Overview

overview

8

Static

static

1

URLScan

urlscan

https://github.com/s...

windows11-21h2-x64

8

Analysis

  • max time kernel
    840s
  • max time network
    786s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21-12-2024 15:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/suffz/luna/raw/refs/heads/main/Bootstrapper.zip

Score
8/10
adwarediscoveryevasionpersistenceprivilege_escalationstealertrojan

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs
    persistence
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 55 IoCs
  • Loads dropped DLL 64 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

    discovery
  • Checks system information in the registry 2 TTPs 24 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 6 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 39 IoCs
  • Suspicious use of SendNotifyMessage 16 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 5 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/suffz/luna/raw/refs/heads/main/Bootstrapper.zip
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:904
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff800953cb8,0x7ff800953cc8,0x7ff800953cd8
      2⤵
        PID:4036
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,6913939552791820331,7958583366286948922,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
        2⤵
          PID:3496
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,6913939552791820331,7958583366286948922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3536
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,6913939552791820331,7958583366286948922,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
          2⤵
            PID:1932
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6913939552791820331,7958583366286948922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
            2⤵
              PID:1752
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6913939552791820331,7958583366286948922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
              2⤵
                PID:1564
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6913939552791820331,7958583366286948922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
                2⤵
                  PID:3352
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6913939552791820331,7958583366286948922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
                  2⤵
                    PID:1576
                  • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,6913939552791820331,7958583366286948922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4708
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6913939552791820331,7958583366286948922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
                    2⤵
                      PID:2916
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,6913939552791820331,7958583366286948922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
                      2⤵
                      • NTFS ADS
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1376
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6913939552791820331,7958583366286948922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
                      2⤵
                        PID:1508
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,6913939552791820331,7958583366286948922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
                        2⤵
                          PID:4212
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,6913939552791820331,7958583366286948922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:248
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:1236
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4788
                          • C:\Windows\System32\rundll32.exe
                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                            1⤵
                              PID:2788
                            • C:\Users\Admin\Desktop\Bootstrapper\Luna\Bootstrapper.exe
                              "C:\Users\Admin\Desktop\Bootstrapper\Luna\Bootstrapper.exe"
                              1⤵
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of AdjustPrivilegeToken
                              PID:3832
                              • C:\Users\Admin\Desktop\Bootstrapper\Luna\luna\Luna.exe
                                luna\Luna.exe
                                2⤵
                                • Executes dropped EXE
                                • Loads dropped DLL
                                • Suspicious use of AdjustPrivilegeToken
                                PID:4776
                                • C:\Users\Admin\Desktop\Bootstrapper\Luna\luna\Luna.exe
                                  C:\Users\Admin\Desktop\Bootstrapper\Luna\luna\Luna.exe
                                  3⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Checks whether UAC is enabled
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:912
                                  • C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
                                    C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
                                    4⤵
                                    • Executes dropped EXE
                                    • Drops file in Program Files directory
                                    • System Location Discovery: System Language Discovery
                                    PID:2952
                                    • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                      5⤵
                                      • Event Triggered Execution: Image File Execution Options Injection
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • Checks system information in the registry
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious behavior: EnumeratesProcesses
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:4472
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                        6⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • System Location Discovery: System Language Discovery
                                        • Modifies registry class
                                        PID:4648
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                        6⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • System Location Discovery: System Language Discovery
                                        • Modifies registry class
                                        PID:3384
                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                          7⤵
                                          • Executes dropped EXE
                                          • Loads dropped DLL
                                          • Modifies registry class
                                          PID:5020
                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                          7⤵
                                          • Executes dropped EXE
                                          • Loads dropped DLL
                                          • Modifies registry class
                                          PID:3096
                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                          7⤵
                                          • Executes dropped EXE
                                          • Loads dropped DLL
                                          • Modifies registry class
                                          PID:5088
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Mjk1RDRDMjgtQ0FEMS00NkVBLUE3QTItRERDQjlFMzUwM0Q0fSIgdXNlcmlkPSJ7MjdEQjY3NUUtNzJBMS00MTNCLUI1RjItRkQ3QzhGQjE3NkVGfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezBENURDNzZGLTc3MDgtNEFGNS04NUEyLTEyOTlERDBDNUYxN30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuNDkzIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTQzLjU3IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4zOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTA5MjMyNjkwMiIgaW5zdGFsbF90aW1lX21zPSI2MjUiLz48L2FwcD48L3JlcXVlc3Q-
                                        6⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • Checks system information in the registry
                                        • System Location Discovery: System Language Discovery
                                        • System Network Configuration Discovery: Internet Connection Discovery
                                        PID:3080
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{295D4C28-CAD1-46EA-A7A2-DDCB9E3503D4}"
                                        6⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • System Location Discovery: System Language Discovery
                                        PID:1932
                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msSmartScreenProtection --mojo-named-platform-channel-pipe=912.1532.4045383118273226720
                                    4⤵
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    • Checks system information in the registry
                                    • Drops file in Windows directory
                                    • Enumerates system info in registry
                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                    • System policy modification
                                    PID:2056
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=131.0.2903.112 --initial-client-data=0x17c,0x180,0x184,0x158,0x18c,0x7fffedb36070,0x7fffedb3607c,0x7fffedb36088
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:5088
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1832,i,4618653836701430953,6216041161161459462,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1828 /prefetch:2
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:3364
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2072,i,4618653836701430953,6216041161161459462,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:11
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:2220
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2216,i,4618653836701430953,6216041161161459462,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:13
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:4524
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3548,i,4618653836701430953,6216041161161459462,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:1
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:4696
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4748,i,4618653836701430953,6216041161161459462,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:5064
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4764,i,4618653836701430953,6216041161161459462,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4788 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:3356
