b1e4f6573143ac61cb61d970d6150ae694369c90ba453cfeb63966d85bf352

                                                                                                                            Download Submit

                                                                                                                          • C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                                                                                            Filesize

                                                                                                                            1.5MB

                                                                                                                            MD5

                                                                                                                            610b1b60dc8729bad759c92f82ee2804

                                                                                                                            SHA1

                                                                                                                            9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

                                                                                                                            SHA256

                                                                                                                            921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

                                                                                                                            SHA512

                                                                                                                            0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

                                                                                                                            Download Submit

                                                                                                                          • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                                                                                                            Filesize

                                                                                                                            84KB

                                                                                                                            MD5

                                                                                                                            e289adba8b1e9d32c6993b74491e9153

                                                                                                                            SHA1

                                                                                                                            d3355a26df84b1fd58be00caff757cd4c0afb328

                                                                                                                            SHA256

                                                                                                                            74d8aae390235ff8418db302177dd7de90bc63e20b353e96af1daefef189584e

                                                                                                                            SHA512

                                                                                                                            64cb63e4ce898d5c0170ca1059fac5375c7722816fe783385ed98561d175d7a912d2954ad58ef82fab90319946fc81f4a1a87c3990ee7bb46af128f1b0b8454f

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                                                                                            Filesize

                                                                                                                            649B

                                                                                                                            MD5

                                                                                                                            c642c139a15387c37389da0a87627b21

                                                                                                                            SHA1

                                                                                                                            80695757950af07c17206dafb36800a215c4d8d8

                                                                                                                            SHA256

                                                                                                                            feb5f7865d0449effb855dcc44a1fc6225f5fd60f13c5e72d92949471f2c177b

                                                                                                                            SHA512

                                                                                                                            b0d1fa919faa9700b383da6b8dffb6f0aeeea28207d703bab12270832b3e6c83b364c35c6acf713467c73ff0ee18d0da891e7fd17bacce00e60e3c34cde4c35e

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                                            Filesize

                                                                                                                            3KB

                                                                                                                            MD5

                                                                                                                            19349104a2f8af9da3c58375d82556c7

                                                                                                                            SHA1

                                                                                                                            4d9d096319d3efede52a2d8bf071920bad26bea6

                                                                                                                            SHA256

                                                                                                                            511335f243afe33c02af23fd448ef4b276d260762fb232f6330512c61e4181c4

                                                                                                                            SHA512

                                                                                                                            96065f0507f0b8523cf076621a2afbf391396c10791f746729c996a954b3020b0d383517c911f542059d155a3cb750534db45aebeb431b70da232a49ff3947e8

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                                                            Filesize

                                                                                                                            2B

                                                                                                                            MD5

                                                                                                                            d751713988987e9331980363e24189ce

                                                                                                                            SHA1

                                                                                                                            97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                            SHA256

                                                                                                                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                            SHA512

                                                                                                                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            356B

                                                                                                                            MD5

                                                                                                                            0ef6fc1ee5b4bfe17354d048e22935d8

                                                                                                                            SHA1

                                                                                                                            ad4ef0970499a4d20c721abfae95466c3a8925ce

                                                                                                                            SHA256

                                                                                                                            f5fd7331e77ce310179b3bbddd68cb80e737ab49b0e9dff08dd5a8379d615473

                                                                                                                            SHA512

                                                                                                                            d3f1fdd6d04174f1b2b5fc1537d9f8bb3dac56614818edcb98e2c3cca5795075b4f3ee1891220f8dd4c3b798bd097da9914eaaecc063959724e6affd83b414cb

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            9KB

                                                                                                                            MD5

                                                                                                                            4a20fee0b7fca077a9f6175f6817b2be

                                                                                                                            SHA1

                                                                                                                            502f7d915d6707b1926e121ad72048ed8251077f

                                                                                                                            SHA256

                                                                                                                            6d166e55bba23e39984b304826267fd00bc2de73530db0a58aa35c0335508ca9

                                                                                                                            SHA512

                                                                                                                            9a078b2d82ca4650f47e6ffc0108c556049bc58270d2be992c03eaa0a09019706b2fa2aa231f8ce3eab9eb70243187efb1a7a770ebc4f91f2c720baa053eb7f2

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                                                                            Filesize

                                                                                                                            15KB

                                                                                                                            MD5

                                                                                                                            de277c4d7e74f5b42d4686f063cee282

                                                                                                                            SHA1

                                                                                                                            acbbe4b8527c38394da12d15d9882e6a399ad72c

                                                                                                                            SHA256

                                                                                                                            b7d6474655d8073693f6fed368d189c23aebe19e10504fb0e5efdb4db6ae1909

                                                                                                                            SHA512

                                                                                                                            3d5a6962779e9662326de58c34529dd4d206d07645867d905db8dc7574a22f5247b7a672b613c06ef91146c068d344628e4cfa8150d19d93890bf99ed8263dc3

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                            Filesize