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4788,i,4618653836701430953,6216041161161459462,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4768 /prefetch:10
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:1512
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4632,i,4618653836701430953,6216041161161459462,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4660 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:2992
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4288,i,4618653836701430953,6216041161161459462,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4404 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:1652
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2812,i,4618653836701430953,6216041161161459462,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1040 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:4316
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=3772,i,4618653836701430953,6216041161161459462,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:5052
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4784,i,4618653836701430953,6216041161161459462,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:4724
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4800,i,4618653836701430953,6216041161161459462,262144 --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4884 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:3572
                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                              1⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Checks system information in the registry
                              • System Location Discovery: System Language Discovery
                              • Modifies data under HKEY_USERS
                              PID:4616
                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Mjk1RDRDMjgtQ0FEMS00NkVBLUE3QTItRERDQjlFMzUwM0Q0fSIgdXNlcmlkPSJ7MjdEQjY3NUUtNzJBMS00MTNCLUI1RjItRkQ3QzhGQjE3NkVGfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MDEzOTlERTEtN0VDQS00NTk3LTgxQkYtNTc2QUZDNUEzNEYxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7Y0JZRVlYODcxdHNHdUtKYW82M1hqVXQ1dkpFOVh4Q1RuRTdIMFBnVWpLRT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9Ijc1IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MjgzMDM5ODQiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM3Mjc3NjcxODY3NDAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDk2Mzg5MzQ1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                2⤵
                                • Executes dropped EXE
                                • Loads dropped DLL
                                • Checks system information in the registry
                                • System Location Discovery: System Language Discovery
                                • System Network Configuration Discovery: Internet Connection Discovery
                                PID:4924
                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2135503C-9C8F-4278-98A9-09251677B504}\MicrosoftEdge_X64_131.0.2903.112.exe
                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2135503C-9C8F-4278-98A9-09251677B504}\MicrosoftEdge_X64_131.0.2903.112.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                2⤵
                                • Executes dropped EXE
                                PID:4976
                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2135503C-9C8F-4278-98A9-09251677B504}\EDGEMITMP_670FA.tmp\setup.exe
                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2135503C-9C8F-4278-98A9-09251677B504}\EDGEMITMP_670FA.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2135503C-9C8F-4278-98A9-09251677B504}\MicrosoftEdge_X64_131.0.2903.112.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                  3⤵
                                  • Executes dropped EXE
                                  • Drops file in Program Files directory
                                  • Drops file in Windows directory
                                  PID:3640
                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2135503C-9C8F-4278-98A9-09251677B504}\EDGEMITMP_670FA.tmp\setup.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2135503C-9C8F-4278-98A9-09251677B504}\EDGEMITMP_670FA.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2135503C-9C8F-4278-98A9-09251677B504}\EDGEMITMP_670FA.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.112 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff78f782918,0x7ff78f782924,0x7ff78f782930
                                    4⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    PID:1824
                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Mjk1RDRDMjgtQ0FEMS00NkVBLUE3QTItRERDQjlFMzUwM0Q0fSIgdXNlcmlkPSJ7MjdEQjY3NUUtNzJBMS00MTNCLUI1RjItRkQ3QzhGQjE3NkVGfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0E3MjFBRDRFLTZBNTQtNDMzMi1CRUUzLUY3NzNDRUVCQTc2Mn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuNDkzIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMS4wLjI5MDMuMTEyIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTAyNjM5NDA5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTEwMjYzOTQwOSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU3ODAwMzQyNjkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzdkOWNkOTNjLTFkNWUtNDQ5Yi05YWQ3LWYxZThkNmI5MDUwOT9QMT0xNzM1Mzk4NzI3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWF1UzAwZiUyYkRubnM2NHU5WThuRk1qWTl3bVhNNXpiVkpWREMyOFV1c2YlMmJBWW9QamR0dWZWV0s5RTUzN1hFOUh2c2hCR0hDRnM3UGtjSGdhbTAlMmZCRElRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc2ODcwOTc2IiB0b3RhbD0iMTc2ODcwOTc2IiBkb3dubG9hZF90aW1lX21zPSI2MTA5OSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU3ODAxOTA1MTgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NzkzMzE2MzU0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NDA1Mzc5NzMxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMzEzIiBkb3dubG9hZF90aW1lX21zPSI2Nzc0MCIgZG93bmxvYWRlZD0iMTc2ODcwOTc2IiB0b3RhbD0iMTc2ODcwOTc2IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MTIwNyIvPjwvYXBwPjwvcmVxdWVzdD4
                                2⤵
                                • Executes dropped EXE
                                • Loads dropped DLL
                                • Checks system information in the registry
                                • System Location Discovery: System Language Discovery
                                • System Network Configuration Discovery: Internet Connection Discovery
                                PID:3696
                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                              1⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • System Location Discovery: System Language Discovery
                              • Suspicious use of AdjustPrivilegeToken
                              PID:1812
                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                              1⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Checks system information in the registry
                              • System Location Discovery: System Language Discovery
                              • Modifies data under HKEY_USERS
                              • Suspicious use of AdjustPrivilegeToken
                              PID:5112
                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F1CC004-F6A8-40FA-AD3E-FAA559A28D88}\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe
                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F1CC004-F6A8-40FA-AD3E-FAA559A28D88}\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe" /update /sessionid "{66C1773D-5664-4AFC-AEFC-998370853163}"
                                2⤵
                                • Executes dropped EXE
                                • Drops file in Program Files directory
                                • System Location Discovery: System Language Discovery
                                PID:5076
                                • C:\Program Files (x86)\Microsoft\Temp\EU5324.tmp\MicrosoftEdgeUpdate.exe
                                  "C:\Program Files (x86)\Microsoft\Temp\EU5324.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{66C1773D-5664-4AFC-AEFC-998370853163}"
                                  3⤵
                                  • Event Triggered Execution: Image File Execution Options Injection
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Checks system information in the registry
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:4108
                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                    4⤵
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    • System Location Discovery: System Language Discovery
                                    • Modifies registry class
                                    PID:3956
                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                    4⤵
                                    • Executes dropped EXE
                                    • System Location Discovery: System Language Discovery
                                    • Modifies registry class
                                    PID:2496
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                      5⤵
                                      • Executes dropped EXE
                                      • Modifies registry class
                                      PID:564
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                      5⤵
                                      • Executes dropped EXE
                                      • Modifies registry class
                                      PID:2776
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                      5⤵
                                      • Executes dropped EXE
                                      • Modifies registry class
                                      PID:5052
                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjZDMTc3M0QtNTY2NC00QUZDLUFFRkMtOTk4MzcwODUzMTYzfSIgdXNlcmlkPSJ7MjdEQjY3NUUtNzJBMS00MTNCLUI1RjItRkQ3QzhGQjE3NkVGfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7MkUxNTRGMDYtQzlCMy00QTFDLUEyMjQtNDFCQjU0NzdEQ0E2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7Y0JZRVlYODcxdHNHdUtKYW82M1hqVXQ1dkpFOVh4Q1RuRTdIMFBnVWpLRT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuNDMiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzQ3OTM5MjUiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg0NzY1NTk2NDkiLz48L2FwcD48L3JlcXVlc3Q-
                                    4⤵
                                    • Executes dropped EXE
                                    • Checks system information in the registry
                                    • System Location Discovery: System Language Discovery
                                    • System Network Configuration Discovery: Internet Connection Discovery