                                                                                                                            234KB

                                                                                                                            MD5

                                                                                                                            807e584c02f8589aa12ec142f6dec6ff

                                                                                                                            SHA1

                                                                                                                            fe5c49a9ccf3d15dc66a77147a2834e28f87b1a3

                                                                                                                            SHA256

                                                                                                                            2d6b8c09f07cefc1050666dcd1bcff05ad40d33f12b75a7e0d315106fa90bb32

                                                                                                                            SHA512

                                                                                                                            d480469a2ada9986bc3c3b6eab16e5d41a5ffde51e151a07e98b8e42f1a3dbb43ebee6c3e041f0ba6efc7f805b9d82982a15ebc0554ccf67dfac44c08bceca0c

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                            Filesize

                                                                                                                            234KB

                                                                                                                            MD5

                                                                                                                            3dc40744aba0c62ebc2683eeefac5d75

                                                                                                                            SHA1

                                                                                                                            10f6402e4d8c4c64af8d063b4eeac9b0b06992cb

                                                                                                                            SHA256

                                                                                                                            3090776d00cc39c12a8086589ce339b244e7ce99d82aa240ff45fd0fe7552fbc

                                                                                                                            SHA512

                                                                                                                            52c7d1337a5541aced626a66c5b720f183d54241119be3602b3a52307ac4279b5da9a197de45e56d20f1925c5a4f08a680729ea9df411053fcfadacd9da5be2e

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                            Filesize

                                                                                                                            152B

                                                                                                                            MD5

                                                                                                                            b5fffb9ed7c2c7454da60348607ac641

                                                                                                                            SHA1

                                                                                                                            8d1e01517d1f0532f0871025a38d78f4520b8ebc

                                                                                                                            SHA256

                                                                                                                            c8dddfb100f2783ecbb92cec7f878b30d6015c2844296142e710fb9e10cc7c73

                                                                                                                            SHA512

                                                                                                                            9182a7b31363398393df0e9db6c9e16a14209630cb256e16ccbe41a908b80aa362fc1a736bdfa94d3b74c3db636dc51b717fc31d33a9fa26c3889dec6c0076a7

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                            Filesize

                                                                                                                            152B

                                                                                                                            MD5

                                                                                                                            32d05d01d96358f7d334df6dab8b12ed

                                                                                                                            SHA1

                                                                                                                            7b371e4797603b195a34721bb21f0e7f1e2929da

                                                                                                                            SHA256

                                                                                                                            287349738fb9020d95f6468fa4a98684685d0195ee5e63e717e4b09aa99b402e

                                                                                                                            SHA512

                                                                                                                            e7f73b1af7c7512899728708b890acd25d4c68e971f84d2d5bc24305f972778d8bced6a3c7e3d9f977cf2fc82e0d9e3746a6ccb0f9668a709ac8a4db290c551c

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
                                                                                                                            Filesize

                                                                                                                            62KB

                                                                                                                            MD5

                                                                                                                            c813a1b87f1651d642cdcad5fca7a7d8

                                                                                                                            SHA1

                                                                                                                            0e6628997674a7dfbeb321b59a6e829d0c2f4478

                                                                                                                            SHA256

                                                                                                                            df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

                                                                                                                            SHA512

                                                                                                                            af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
                                                                                                                            Filesize

                                                                                                                            67KB

                                                                                                                            MD5

                                                                                                                            b275fa8d2d2d768231289d114f48e35f

                                                                                                                            SHA1

                                                                                                                            bb96003ff86bd9dedbd2976b1916d87ac6402073

                                                                                                                            SHA256

                                                                                                                            1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

                                                                                                                            SHA512

                                                                                                                            d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                                                                                                            Filesize

                                                                                                                            65KB

                                                                                                                            MD5

                                                                                                                            56d57bc655526551f217536f19195495

                                                                                                                            SHA1

                                                                                                                            28b430886d1220855a805d78dc5d6414aeee6995

                                                                                                                            SHA256

                                                                                                                            f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

                                                                                                                            SHA512

                                                                                                                            7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
                                                                                                                            Filesize

                                                                                                                            19KB

                                                                                                                            MD5

                                                                                                                            2e86a72f4e82614cd4842950d2e0a716

                                                                                                                            SHA1

                                                                                                                            d7b4ee0c9af735d098bff474632fc2c0113e0b9c

                                                                                                                            SHA256

                                                                                                                            c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

                                                                                                                            SHA512

                                                                                                                            7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
                                                                                                                            Filesize

                                                                                                                            20KB

                                                                                                                            MD5

                                                                                                                            19d72c7b2a69fa5d0f18c2324bc13b59

                                                                                                                            SHA1

                                                                                                                            7c4f4878660b2f6307c7b56aecacdd8f1ecd3cc3

                                                                                                                            SHA256

                                                                                                                            6e8dce0bb3b9d27d97f53c3b6669dd744236c6bd17a8395fc0187d96197aa1b2

                                                                                                                            SHA512

                                                                                                                            cc1541b15e378aaeb8fc0816ed3f25baf5b273f7e1ff389f2c02b1fb3992389d08bf2fcd32b50fb79e6efaf0816eeb51007dca492a701c95faadcde90e1b27a2

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
                                                                                                                            Filesize

                                                                                                                            48KB

                                                                                                                            MD5

                                                                                                                            baa9f9df378773cb28884dedeb3808f6

                                                                                                                            SHA1

                                                                                                                            9a43932d23ff5a9d449c6e85f6bc28f2fc221c64

                                                                                                                            SHA256

                                                                                                                            515270605d5a6ebee61b69bde18c4fa049479d99578524b17049cad5b481559d

                                                                                                                            SHA512

                                                                                                                            62ba4994b070564955b5df3775de2216f17ae2deeaa9441fe9c2cacca9c04b8f4b9690ce84ad6e4d4ae4bd794a8686773b0d9361dfcb38c9beef1cffbbc2b6e6