                                    PID:3068
                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjZDMTc3M0QtNTY2NC00QUZDLUFFRkMtOTk4MzcwODUzMTYzfSIgdXNlcmlkPSJ7MjdEQjY3NUUtNzJBMS00MTNCLUI1RjItRkQ3QzhGQjE3NkVGfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntCQkE4MUVCMS1CMDE4LTQ1MUYtOTAyMy03OTQ3QjdGMTFFQzN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtjQllFWVg4NzF0c0d1S0phbzYzWGpVdDV2SkU5WHhDVG5FN0gwUGdVaktFPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS40MyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJJc09uSW50ZXJ2YWxDb21tYW5kc0FsbG93ZWQ9JTVCJTIyLXRhcmdldF9kZXYlMjAtbWluX2Jyb3dzZXJfdmVyc2lvbl9jYW5hcnlfZGV2JTIwMTMzLjAuMjk3MC4wJTIyJTVEIiBpbnN0YWxsYWdlPSIwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NDUyMTQxNzMzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg0NTIxNDE3MzMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg0NTk5OTczNDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8yMDdlODAzNS05OWJlLTQ1ZDItYjJhYS0xODVmNjcwOWM0MDM_UDE9MTczNTM5OTA2MiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1uVW5FTUowQ3oyUG8xVVYlMmIlMmJCUWx2VTVYUyUyYmhkYzZSQWxHRXFmejdNT0Q5eVhNUUtiQkdFYmI5a1hsVW8zQ2pLUUd2MjJ1RyUyZkhFT0tkMlJPJTJiQTI5eHclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NDU5OTk3MzQwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8yMDdlODAzNS05OWJlLTQ1ZDItYjJhYS0xODVmNjcwOWM0MDM_UDE9MTczNTM5OTA2MiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1uVW5FTUowQ3oyUG8xVVYlMmIlMmJCUWx2VTVYUyUyYmhkYzZSQWxHRXFmejdNT0Q5eVhNUUtiQkdFYmI5a1hsVW8zQ2pLUUd2MjJ1RyUyZkhFT0tkMlJPJTJiQTI5eHclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjU0MzQ0IiB0b3RhbD0iMTY1NDM0NCIgZG93bmxvYWRfdGltZV9tcz0iNjEzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg0NTk5OTczNDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODQ2NTQyNDc4MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxwaW5nIHI9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaXNfcGlubmVkX3N5c3RlbT0idHJ1ZSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzc5MjY3NDg4NzcyMDc4MCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSItMSIgYWQ9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTMxLjAuMjkwMy4xMTIiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgdXBkYXRlX2NvdW50PSIxIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNzkyNjc2NTgwNjU3NjIwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9Ii0xIiBhZD0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9Ins0RDE0NkZEMC05QTY3LTQ4OTYtODREMS0wOUU1RDc2MTg4MkF9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                2⤵
                                • Executes dropped EXE
                                • Loads dropped DLL
                                • Checks system information in the registry
                                • System Location Discovery: System Language Discovery
                                • System Network Configuration Discovery: Internet Connection Discovery
                                PID:4808
                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                              1⤵
                              • Executes dropped EXE
                              • System Location Discovery: System Language Discovery
                              • Suspicious use of AdjustPrivilegeToken
                              PID:4404
                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                              1⤵
                              • Executes dropped EXE
                              • Checks system information in the registry
                              • System Location Discovery: System Language Discovery
                              • Modifies data under HKEY_USERS
                              • Suspicious use of AdjustPrivilegeToken
                              PID:3568
                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5E465090-1B66-4C4D-A071-87A2EAC846AD}\MicrosoftEdge_X64_131.0.2903.112.exe
                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5E465090-1B66-4C4D-A071-87A2EAC846AD}\MicrosoftEdge_X64_131.0.2903.112.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                2⤵
                                • Executes dropped EXE
                                PID:2748
                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5E465090-1B66-4C4D-A071-87A2EAC846AD}\EDGEMITMP_B7F35.tmp\setup.exe
                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5E465090-1B66-4C4D-A071-87A2EAC846AD}\EDGEMITMP_B7F35.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5E465090-1B66-4C4D-A071-87A2EAC846AD}\MicrosoftEdge_X64_131.0.2903.112.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                  3⤵
                                  • Boot or Logon Autostart Execution: Active Setup
                                  • Executes dropped EXE
                                  • Installs/modifies Browser Helper Object
                                  • Drops file in Program Files directory
                                  • Drops file in Windows directory
                                  • Modifies Internet Explorer settings
                                  • Modifies registry class
                                  • Suspicious use of AdjustPrivilegeToken
                                  • System policy modification
                                  PID:4664
                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5E465090-1B66-4C4D-A071-87A2EAC846AD}\EDGEMITMP_B7F35.tmp\setup.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5E465090-1B66-4C4D-A071-87A2EAC846AD}\EDGEMITMP_B7F35.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5E465090-1B66-4C4D-A071-87A2EAC846AD}\EDGEMITMP_B7F35.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.112 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff745bf2918,0x7ff745bf2924,0x7ff745bf2930
                                    4⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    PID:4316
                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5E465090-1B66-4C4D-A071-87A2EAC846AD}\EDGEMITMP_B7F35.tmp\setup.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5E465090-1B66-4C4D-A071-87A2EAC846AD}\EDGEMITMP_B7F35.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
                                    4⤵
                                    • Executes dropped EXE
                                    • Drops file in System32 directory
                                    • Drops file in Windows directory
                                    • Modifies data under HKEY_USERS
                                    PID:2764
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5E465090-1B66-4C4D-A071-87A2EAC846AD}\EDGEMITMP_B7F35.tmp\setup.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5E465090-1B66-4C4D-A071-87A2EAC846AD}\EDGEMITMP_B7F35.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5E465090-1B66-4C4D-A071-87A2EAC846AD}\EDGEMITMP_B7F35.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.112 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff745bf2918,0x7ff745bf2924,0x7ff745bf2930
                                      5⤵
                                      • Executes dropped EXE
                                      PID:1032
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
                                    4⤵
                                    • Executes dropped EXE
                                    • Drops file in Windows directory
                                    PID:4284
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.112 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff69f1b2918,0x7ff69f1b2924,0x7ff69f1b2930
                                      5⤵
                                      • Executes dropped EXE
                                      • Drops file in Windows directory
                                      PID:896
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
                                    4⤵
                                    • Executes dropped EXE
                                    • Drops file in Program Files directory
                                    • Drops file in Windows directory
                                    PID:2064
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.112 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff69f1b2918,0x7ff69f1b2924,0x7ff69f1b2930
                                      5⤵
                                      • Executes dropped EXE
                                      • Drops file in Windows directory
                                      PID:1148
                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Qjc0RjU2N0ItOTY5MC00MTU0LUI2MzItNEYzNkZFQTU4MEY3fSIgdXNlcmlkPSJ7MjdEQjY3NUUtNzJBMS00MTNCLUI1RjItRkQ3QzhGQjE3NkVGfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins1OUU4MURERC1BQTJGLTRGMTYtODUxQS1CQzc5MDY4MzlCNUF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtjQllFWVg4NzF0c0d1S0phbzYzWGpVdDV2SkU5WHhDVG5FN0gwUGdVaktFPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjQzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0lNUIlMjItdGFyZ2V0X2RldiUyMC1taW5fYnJvd3Nlcl92ZXJzaW9uX2NhbmFyeV9kZXYlMjAxMzMuMC4yOTcwLjAlMjIlNUQiIGluc3RhbGxhZ2U9IjAiIGNvaG9ydD0icnJmQDAuODQiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjY1NjQiIHBpbmdfZnJlc2huZXNzPSJ7NzYwMDE1MTQtNjdBQi00REFDLUE5NEUtQjUwQUZGMkMzODNBfSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IjEzMS4wLjI5MDMuMTEyIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM3OTI2NzQ4ODc3MjA3ODAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExOTk4OTA0ODE4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExOTk5MDYwMzc0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyMDI1NDA5MzI4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyMDM5MTM4MjY1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjU2MzUxODQ3NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijg0OCIgZG93bmxvYWRlZD0iMTc2ODcwOTc2IiB0b3RhbD0iMTc2ODcwOTc2IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMiIgaW5zdGFsbF90aW1lX21zPSI1MjQwNiIvPjxwaW5nIGFjdGl2ZT0iMCIgcmQ9IjY1NjQiIHBpbmdfZnJlc2huZXNzPSJ7RjE0RjQzQjctQjFDRi00RjRBLTlFQTItOUQzNTkwQUQzNzREfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMzEuMC4yOTAzLjExMiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBjb2hvcnQ9InJyZkAwLjMwIiB1cGRhdGVfY291bnQ9IjEiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM3OTI2NzY1ODA2NTc2MjAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIwIiByZD0iNjU2NCIgcGluZ19mcmVzaG5lc3M9InsxREQzOTZBOS0zQ0VFLTQzMjQtOTZDOS00NUE2NEIwQjE1MTF9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                2⤵
                                • Executes dropped EXE
                                • Checks system information in the registry
                                • System Location Discovery: System Language Discovery
                                • System Network Configuration Discovery: Internet Connection Discovery
                                PID:1096

                            Network

                            MITRE ATT&CK Enterprise v15

                            Reconnaissance

                            Resource Development

                            Initial Access

                            Execution

                            Persistence

                            Boot or Logon Autostart Execution

                            1
                            T1547

                            Active Setup

                            1
                            T1547.014

                            Browser Extensions

                            1
                            T1176

                            Event Triggered Execution

                            2
                            T1546

                            Component Object Model Hijacking

                            1
                            T1546.015

                            Image File Execution Options Injection

                            1
                            T1546.012

                            Privilege Escalation

                            Boot or Logon Autostart Execution

                            1
                            T1547

                            Active Setup

                            1
                            T1547.014

                            Event Triggered Execution

                            2
                            T1546

                            Component Object Model Hijacking

                            1
                            T1546.015

                            Image File Execution Options Injection

                            1
                            T1546.012

                            Defense Evasion

                            Modify Registry

                            4
                            T1112

                            Credential Access

                            Discovery

                            Browser Information Discovery

                            1
                            T1217

                            Network Share Discovery

                            1
                            T1135

                            Query Registry

                            4
                            T1012

                            System Information Discovery

                            4
                            T1082

                            System Location Discovery

                            1
                            T1614

                            System Language Discovery

                            1
                            T1614.001

                            System Network Configuration Discovery

                            1
                            T1016

                            Internet Connection Discovery

                            1
                            T1016.001

                            Lateral Movement

                            Collection

                            Command and Control

                            Web Service

                            1
                            T1102

                            Exfiltration

                            Impact

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Installer\setup.exe
                              Filesize

                              6.6MB

                              MD5

                              f0dc48bc6e1b1a2b0b15c769d4c01835

                              SHA1

                              66c1ba4912ae18b18e2ae33830a6ba0939bb9ef1

                              SHA256

                              7ada85f31a3b501eaecd2aa37b8df1f74b470b355279b5db2d1fbc0bb7de4889

                              SHA512

                              d2ceeaf987446f7463e84a6286dc1c8f50a80466af641f77d174826189ff5a56b048e616ad8d97ddb12a2f68e182af80309be717367224605c06dcf74a84cc0f

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.43\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe
                              Filesize

                              1.6MB

                              MD5

                              83f7907f5d4dc316bd1f0f659bb73d52

                              SHA1

                              6fc1ac577f127d231b2a6bf5630e852be5192cf2

                              SHA256

                              dac76ce6445baeae894875c114c76f95507539cb32a581f152b6f4ed4ff43819

                              SHA512

                              a57059ef5d66d3c5260c725cae02012cf763268bd060fa6bc3064aedff9275d5d1628ff8138261f474136ab11724e9f951a5fdd3759f91476336903eb3b53224

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5E465090-1B66-4C4D-A071-87A2EAC846AD}\EDGEMITMP_B7F35.tmp\SETUP.EX_
                              Filesize

                              2.6MB

                              MD5

                              2ddec22bd2a90587544f7b60d07a87ab

                              SHA1

                              e98d492b63b876009298c7e90e2460d8ee59c4bf

                              SHA256

                              71f93ac62911d1e1671cf7f15e0851d4c9b98e4783ec9b0fa0ed5ee12a4d483b

                              SHA512

                              a11a37c73d54e818fc38b263123351b4418ee3674e1398cab11b79e4d7b895b411dfa02dd26f22a8781786e7e0d6ef44a0f6ba099a2ee3dc9dc224a5d968e678

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\EdgeUpdate.dat
                              Filesize

                              12KB

                              MD5

                              369bbc37cff290adb8963dc5e518b9b8

                              SHA1

                              de0ef569f7ef55032e4b18d3a03542cc2bbac191

                              SHA256

                              3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

                              SHA512

                              4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\MicrosoftEdgeComRegisterShellARM64.exe
                              Filesize

                              182KB

                              MD5

                              d6092c49adbe6e336129589db40dd865

                              SHA1

                              f2727da0cd0fff082401adaf779c4ba8c961e3c7

                              SHA256

                              6474d531f1b8788451f9a0d9e421dfa236279466c09d783c3e6bdadf7306b909

                              SHA512

                              ff2a7ab954fec2c75e5e61bf752c23e127417eda22a332a40c0e0e7a44757645308c74f7852268eb7de1307907234421e0cf684bab2fea24e1e7a653e601bf1c

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\MicrosoftEdgeUpdate.exe
                              Filesize

                              201KB

                              MD5

                              9da54f5a8726349124dbdca094448a11

                              SHA1

                              a80642cf316be9570494a4c74949024f5d59f042

                              SHA256

                              f04efee822f9b2baf2f9b4ea576b9908804b6990497b82c549a34ba54b1b4807

                              SHA512

                              d84a5ac786f8bd0eabe4b1c50c7cbac8828ed2e3eb9a064936b65f0cf07f30e7362d44bda1c95a6652708ebb94e139781acf9cf7c0bdc642620136c6d01e2d62

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                              Filesize

                              215KB

                              MD5

                              d09470f63c3b544d68480425950c6954

                              SHA1

                              413c9b4059278aef05eb124028cda19329f9d5de

                              SHA256

                              16f4836dfd0647421e492b789928b5aa116f74b85ca91b46ba5873890d008334

                              SHA512

                              d47d74e1a80efc6ee775a664269c961f5514b15670d682e1c6e50771a55643b0a2e2b4945a36793a2fcde7d488370275a58ac5552f119e273bb6c84411f46938

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\MicrosoftEdgeUpdateCore.exe
                              Filesize

                              262KB

                              MD5

                              db5cf5b7795b922a9f07561e7213ba01

                              SHA1

                              152552ce0f0bb080287b8a9b830577399a6814ee

                              SHA256

                              a8ce896d4e64a0246b1cfbba3d3f39a11350c017c7dc19e5bc4dabf0109fb0ef

                              SHA512

                              2a2df6ed810ce8fe30f1c42bec81ce8237609d8a490a8bceb31af22eaa6dbe17c39083b20c5100a0ee8b206632fc77854b3ecaac2a76de6ffda2d3d94c92a3e2

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\NOTICE.TXT
                              Filesize

                              4KB

                              MD5

                              6dd5bf0743f2366a0bdd37e302783bcd

                              SHA1

                              e5ff6e044c40c02b1fc78304804fe1f993fed2e6

                              SHA256

                              91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

                              SHA512

                              f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdate.dll
                              Filesize