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d2a25d4c5d7c4414_0
                                                                                                                            Filesize

                                                                                                                            243B

                                                                                                                            MD5

                                                                                                                            7c5f692a896060f403a33ce2bd94b73c

                                                                                                                            SHA1

                                                                                                                            47e54acb8364694af9aad0869cb377a6a6d96dc0

                                                                                                                            SHA256

                                                                                                                            307d80573a03802aa86f5c490829db7be2ce865bb5c5a912c4525507422cf590

                                                                                                                            SHA512

                                                                                                                            47821485ac7baa21f5bbb000043f6f83dc4f1fec782776be91b21b95be81e0b29782af3c04241d181e40b9e5023dbee5f5212d9ef04cd6ecc5237f998cbd543d

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                            Filesize

                                                                                                                            48B

                                                                                                                            MD5

                                                                                                                            a92315be82495ee8b76399a5ef8af493

                                                                                                                            SHA1

                                                                                                                            e67c8d85538773b647ebed9d5ad7dbba9b13dc6f

                                                                                                                            SHA256

                                                                                                                            1b5b23d976e893dc7ca800c4774b8fbca926ebd360db0d8ee1d65e73cecacdb9

                                                                                                                            SHA512

                                                                                                                            f24b48ef63462c48362f7b2e54ad5ffb9ce595aae9411b11d5c10fb21ac7fe7b514c5c257a6bb7963175c026e09770d384648f25ff26ffbab91c74ce470b2397

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            c6f81372aee256bb9fb140c7a28e8129

                                                                                                                            SHA1

                                                                                                                            5da98020ee0c9a3e50880f859c259ac4caca92e4

                                                                                                                            SHA256

                                                                                                                            593b1db18450185082de984ae730e22250cf456599fce950db418c3180346574

                                                                                                                            SHA512

                                                                                                                            6b3c013fd6a51b94a85313f61b8337e23cb18b561ceeece01919bd52acac6c900063e34a3b213c7ac5a0aa8a15b38e3d2b4c62829fb4502aedae4af2db8352c8

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                            Filesize

                                                                                                                            3KB

                                                                                                                            MD5

                                                                                                                            7da54c74d0501f44d13a6bd4be4d9e03

                                                                                                                            SHA1

                                                                                                                            3dfb1e92daa2c9052852725dda9fff07a53fb3d9

                                                                                                                            SHA256

                                                                                                                            54730137147fe40085278c9f42ab0085f90c3ad38e0a136243d48a38bb4eabda

                                                                                                                            SHA512

                                                                                                                            602dfb845c44bab1d7fab4cc25b61eb2707038e8dae47c31a7e6cd1a99d78f544efe1b4e12dd4a6cb09c5ebec7df46e3d4f4256751706a081b95d9a674fb4c13

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                                                                                                                            Filesize

                                                                                                                            70KB

                                                                                                                            MD5

                                                                                                                            e5e3377341056643b0494b6842c0b544

                                                                                                                            SHA1

                                                                                                                            d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                                                                                                            SHA256

                                                                                                                            e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                                                                                                            SHA512

                                                                                                                            83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                            Filesize

                                                                                                                            6KB

                                                                                                                            MD5

                                                                                                                            59e9ba8961334ec187358f0901c5eb98

                                                                                                                            SHA1

                                                                                                                            0b2e69c3a4bf842beb1b571063b53ebf5e4245c7

                                                                                                                            SHA256

                                                                                                                            b985e24a7fd494b0b7617a55da2ee4459483b9a0d7624fe6c528894acb0c4b11

                                                                                                                            SHA512

                                                                                                                            6308114a2e0d381e2220d43514fde4b13b3f4fac9961e9973d046af120d7ffbc715057de4b8f25723e471ac2256b3c26aac71ab18a1adb6c9b067f7aec5b69f6

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                            Filesize

                                                                                                                            59B

                                                                                                                            MD5

                                                                                                                            78bfcecb05ed1904edce3b60cb5c7e62

                                                                                                                            SHA1

                                                                                                                            bf77a7461de9d41d12aa88fba056ba758793d9ce

                                                                                                                            SHA256

                                                                                                                            c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

                                                                                                                            SHA512

                                                                                                                            2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            MD5

                                                                                                                            e554156b7640db703046314fdbe1fd07

                                                                                                                            SHA1

                                                                                                                            632b906894db7a95d894186e6b4333794bdbcf09

                                                                                                                            SHA256

                                                                                                                            3499963d0c99e8f62a3575ef2f45357737e876aca0d53e85da5566d920da4f43

                                                                                                                            SHA512

                                                                                                                            15f7f66165debd5be284129cc7921a5601870b122d7aca73e391034d383ae1dd376aeeea01e5e1d729940e2f7f2c2ce738548d8155dcc756fa7d075a45eca03f

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe57c92c.TMP
                                                                                                                            Filesize