                              2.1MB

                              MD5

                              3f84ac83fa44fb5e069640648e1660e7

                              SHA1

                              d54e05bbef5f9abad7f6b506cd699a281305ee73

                              SHA256

                              17c62e9ed5bebdcce2ac0cb41a255c5f63f6544fb5ab148b6810617b854f6319

                              SHA512

                              3c23d6d616249c20759ea3cdf8221dbab0684c745aa362fdf1e505547fb651b08ee33acc3471af27e32bc66e7b1397eb56cded5650b5f43da52291569d48a813

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_af.dll
                              Filesize

                              29KB

                              MD5

                              c3485f9e2bbd4462f969c1a2b1ade357

                              SHA1

                              a7884e39cb43e8272f586be7193211703ffd8a81

                              SHA256

                              6dc5593c42c16ebc1765afa6e8ef2af3fac6602a62197e0d614be330109e74cb

                              SHA512

                              0d7c1ed739e586e8a371e04117de6a5d4ee7d273ba550c13fb7b84e0500405a9fa4202bb8b96fa2a310baa639e3c4d0bc52764417bf7d75324c988b684d64628

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_am.dll
                              Filesize

                              24KB

                              MD5

                              908bbadc3ea726e2610ef6632b996694

                              SHA1

                              6246e19af8da064c725bcf384ececf1fe1aed43f

                              SHA256

                              fc8ef54504842074382f27576a36c7437429cfb876ad5b5332160a8e26255f1c

                              SHA512

                              60c05efc76f3bd1b4f1604d3f9c8d123752aa62726b6311ffd14cfb79d7c25023caad1932f5f146722bb0eb647e125277bec10cf1d18997c646b83f04d8e7de7

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_ar.dll
                              Filesize

                              26KB

                              MD5

                              01859e622da96bb235d0fd3a3e6b7871

                              SHA1

                              f12555f480c12c1aa10911116a5e37446524c0b0

                              SHA256

                              07718806c8a31133868cffaee5a07ca721e4f4c6ae4fd0deef67ef2a29eefae8

                              SHA512

                              72b5a421f5ff15620cd5e15fd8763b69dc1e9c84701655651992fffd9b79f3e25e11c864c955a5f9beb2f678c03cd59e5a89c10e13a68c57b406971ec6345903

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_as.dll
                              Filesize

                              29KB

                              MD5

                              96463afd6026b13c098019b02b0ad312

                              SHA1

                              96cfd64628e572db01d7fee237add6c48af43bfd

                              SHA256

                              b8a2774f687eaa0f25da96e7cf1497d5e6d84e567f7d0c89d5bd33931b2674fa

                              SHA512

                              df91cdcba5e6780fcc5ad9d24e25c3e714dd568f515a53dce3a05b9b49c3312a65860d7156fd5524c8ee907f15d3d9ad900b6ad37c0ff2a8631bc8932d397105

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_az.dll
                              Filesize

                              29KB

                              MD5

                              9772dfcec02c842821cfccbf066f61b9

                              SHA1

                              571326a12f51ee034ab9ce8224363c2050f3fbfc

                              SHA256

                              27035173c82bde66600ee0cea45d98f6c000575b7deb9e670346a521caababab

                              SHA512

                              d4104d310ddcf6ff7ac3a8f6df6b611848c0d0a0a716a958e2f1ce13a9096430081f99134068f0472a2a058d5e6ce2abf0f1ff9abcf4ce0bdbced07731de7f5f

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_bg.dll
                              Filesize

                              29KB

                              MD5

                              5c4c5b2c1dfe89adf51d753e5a83f6bd

                              SHA1

                              e277714e69b3628586a4f74260e9c06ab00700d8

                              SHA256

                              ac722db8cd409584c7529b4791773b56454d91c404222c7e9bc3f8a4d4aec448

                              SHA512

                              d5fdbdaa9a0296262b37af95ba9e7f0bdd4de09e9b131f29afe37677ea9c22a9db374b4d2fa903875775a66a04543aed60661eabd1ad9d61cf40892bf593b1c6

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_bn-IN.dll
                              Filesize

                              29KB

                              MD5

                              1771018a12f869ddfee465b4294d2b14

                              SHA1

                              9d13d4fe3ef612fe1cb55237eec340374f88f6c6

                              SHA256

                              6ef242c7e8d2b1002f739cbf5485afd67c4972e36042c26b8dfd0133ae5122d5

                              SHA512

                              23edf73610839ac089283306b54dad93975d64cfd799d64f71a330f184253565d7c90d452e9fe028c4b1ec4fca9296e98c524a1ca5eaf11e97738e4fe50fe3a8

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_bn.dll
                              Filesize

                              29KB

                              MD5

                              987f13d745a887a41da69a0ce1db4c9c

                              SHA1

                              133b52d1529183e5fb90b6c8eab5115419e592c1

                              SHA256

                              08383c9fa45d4c1fe441cb259fa0722b55ec2236e8dea471e380fb4fa35977a1

                              SHA512

                              6abc8caa7da1b59014098e17a6d71d19edeb91184c41e16025d02218a7e1e6b908c27bbd342ddf2a7bf3e75ef23d086cdb7cc7b11af8e13f1ff0b7a002d34312

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_bs.dll
                              Filesize

                              29KB

                              MD5

                              1f906baf25ce4d4a48ccbe4c912931d6

                              SHA1

                              16ccdf2b6c9dcc9fd143973945c3d12c7e4fc716

                              SHA256

                              dff265bd7a3a50bd18212d9c58f1a61e32c6821e520e20e5d8a929fffd8ed65b

                              SHA512

                              e06228f79abd81c493a68c620682924b6ecaf11b7879f1bf216d6260824c4f6a3d99e3468b14e23387d14a0338868c47ae145eb3f08cfc80a7cc6add20f5d6ed

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
                              Filesize

                              30KB

                              MD5

                              2dc7cdf70843a980a71adcc497d7f4b9

                              SHA1

                              f71d6e6ae98dd7116d6b586466bb16d8d21507d9

                              SHA256

                              20e69e1f8ddf7282d90b1c1c7593d7d3593eebb2e72b98bdd26d4c7a560cfecd

                              SHA512

                              c4be6389d67bb4b4607380c21ceddcfac20f2f747a584d64753bbdbeca03b868464cb8237ae567bffc4109e1bd17c6cda96b5936f3314fee6461cc50f16b9789

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_ca.dll
                              Filesize

                              30KB

                              MD5

                              d8ffca3af6de1085b758e43fa27d931f

                              SHA1

                              151e778acab2149253b2de643c6f0ce1d5a7a582

                              SHA256

                              3a5464f9dcbbdaa0248906a5595b7247fb59ac3eb1f3f22b27bb095430de8843

                              SHA512

                              2d1182e5fc17e928d1eda4b1749cc1a0f214bedfb4bac844994543a8d031af01d474adce2c3bd96dc33e4d7852e69d4424c3077f82a2d661cf3b5e40ba7eae5e

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_cs.dll
                              Filesize

                              28KB

                              MD5

                              7a6d098cd7b6e8dfc510579d7c56e0e0

                              SHA1

                              da70f2875e796c4fd8c6e8bf58eb1ce232193925

                              SHA256

                              643163c67aa0f4e145c34a34e8fbf93a1a5779f8ebb30a91ac07032813695131

                              SHA512

                              6995bea3f571381ba6ad8fe0e66400fd9c98963db0ebd4f7064e575c383b0150024aa29cd56224daccad2c79354a2d662637b472b518840ed9b7210d614bd632

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_cy.dll
                              Filesize

                              28KB

                              MD5

                              8d67274407499bf8991c444c064d8829

                              SHA1

                              d02b897a797b019a1e70383b0797c751577bd3df

                              SHA256

                              edf8f2c128e9c73553aff7b06dc0c91a05adf576d4970715dc1f168ed233c1ad

                              SHA512

                              ce401b7b069ae27cafa7aa8efb5be4d01296307699c686a62da1a5556619a6ae88ecaa2fe4a3e03a6bd9651eaa1455695e08e46ef3771b581adf9c97f6d0b2b3

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_da.dll
                              Filesize

                              29KB

                              MD5

                              b2ccb7c497f7f253e6c5fd07450d4b7c

                              SHA1

                              1174e4dce062ed9cefd9e4ee6205dbbda80d116d

                              SHA256

                              72538c238927c342f953beb6b7e2b7423e75d12b0ca5c33d4e1d8701e890badd

                              SHA512

                              9838658d8f7e6073827ef614ca628b1883f79e9f0a78424e3c7779b972eff5549f9c4b9869c39c686eae9695268af9eb201d4b8320e97a53f629e48d8b835c75

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_de.dll
                              Filesize

                              31KB

                              MD5

                              d727efc2844c23ada09c756629250734

                              SHA1

                              e1d383a2690ea6eaf573286f2a8fef82bc42b5db

                              SHA256

                              7e06b7c22830140dcb56c0277541e789d115743e49c9410e6055f320bb88bbbc

                              SHA512

                              b475fc13c371ee121ae8a469bffdba1c3d54166f46e328d431d1a3237e2deebf6963365026c2b2308020a09fcd16d898dfc621466364bcc2e988a4ef88289b89

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_el.dll
                              Filesize

                              31KB

                              MD5

                              70cb181cedb9e7f2b7257f8347298886

                              SHA1

                              e6c89473c4460adc4f1fedf2ae86041ba13d93f9

                              SHA256

                              a845cf8f671920b538138717f40abddc5c830da4543cd9f7261245c3e3918824

                              SHA512

                              14c6257ddee56be56e2af07d2dafa4eb0dd015c5ae066e616f91de38b45a4001c422de927c0b96ea25c16800fb0a544b11b535c0cbe42ae725d1492515bbd644

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_en-GB.dll
                              Filesize

                              27KB

                              MD5

                              09f45cfda08e88e34b51a62c23e0e748

                              SHA1

                              c61fc721bb1db2a430ef76eaa95c82b513eda8d2

                              SHA256

                              56fa3d934380c73b1e1c32a2bdeed64a26fc2de92612a201ef7306d4a00be0c8

                              SHA512

                              b30b682647ce799c19a2a942d4e83d8438cf52da74f088802f9412ed4f18116736dccbcd8b230b7f3031455591e0eef7061a3ec379ef947a1ce207e6e9f08b4a

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_en.dll
                              Filesize

                              27KB

                              MD5

                              ab3799e458126b774b1bc7a56e75fc5d

                              SHA1

                              fb929347c1f92654943a3a0b7611fcc978718ec2

                              SHA256

                              bdb3e5dbb6caa9fb77e23e1b5a363400402a6e88eed3e86e55bc9edae8b8bfad

                              SHA512

                              25cde70b3d51b1c1cfa7102a745d90ceb5d9c6324c2f9045b213dec000e79fe419744f07e6c87c77e84c0d374259d72cf52ffee26da864e0959d2f3d35f2c851

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_es-419.dll
                              Filesize

                              29KB

                              MD5

                              c94e2c9cb3f1b9ce990f131b32844db8

                              SHA1

                              98069c4e11f2ab03bce79717f208201c5549713a

                              SHA256

                              34e3bd8b21adc60adc614ce32a39dd424acc7c998f8d7901af5193348830b84f

                              SHA512

                              72f807a6786aa8c88b92a04aa19413412aff1d54218f31c942f40d42835267acb0249eb0fda0124efd0357b48a4c390cf0d7c1425b947e8f998b137e3ac03db0

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_es.dll
                              Filesize

                              29KB

                              MD5

                              38559c9b8868faa3d5312aa9557ed1fc

                              SHA1

                              b430533a534625ca67a4bfdcd04c7d346feb705f

                              SHA256

                              9457f8915b6f1f644274c30f63831ebace766796cc9d570ed75575fd1dd88106

                              SHA512

                              342858b52017128d601c5d27b465b8939fcc609272c4c5ea4942b49320c2ef47932aa3ae62b17bd401925a69184e16b1d6e2febbb263d344ed2d3a33fce7b2e0

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_et.dll
                              Filesize

                              28KB

                              MD5

                              8549f0990897525e445acb553dee4250

                              SHA1

                              f6a0549e6ce04c852a9593b430cf19556beb6277

                              SHA256

                              224aa029d124cccac05d1c38dd7db1ae46fd17fdbe29c32692cd6dd4e1666728

                              SHA512

                              729637b47d5ac009eb0cb5c12486879d4bad196ade6371f99d209fde74ec4ea5e231a4eb9f574ee7bb61605fe19fc9e035cb12cc8d93d05ec47a319c28d93085

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_eu.dll
                              Filesize

                              29KB

                              MD5

                              1f340c24a25186770479581d678a0f5f

                              SHA1

                              df7f1e6a8a5447a244a4d9fd29d7c2a3435e3cf8

                              SHA256

                              4db5fd9c0ccbbad69b90834e496a625fac6b479f561e2ecbdc2b5ee63ad35c66

                              SHA512

                              72b9067f339172b1df2795cad3505bf442dd8b2e3a05ab9a392f470dd047dabb82efc9bbabc32acdcdea326cb4f7bbafdf8c1ac1a2e375a88f7e2c6014ed930a

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_fa.dll
                              Filesize

                              28KB

                              MD5

                              9c454c79124119f8b1293d0c50b1b9a6

                              SHA1

                              2b91f6dcbb7897f9b3560d806ce6c6a17a37fcfc

                              SHA256

                              fcf333ce3065f755cf0033ee385a7f752132274a8c85da12ba5445f496875aac

                              SHA512

                              d5dd9d24518a0acea4d16d79385a1a5743695f8d8bf5a9fce37b90398edba90aab0ac1e18da6f6d8b4bf1b0ce5efda394871914ab620ba0075fb4bdbe950af63

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_fi.dll
                              Filesize

                              28KB

                              MD5

                              a72def19680fda48d3d526dcf3dee8e7

                              SHA1

                              37c9a46fc4483ee0d94ff5b92e4d9f462e5b232c

                              SHA256

                              9fabe5d1abb1baa74b18d41ff28913b3eb9c3fa985f4335b36623463c0c7c09f

                              SHA512

                              3fb8ff998053e74b9d18b29bb3626c3d10ab577227e1ec93964ad00b293ca23c92238dc5187646a3671b1fcfb4a192f5a031ef9d1796120c9e3020ab6398f196