                                                                                                                            59B

                                                                                                                            MD5

                                                                                                                            2800881c775077e1c4b6e06bf4676de4

                                                                                                                            SHA1

                                                                                                                            2873631068c8b3b9495638c865915be822442c8b

                                                                                                                            SHA256

                                                                                                                            226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                                                                                                            SHA512

                                                                                                                            e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            6KB

                                                                                                                            MD5

                                                                                                                            ddec26bd474ad8627b5e68698d99f4cb

                                                                                                                            SHA1

                                                                                                                            1566a159a0f1ccc8ba046eae6933d2638d8bf523

                                                                                                                            SHA256

                                                                                                                            f6209063bb903c7759b98f19f6558ff9a6cca0e1edbd45c23fb7d7463e7fade6

                                                                                                                            SHA512

                                                                                                                            4c88ccce4944336be313c8173b7f55bdb797ebdf2d0bcf6dbb14b8ecb6c7809d3c71f47da7428fd2b3b43b82806e7aaf574249cb71220697204ec7935e7bd48b

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            9KB

                                                                                                                            MD5

                                                                                                                            f4b2d635bb7f61ee5e1f98290a7d6e0f

                                                                                                                            SHA1

                                                                                                                            f536c002ae82e4a2cbf2b7bc7dee76fbb1eb0d5a

                                                                                                                            SHA256

                                                                                                                            0d7472151189cbf737ebc9e4ce1c009cf91fe492f3fd049ed98daa89aa231489

                                                                                                                            SHA512

                                                                                                                            5e83744a670843fd505ec5aa33a7374c71e8b3ff75ac78dbd525ce4dfbd1ce9b35821e05a11119009219dc4983835e45ef369fd748b7aa39bfb0182508a1e9af

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            8KB

                                                                                                                            MD5

                                                                                                                            7b5284ae1e113d102624751acc4bd193

                                                                                                                            SHA1

                                                                                                                            fc49d27adc1ad11522df8c0e9acfb38629a35912

                                                                                                                            SHA256

                                                                                                                            5e15843c09cc39f3113c849d046022b7943267d3988e2f088554862724e0b7bf

                                                                                                                            SHA512

                                                                                                                            3322ebf8e309490c04f73d71d3cea7187dc0d512a494fcde99509213304206ad1793d0ea35c87834a1a74bf2b8c64d53577b212e2ad3b90265076531d45ab462

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            8KB

                                                                                                                            MD5

                                                                                                                            2bfcf69a70a699fea7c90e8ddbd50c04

                                                                                                                            SHA1

                                                                                                                            c2a978fa9e54f5eb1e5a990366ab41d46f3ebc1f

                                                                                                                            SHA256

                                                                                                                            f8f8b08adc86c008fa26a2194c8873ff150ece151b1a91844e95fd775136ff60

                                                                                                                            SHA512

                                                                                                                            2ffe4e169d225281c93476b1294d76686d9dcc5035e03e7ae86db125c6ddb799b93f92b302d37d532232e0fa1bfc74dddc475cffd9e2d6b11469af1df5cd8ae6

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            5KB

                                                                                                                            MD5

                                                                                                                            bbe14b2e1cb68b75b9dc6cf34881dd69

                                                                                                                            SHA1

                                                                                                                            ea5ec62fcca5c53b7efbab8403f7a65bbd4ec17a

                                                                                                                            SHA256

                                                                                                                            51a4c5ae5545a6307be8626a92b5c3a19066cc8af9b4d45590e4cf013c650c48

                                                                                                                            SHA512

                                                                                                                            771f4e313927cd1291d1ba21e493a2570dedfb05d143c22a2612abb505cabb7be849b91eec5f79bc8fc6b679c7b9136ead0da5f46c90767bb7fe9d85001c376b

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            5KB

                                                                                                                            MD5

                                                                                                                            cf05f053ade981a7d816757f0f41dc99

                                                                                                                            SHA1

                                                                                                                            d12116f60a3c1759018de75a95a4e39faacbbaec

                                                                                                                            SHA256

                                                                                                                            22bf46d0c692e87d51fd4df9658b94de098c6ec3a19d9f6ff871e7e5e4921d2a

                                                                                                                            SHA512

                                                                                                                            73b1539a8d21d22457ae91c3ebef10790d158c9012f204855ab21815896fa71ba5c0291f62558e19748af9806e6b47a2755181b52f57bc1e26ec6972f46bffda

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            6KB

                                                                                                                            MD5

                                                                                                                            69ddadd016e19ac0d273eee6ef5dae15

                                                                                                                            SHA1

                                                                                                                            828ee08a1cd0f15157b4c999b8725c63d0c85a8e

                                                                                                                            SHA256

                                                                                                                            7d3bb10f96a60c3d7ba9929f9edc46fa34bf2a281dfc43ff3a4fdb8a72d48817

                                                                                                                            SHA512

                                                                                                                            d0abf23231c2de0cf1376bea3b0abae4996129d0eb5bbfa0e16ac9fd98f6ea7460b8d59e48e0b87502fba76c0015c90cdcdb858f456a2526b3a6fab27933e494

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            6KB

                                                                                                                            MD5

                                                                                                                            b2aab4bda32b750f011b3a67b093b583

                                                                                                                            SHA1

                                                                                                                            ebc4df63ec13f2b707bef20ab24355227bacbd37

                                                                                                                            SHA256

                                                                                                                            e154b0597bb69d0748e98eb9d5105b4f2585f7d575d144af8d7eb1a7c83398f4

                                                                                                                            SHA512

                                                                                                                            31ac48a202be6495ba4fe1cf701889786534b835def5cda870cbb79699bc6f00c6a45a4f03a882f48c9a873a8fb9b83819fc28beaafd96c530d04db18e1e3b78

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            7KB

                                                                                                                            MD5

                                                                                                                            e28d50226bd5dc3d37ae5428849eca9e

                                                                                                                            SHA1

                                                                                                                            15e571fd5763c1c1d079d0f6a4b18e09e49d6459

                                                                                                                            SHA256

                                                                                                                            418b50fc25a7a16984c734de919595ee840a5e3c76eb4d0c4a2f09b91b7b8330

                                                                                                                            SHA512

                                                                                                                            ce2c41898a33a4f0a9164684e16351565681b60c6c07bb62517ae4d5bb0f08b6d2489e394dc7fe39be0fd272424b8a3083afcbb8cac24dabecd02100eedcd2c6

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            8KB

                                                                                                                            MD5

                                                                                                                            0a82fdfc27ea243f93371bcd42aa1e61

                                                                                                                            SHA1

                                                                                                                            0a4e3e7f9ee872575438fbe75efa6f5cd8740506

                                                                                                                            SHA256

                                                                                                                            6023b2215ec661ad5ebeb4c58d9f3261b0d769a7acb4f1659ba7d1ea652a745c

                                                                                                                            SHA512

                                                                                                                            f1048fff19686e9102daad4d197ff44348047666aea426973f402dacda24c6fb2f327518267929d63606ea562e64bd8ad31cf1eb8f8769e6bdba9c89a860cc4b

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            6KB

                                                                                                                            MD5

                                                                                                                            d5122fe45583a6e81d401bcffe72dbd6

                                                                                                                            SHA1

                                                                                                                            6a0f8cc47af814b201c2923ef876938a3f27f7e6

                                                                                                                            SHA256

                                                                                                                            17d1e8159d78ffc6a8edd8660834e36c75c4f799e6f529aa077c0b46ccfd9fd1

                                                                                                                            SHA512

                                                                                                                            a137601c7d9b9830964ad695427853da2c5ba04afedf2ecb5c5a126700d9944660c8d1a6aab3816715298925fd3000d78bc37e4988740ba36e1fb01d408656c7

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                                                            Filesize

                                                                                                                            24KB

                                                                                                                            MD5

                                                                                                                            6e466bd18b7f6077ca9f1d3c125ac5c2

                                                                                                                            SHA1

                                                                                                                            32a4a64e853f294d98170b86bbace9669b58dfb8

                                                                                                                            SHA256

                                                                                                                            74fc4f126c0a55211be97a17dc55a73113008a6f27d0fc78b2b47234c0389ddc

                                                                                                                            SHA512

                                                                                                                            9bd77ee253ce4d2971a4b07ed892526ed20ff18a501c6ba2a180c92be62e4a56d4bbf20ba3fc4fbf9cf6ce68b3817cb67013ad5f30211c5af44c1e98608cb9e3

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                                                            Filesize

                                                                                                                            24KB

                                                                                                                            MD5

                                                                                                                            ac2b76299740efc6ea9da792f8863779

                                                                                                                            SHA1

                                                                                                                            06ad901d98134e52218f6714075d5d76418aa7f5

                                                                                                                            SHA256

                                                                                                                            cc35a810ed39033fa4f586141116e74e066e9c0c3a8c8a862e8949e3309f9199

                                                                                                                            SHA512

                                                                                                                            eec3c24ce665f00cd28a2b60eb496a685ca0042c484c1becee89c33c6b0c93d901686dc0142d3c490d349d8b967ecbbd2f45d26c64052fb41aad349100bd8f77

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                                                                            Filesize

                                                                                                                            72B

                                                                                                                            MD5

                                                                                                                            5a1fbff4af0b8e277a834188b4d6c36e

                                                                                                                            SHA1

                                                                                                                            6eade0ea8d84f5cf56b7d5cb0fb922002e38c837

                                                                                                                            SHA256

                                                                                                                            7185c92339eace2af216a2f79a64ade7e60b17d3a367b895762c389c449e0f57

                                                                                                                            SHA512

                                                                                                                            1e44b8aa9fb78c7311d3efeea283c8837b30e8b394ae348ee4b76656c82033d43ef464ef573116080b83ce704490df2188b348bbbe607285dc2ce217fe7f5ca6

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58cffd.TMP
                                                                                                                            Filesize

                                                                                                                            48B

                                                                                                                            MD5

                                                                                                                            f0f59c67bfff2d516fbc1522d5a6347a

                                                                                                                            SHA1

                                                                                                                            13d769c472b399f43ed07a50b47f0b05afd29aab

                                                                                                                            SHA256

                                                                                                                            105a48a118f31e96e8908cb0a51a3a9e947f74312053506ec9feaff90fbad37a

                                                                                                                            SHA512

                                                                                                                            f4687a620877c508a62b1e2626440bb66959ab4e45c7d1d7e043f02db96ef276e95e05918c30143dac3dd7e11019dab97ec0bf6052a4589c4b466e12e8e9724b