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_fil.dll
                              Filesize

                              29KB

                              MD5

                              489692566a15cec4eccce35afffeecb6

                              SHA1

                              ca2711d9e70f9d4c41d1d98af33993bebb48e342

                              SHA256

                              fda26d0135a07a7512811a8ad206056db70e0ea0fe9236096f2f622305e590c2

                              SHA512

                              74e5090e2c7e8af1bdce7e544b3c15edabe54b577bea9c3b152003e361152bafce2a8e0e5c2cc55c6714004bffd33f4b793d51324b12abe9dfa6713d5e1f34d9

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_fr-CA.dll
                              Filesize

                              30KB

                              MD5

                              c52b6c282e5151fb9537d25275af31b5

                              SHA1

                              519ff118d3429cba4096a20191ef2fd0ddeb4099

                              SHA256

                              fe20198950089e92c74d42eb0353119165cc64ca4abc98446d73f0afd4757662

                              SHA512

                              298f5e6a337e73ab697542fbb8efd33231d48f7845fe6db4f42721588e5d73b12a3fc81cb3e90634b62b6edb1f803807d81eddcef7fe3f0e6491220cb90520f2

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_fr.dll
                              Filesize

                              30KB

                              MD5

                              a50e40e5fc5b4dc9d60815df15ac15f8

                              SHA1

                              410930070643657aec955f5748dd26c84682bd95

                              SHA256

                              138e5dc802fdf6072d6420521908a5951b16d62de318819a344e2bf615ba071c

                              SHA512

                              e85608d23eff9919c27ddbe957198a38637fb8d8cbe9b17790ffc6e8a5e465b40014e9fbd0a8ba573195eed7d4d050e50f176ff46d3b6f5ae4c18410e9241507

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_ga.dll
                              Filesize

                              29KB

                              MD5

                              dd73e427fd2b78ae375b2811b16cf354

                              SHA1

                              b4cc4230ab5f1d0fedabba69498b85b5e704ed8c

                              SHA256

                              e524a448471455deed6635a2163ca334898494c2c8e7dafc8f82fa64b870680e

                              SHA512

                              f7f821c3721dda4eb848d3eadf309e31879b9ff37cf0f9185789a855b835ab993dc5ef9a752d8c257b1805ff3aba27d824e3cc9c03bfaed01c47335a0f86daf4

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_gd.dll
                              Filesize

                              30KB

                              MD5

                              91d3b120ef50e80372371cc7971cb517

                              SHA1

                              2c57a4cfe6607e6e25af84236635eba74b3d8bfa

                              SHA256

                              589178a57e5b434aef8df88f846f4baeeb0e8609452daca455e6978833235000

                              SHA512

                              76cd023d9fda7208c0ce8c4d48908ff8a6e210be582ae02fdde1ac2ff1a68801bb420aec52adac4358bdb664b4e0fb510cfc2ef7974553176904b42b37380db8

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_gl.dll
                              Filesize

                              29KB

                              MD5

                              f018be9cb93ea30d64c32075cbad6896

                              SHA1

                              86655e473957526e2906ae91f7d19fa44cb2ee3f

                              SHA256

                              64dd61bc661928249ca6de8074458f90ef7043c6687c223d99aaa69b41279ef0

                              SHA512

                              501bada423a815073f8a510319204234966ada88726c850c264d5cc5ca039a49f95d7d3d0711d5e7be5fa1bef5ec18f74dfd5dbad67a26070fb36321390ce686

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_gu.dll
                              Filesize

                              29KB

                              MD5

                              569a09382e5901f6d9aba5f7ee48c7f2

                              SHA1

                              ab27c3cd5ed9814f13c94c4370f992bda0298eba

                              SHA256

                              cfda4b12f03e0ca8dd1a208a3882b8c51ac1833d8f6b5677c707bb6a21a71f16

                              SHA512

                              3dd9a4f7a85509a376d28c47cb4008bb6572b347b4486cbba5e6d7d61d9419a1d49347801068d73ff3f680e0886e6b9d34201b03da5e83c398f483b8d62481bd

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_hi.dll
                              Filesize

                              29KB

                              MD5

                              4b9eb0d35b4cd2f0b15db8df5f711c94

                              SHA1

                              74a4d4ea43dfc4f475d36f8d42d29d2c1765f96b

                              SHA256

                              f827ea5b8dd6a90eceb72ef944706be65196c61c8c1b611497fe323c3e6addd3

                              SHA512

                              1e7113ceb9205f0158fa5be0efc650c6f6249b681414fd2d203dd530960834de54471c430aea1ee8f51cf5d5060cac8359ffb245716889ffa0fa4b807c5a84b4

                              Download Submit

                            • C:\Program Files (x86)\Microsoft\Temp\EU27D6.tmp\msedgeupdateres_hr.dll
                              Filesize

                              29KB

                              MD5

                              0ec6b4c082d8ade2df7ee3444651f556

                              SHA1

                              0519287e215c7a963f9aeefb128ae798cfb62a30

                              SHA256

                              0d5168dcc701ab29bc81346a3e9dae92a0dfdf39275d46c9b9484c7654d6c38d

                              SHA512

                              02a45510b0b06a9901a9a00b81d4d0b1cb195828b581f3010cf654029c5995f8f6bb1a7631d8235f9c75468796fdf23464c2c71b60f8550fac823e8f7137a96c

                              Download Submit

                            • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                              Filesize

                              15KB

                              MD5

                              d9cc5e050ad1f2573888ff7968967316

                              SHA1

                              ca36aa6219fd10924c65b555d496edc6640c9405

                              SHA256

                              7850eb9a94e35c237bd6ef8ed2b7de4d5ebf8bd8bf5f076eabd85643050386c5

                              SHA512

                              682e303de1dfc5ef89c5a5e164c21b06a6c91ad17cafd610bed2470666a113990820919239b60420109450c53d9d1cfb9520d31cd08a46c36ffd70fe85325791

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              d7145ec3fa29a4f2df900d1418974538

                              SHA1

                              1368d579635ba1a53d7af0ed89bf0b001f149f9d

                              SHA256

                              efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59

                              SHA512

                              5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              d91478312beae099b8ed57e547611ba2

                              SHA1

                              4b927559aedbde267a6193e3e480fb18e75c43d7

                              SHA256

                              df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043

                              SHA512

                              4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              261B

                              MD5

                              2c2e6472d05e3832905f0ad4a04d21c3

                              SHA1

                              007edbf35759af62a5b847ab09055e7d9b86ffcc

                              SHA256

                              283d954fa21caa1f3b4aba941b154fab3e626ff27e7b8029f5357872c48cbe03

                              SHA512

                              8c4ce1ea02da6ffb7e7041c50528da447d087d9ee3c9f4a8c525d2d856cf48e46f5dd9a1fedd23dd047634e719c8886457f7e7240aa3cc36f1a6216e4c00ee37

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              e583cca2ad122b71b537e393c4e2ab74