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            3d1b873cea1df585888215edaa30a891

                                                                                                                            SHA1

                                                                                                                            1b298f3399499fe99c072d575bca8f3648c7a6c5

                                                                                                                            SHA256

                                                                                                                            8d2ca7664855ec8c04ca9d13c5305febcabf863e0255f6e480880186465c03b6

                                                                                                                            SHA512

                                                                                                                            cdd195d463bd3c5b8cfd72a7e979b7d7e89061637633b2bde53944be8de9877e186a81ef50e8ce6edd32c4b2fb068196b8f7b59063af05ee75f986ff354ace09

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            d953fc21d335f6416c4aae37607db0e3

                                                                                                                            SHA1

                                                                                                                            0a9657d457896b7ced0a9c2c9be561901d80c9e3

                                                                                                                            SHA256

                                                                                                                            6e5ec12cfdb2bebb2856c432ca97411737dd57fc5f34daaba88bf5588761e09a

                                                                                                                            SHA512

                                                                                                                            40ece8b90341517bf6b6409c6136099f69fd49eb027f981586d43cfa27821d1ca63fa5991feb9c377c2436aa22f62d0b99d56dbf3c76d66ad760e0e17c870a8d

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            17f12a15093072b1cc591c350692e2e0

                                                                                                                            SHA1

                                                                                                                            168b998042f679c026942ada787aee90dc0b9cc2

                                                                                                                            SHA256

                                                                                                                            c61f8c4bee029860f34e2a4789b732fd7fe3f02aadcb15bf5a6648da9e8c1061

                                                                                                                            SHA512

                                                                                                                            c9ac5631757d7d2ccaf78dabe9ee3976f3c44cf0a3d67b595a36d04e6f81be62bf55a9ede1c6cb0c81a7db17e472d9e6830af6e8e4a57de3069493c039f24adb

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            222016a44e5aa0d1c8f35046cb787974

                                                                                                                            SHA1

                                                                                                                            1f053209496e3f95ed5da682b7e96a11ee682fc3

                                                                                                                            SHA256

                                                                                                                            1f83fa753d8a7dcbd4665f003fd33ffa525bed817ad5331a33577e55d357c287

                                                                                                                            SHA512

                                                                                                                            b76d1cb6cf9d09ca809f08d1e04eeb03cb025ebe244a9de1f94eaf0ad5fa33ba5b856f91bdb5eab96e79ead73fd2dd78e25de82805e6fca04ac6974db34d50c9

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            9f4c37c9b788fe39e9fde7a152004924

                                                                                                                            SHA1

                                                                                                                            bd3ff9091bd1adf7ed3dc539e828af777c793a33

                                                                                                                            SHA256

                                                                                                                            2d8f826dace1ab7d25846fa7cb9551219bee7e8df9828085bd0e23934585cc64

                                                                                                                            SHA512

                                                                                                                            2ae8ed35b6ab288989110a5ad2a974daca0f98f37062d42a789d16885bee205861c640063456401e4426ac728bbb86e49b202c1ff79fe83ddb969b05f29d44ec

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            3KB

                                                                                                                            MD5

                                                                                                                            b4e0079cf7893194fbddaad2d26722dc

                                                                                                                            SHA1

                                                                                                                            7c9f5f91b774a65bfcca4ab6b443e6959373f911

                                                                                                                            SHA256

                                                                                                                            7cc35c68ad4490cb0d62d92b68741194d73bbe4c0b89389630fb36dd6a5252c5

                                                                                                                            SHA512

                                                                                                                            5eee7a8393a0d8832c2f1545ba2711eeca9683a44daf7c8c227514564ce6b0d5114e0e87575cabbb56378e5600417c7c359312e41ff88beeff5dc568acc65ac2

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fe46.TMP
                                                                                                                            Filesize

                                                                                                                            539B

                                                                                                                            MD5

                                                                                                                            cba81554e5e626f4531a7814483ad750

                                                                                                                            SHA1

                                                                                                                            8a54ca304a675d8ad9bb241fc2def957f6c4a588

                                                                                                                            SHA256

                                                                                                                            409b1d2c3852083d6176b3f6c9d504e999fe48b30567e5f5176a0d57d94bdddd

                                                                                                                            SHA512

                                                                                                                            145eaca9b37bb359272460382f289f3a236a92925d5a2bf33b5e194c11011066e9374eac1aa72557370a0950d446fb03ef018dfe0e0665f5231ce7aad689d1a2

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                            Filesize

                                                                                                                            16B

                                                                                                                            MD5

                                                                                                                            206702161f94c5cd39fadd03f4014d98

                                                                                                                            SHA1

                                                                                                                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                                            SHA256

                                                                                                                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                                            SHA512

                                                                                                                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp
                                                                                                                            Filesize

                                                                                                                            16B

                                                                                                                            MD5

                                                                                                                            46295cac801e5d4857d09837238a6394

                                                                                                                            SHA1

                                                                                                                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                            SHA256

                                                                                                                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                            SHA512

                                                                                                                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
                                                                                                                            Filesize

                                                                                                                            41B

                                                                                                                            MD5

                                                                                                                            5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                                            SHA1

                                                                                                                            d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                                            SHA256

                                                                                                                            f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                                            SHA512

                                                                                                                            de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                            Filesize

                                                                                                                            8KB

                                                                                                                            MD5

                                                                                                                            1d35c3dab201cdc177195763b9f3783d

                                                                                                                            SHA1

                                                                                                                            af0cba988a2b979efce2a99a9f06b1ea2fb41d67

                                                                                                                            SHA256

                                                                                                                            cfdc6027ed4ef92bfa93a67938000afe0a7dc94cf3591a9967ae42644e925ac0

                                                                                                                            SHA512

                                                                                                                            97f88a6bd182c85c83e83484d3a07fd02b1058e8ea928249eaf97b00a0d0b72f5d731d09459b5c0713301b0fe8db3edfc9267dc7d729f2de6089cd82e1d7cef8

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                            Filesize

                                                                                                                            11KB

                                                                                                                            MD5

                                                                                                                            c472c7e80ec28b909691ae7f61deb099

                                                                                                                            SHA1

                                                                                                                            2274419037bb49c678e0f67b64a4ec5f69d2a420

                                                                                                                            SHA256

                                                                                                                            a67abc3fe9cf0e773012ea8c579a1e5204e5677707c445218fd787b5b20e88ba

                                                                                                                            SHA512

                                                                                                                            203c5663a0939c5947d8c240ce478e49ab9a42eb9b7c7d3ef86b1b1d572e5f7950b5a7dc0031b10c4d5572d99cd8d69f766bd2bc01ec3d22d6db863d832cc63c

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                            Filesize

                                                                                                                            11KB

                                                                                                                            MD5

                                                                                                                            675f4a0a563d2a8f3703a619ee920451

                                                                                                                            SHA1

                                                                                                                            f624dcb41e9901881d11cb606beca2bda5d62634

                                                                                                                            SHA256

                                                                                                                            e23e50500325604e4148c645200336732eb32dbc22567e4788bf8c489ceb909e

                                                                                                                            SHA512

                                                                                                                            88085dc5d6326ec21230a754747962e156c611d3df27028b58e262d684c037da1d2b799a6dfd74cef2d977c6f84e9845cb4c9ac26757cbb9d28ff016f8cdcf57

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                            Filesize

                                                                                                                            11KB

                                                                                                                            MD5

                                                                                                                            b24f72c144651e31795808c3dc5a386c

                                                                                                                            SHA1

                                                                                                                            9a1ce9e09a94c903f631cdbef0074f9527b76d28

                                                                                                                            SHA256

                                                                                                                            d9490af1d4b3f12700777ff771c71450dd9616ab29fccbf4ab21f364e8be5ad3

                                                                                                                            SHA512

                                                                                                                            2dd7bf7058729acccb5f4226e467d058c41828649c41ddd78cb711eaf279cc675d8badd283236830efded75cec0dab58fbe8cf5791385a0726834dd7a60947df

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                                                                                            Filesize

                                                                                                                            264KB

                                                                                                                            MD5

                                                                                                                            3e4ba2461f90fdfef9ad83e7e0bdc8db

                                                                                                                            SHA1

                                                                                                                            76f79cae8bd9201f770808487ef03ec97db26248

                                                                                                                            SHA256

                                                                                                                            52d358823fb3b35f8e3a5be53f7840e5d71f66cd53d9b8127823223bada938e9

                                                                                                                            SHA512

                                                                                                                            f268dbbec40b74772ec8413cb09be16cdf03025f70aff9f44061f421855348327c571604b4953415bf49dced8d570384a73fb4f22cc44375b3adc8767f71425c

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                                                            Filesize

                                                                                                                            3KB

                                                                                                                            MD5

                                                                                                                            a3e6e1e19f90bfebff186cb97da83c82

                                                                                                                            SHA1

                                                                                                                            ed386b420ceef53fc2dc4d026cf808303493a3d7

                                                                                                                            SHA256

                                                                                                                            724bf08f92f742fb9aed22c5d0cd8c27f2c88a43033cb39c444e13e8a13f851c

                                                                                                                            SHA512

                                                                                                                            7dc30ecb271a19be5833890763fe4388efe4d21b9bfb68889af3a7abd7025683859b50784318cfaa053a9294439597a57d463c3f78824fb77d776a36d2a707ef

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                                                            Filesize

                                                                                                                            10KB

                                                                                                                            MD5

                                                                                                                            f688b7657842e3121aad1eca0084faa2

                                                                                                                            SHA1

                                                                                                                            1843540bcd966ca4a831948c71d842abe0d0bd7a

                                                                                                                            SHA256

                                                                                                                            692a2de0f651ddcf848aa8350b719003afd4b5d55f4181a825d001f1ffb32865

                                                                                                                            SHA512

                                                                                                                            714aa7d70b80e6c29a4ac01504bb1fa5a5d4b79fb6ea94fcb19d21f880cee45b445d76640e4f6e51507dbb0528da13f23504731aa86223d544cf90987144d8af

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                                                            Filesize

                                                                                                                            3KB

                                                                                                                            MD5

                                                                                                                            d24ab612b550a939e1122bd43d2b5aab

                                                                                                                            SHA1

                                                                                                                            1f0050204a95fe1b941bc474d811f32bf5d63813

                                                                                                                            SHA256

                                                                                                                            0f25343de222214fae628b794dd9f46f632e77cf7c6bcd86f41b6707020a4016

                                                                                                                            SHA512

                                                                                                                            1250ea942d8dc920ede775e1d8530c97ee380d4e4d89fbd8d61c9408ae331e2d7decc0b508b617f8326f274537229e4f5214b24eea3493d6cefbc94cf3626f05

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                                                            Filesize

                                                                                                                            10KB

                                                                                                                            MD5

                                                                                                                            170aff22715d3a13be13afeeaacccf25

                                                                                                                            SHA1

                                                                                                                            fbff97601ee1f03af78addd032fa0bcf8f6ec25b

                                                                                                                            SHA256

                                                                                                                            f6ccf8a98cde6f441dd0a4f36dc6375a15d3adf47b2cc2dca765ee3897bc9351

                                                                                                                            SHA512

                                                                                                                            ba5c2fbdc19855a635759c52882014b7c7f901be4774cf381aa1c0d4523e887f1ac2be3a747cf4d9f4b2a1badb026d4caee72e82535fdb39a661fededa00856f

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                                                            Filesize

                                                                                                                            8KB

                                                                                                                            MD5

                                                                                                                            f36f6fb82cb60c8b31ba75176b8ea379

                                                                                                                            SHA1

                                                                                                                            b2c7bd363b11fc2a8ad9f846d09183adbae5f939

                                                                                                                            SHA256

                                                                                                                            67d86300c5812224f35c0248a7a0d7d30740d4f9888da278c88abdf4bbe64faf

                                                                                                                            SHA512

                                                                                                                            14172f8cb00f5c9c2980672a27a98f46384b6a03d505850fb8f92df4eb6cebbe1427a53652af823cf0320bb485afc0392fa152ca75d46aef15245f301237d2ee

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 187259.crdownload
                                                                                                                            Filesize

                                                                                                                            278KB

                                                                                                                            MD5

                                                                                                                            ae7659ddd28dd899f73954109dd9c460

                                                                                                                            SHA1

                                                                                                                            1c0495339e78d2bf4b6c8d53e4d5f42d47fc5396

                                                                                                                            SHA256

                                                                                                                            3d45be1924b7c40f60290b5f04b9c028aa5963bdeeba793adcf7f7938d095fae

                                                                                                                            SHA512

                                                                                                                            8ac46369c3cd615c8c60d020c8ef683c1a31680c6fae2f617fa81bbf5dfe5f0016bba5439dfbc25fc3aaba742f61d00140566f1a0578503ab74d2af13d22c35a

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 243223.crdownload
                                                                                                                            Filesize

                                                                                                                            6.8MB

                                                                                                                            MD5

                                                                                                                            91563396f82674c0b8a13a5bd4faa2cc

                                                                                                                            SHA1

                                                                                                                            becfde376e3053a2593640e8fbb743890077ed07

                                                                                                                            SHA256

                                                                                                                            c4e4b832dfab883152602b2ffef83f57281ebd8d08b3b8b12540f580fe0526d0

                                                                                                                            SHA512

                                                                                                                            07ee5e4084c24885ce735e93c314700dfaad96bf1b65e63a36a9c14c9f91a14fb6d4e26a534627e6a0df9416ce6a80f0539af3e50d5606489638a36b6da95e09

                                                                                                                            Download Submit

                                                                                                                          • C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
                                                                                                                            Filesize

                                                                                                                            280B

                                                                                                                            MD5

                                                                                                                            d94ff9671b2b1f322f6361ca2fbd6570

                                                                                                                            SHA1

                                                                                                                            5ffc89d6fd35b20a44b67703841c339646c7c4ca

                                                                                                                            SHA256

                                                                                                                            aa25eebc9e4d5ffa4ddb19475fedcffc37faac0c02aa034d16795593193fbfd1

                                                                                                                            SHA512

                                                                                                                            875940967622ee54f13ac336dc38317027698056def6a72218427f64b3de6d5528e754654ea78d79367a84a007c9c7cf12e7f1f4cc0d368640dff8c300478995

                                                                                                                            Download Submit

                                                                                                                          • \??\pipe\LOCAL\crashpad_4400_LCQNDKAYATYRXFQI
                                                                                                                            MD5

                                                                                                                            d41d8cd98f00b204e9800998ecf8427e

                                                                                                                            SHA1

                                                                                                                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                            SHA256

                                                                                                                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                            SHA512

                                                                                                                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                            Download Submit

                                                                                                                          • memory/4840-1387-0x0000000072EE0000-0x00000000730F0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            2.1MB

                                                                                                                            Download

                                                                                                                          • memory/4840-1365-0x0000000072EE0000-0x00000000730F0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            2.1MB

                                                                                                                            Download

                                                                                                                          • memory/4840-1358-0x0000000072EE0000-0x00000000730F0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            2.1MB

                                                                                                                            Download

                                                                                                                          • memory/4840-1357-0x00000000005D0000-0x0000000000605000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            212KB

                                                                                                                            Download

                                                                                                                          • memory/4840-1565-0x0000000072EE0000-0x00000000730F0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            2.1MB

                                                                                                                            Download

                                                                                                                          • memory/4840-1569-0x0000000072EE0000-0x00000000730F0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            2.1MB

                                                                                                                            Download