                              SHA1

                              5157c26f2850385cf62bc4c2ab4641823b3c8c17

                              SHA256

                              a24d729ea4a726a8f9c495579cdcf24321f90565f61008ce15bba2a97d9e3686

                              SHA512

                              92a635bf1a6362b4d4ffb5b119671027aa76ee1994b3447349cafaeb9a282ab2c19078cce2e9f853d56a8bc35216522519f9b2fa5692d9d3ed5a65c69f03e903

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              9e21aa4c6d48e836e79abd016a287e61

                              SHA1

                              b8b26123c5b66ee367be0d3b0b688b1516b410b5

                              SHA256

                              e444e1131c5db9d87193e237c7d2ba529f5dd0b37dafee5ad837f4c18c190130

                              SHA512

                              2bd8d98549a9417defad62304908735f7c55d79c8d412521163ef020ad55f10c34850cc23799f254c07340f59da983ec69a16a2a81fa530c95e691acb6ddf30a

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              46295cac801e5d4857d09837238a6394

                              SHA1

                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                              SHA256

                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                              SHA512

                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              206702161f94c5cd39fadd03f4014d98

                              SHA1

                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                              SHA256

                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                              SHA512

                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              10KB

                              MD5

                              dd242bac11763ca8087a3368b112e785

                              SHA1

                              76c52a1867f7cca91310fb949295186e2b25d869

                              SHA256

                              2f6c8140e4786c01223d9184cdd88770413b48a81ca7a36dcc8475346a1f9b7e

                              SHA512

                              2abf273a69c57fe9a861ba654b76cb92803ee518e6dacc459aad6d9c98f4e601e9541f93f18dcc66779482c8834ff0dc8f5a2dcf07080bb7083ab312e9daab8f

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              10KB

                              MD5

                              525005687b26bfcd1ce41ae9bad58941

                              SHA1

                              eb82495a7c220d26fb99d2c36609dfe90bf8a47b

                              SHA256

                              2489109b1443a83fb3c1cc4bbd77d7b02a61eb3be3050cef37e3f7a5a00c6c30

                              SHA512

                              345a28ab483e9bb4b93a485146a2bdbf69d8a47eaa26e102885d344d013ac26b594c09bf63760fc701b13db18be24e6e3a60d8985656a6936814110a1d2e3506

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
                              Filesize

                              1.6MB

                              MD5

                              ec5b2a3126f46e01e1fcbb215d4f9ec8

                              SHA1

                              77cfa2daad5e57e62d39c5f7323c4f68032c3152

                              SHA256

                              09c2a441a22186cbcc90e0a79556c4c696446740955c9031f8b52e84c7cd4ec1

                              SHA512

                              b0f5ec2cd2f120de85408a57070ffc078cad2eb8cc6f93874008c392a0f7629f6ecba9d74cd3462f7868f110b12664853eae11c64f3b2d237dd4f901a1f307b3

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json
                              Filesize

                              3KB

                              MD5

                              6bbb18bb210b0af189f5d76a65f7ad80

                              SHA1

                              87b804075e78af64293611a637504273fadfe718

                              SHA256

                              01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

                              SHA512

                              4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\CertificateRevocation\6498.2024.12.2\crl-set
                              Filesize

                              21KB

                              MD5

                              846feb52bd6829102a780ec0da74ab04

                              SHA1

                              dd98409b49f0cd1f9d0028962d7276860579fb54

                              SHA256

                              124b7eeba31f0e3d9b842a62f3441204beb13fade81da38b854aecba0e03a5b4

                              SHA512

                              c8759e675506ccc6aa9807798252c7e7c48a0ab31674609738617dc105cee38bce69d4d41d6b95e16731466880b386d35483cbeea6275773f7041ba6e305fae9

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Crashpad\settings.dat
                              Filesize

                              280B

                              MD5

                              cfb68947368f64eaa02e3700120e4b83

                              SHA1

                              2473a258be9c4200b9badd41b81cce5139e6248f

                              SHA256

                              04b1415c5dff83456fde1c13fe44c20b9643e9934721f55ee3af68acaa0941b8

                              SHA512

                              bb3db843888c2adbfb7fe0cbd1fd8c3fd69425ea394e88bb1b4a19b61c66aa22e988a31467833f58760d9a2e02cbeb95340785c0c47ea704360d992ae5cc69c2

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\27010119-44cb-4a6b-9f96-7095cef45b67.tmp
                              Filesize

                              6KB

                              MD5

                              5ff3348bbfc6bfdd4513fe2ee2b6ea38

                              SHA1

                              77d598212e1ac57d604b2f3a17cf6d8e561af30d

                              SHA256

                              b37b3cb4ca8f3612c673f6cd2d9058cbb42da366d224f41c7252fa92c51d9057

                              SHA512

                              c44ee4c68b000cbdeba922f09b1bfb1ec664f958a8402e97124f5be8ac2dd7ce55d9fc64bca8bd2513044b64326e1feaa39100cfbed95cc3c5a82fc47918770a

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              48B

                              MD5

                              b01ac81146037419abe29af8f100f299

                              SHA1

                              868a8987d922d2c3826af1f371918399cd85b471

                              SHA256

                              ec5b75adf16aeadead3846c2284fc30271f024d759e3cb2e5eddf2b9b43464b4

                              SHA512

                              2b79637dd4949e67ae20b3cd0b204d06a7da6ac296faecf51b36d117a6bc5e3d6a3dffdd516c7a55d10fba7e683d156ef309d88f291cf213f737762b2cc7ff29

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              288B

                              MD5

                              a9278296445543040eb023a38a1f64a7

                              SHA1

                              9719c63579722987507c2267ed13bb0f026fc072

                              SHA256

                              e10be47f3fd770b137a9fcd131342e5463fc875f29895474e7e384efdc327e78

                              SHA512

                              dbeee6703f60b0655d1c3b09b25176ce6e144ab3421d1d466a659e6c3ea2b0f39594fd0341d03d400df98cb4283823c41fca873c60f2d215621dff4126cdcfca

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Network\Network Persistent State
                              Filesize

                              1KB

                              MD5

                              1cd817b7b05d2bd8f980bb62f792d699

                              SHA1

                              45dd2d8719d0f9a6ec708845e36115f1df55d943

                              SHA256

                              275edc5090525fc858c05dd9cf30d099546651bd99d6c5d8cca44614265ba404

                              SHA512

                              3afaf04f0eed2af9e970e38fe80c782187afa52d2fd4f516f2f24a777b238fe30a14c915235190316c8e420924a065f8f6c8376a14b67362f80c4486be459aea

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Network\Network Persistent State~RFe5b44a7.TMP
                              Filesize

                              59B

                              MD5

                              2800881c775077e1c4b6e06bf4676de4

                              SHA1

                              2873631068c8b3b9495638c865915be822442c8b

                              SHA256

                              226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                              SHA512

                              e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Network\SCT Auditing Pending Reports
                              Filesize

                              2B

                              MD5

                              d751713988987e9331980363e24189ce

                              SHA1

                              97d170e1550eee4afc0af065b78cda302a97674c

                              SHA256

                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                              SHA512

                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Default\Site Characteristics Database\MANIFEST-000001
                              Filesize

                              41B

                              MD5

                              5af87dfd673ba2115e2fcf5cfdb727ab

                              SHA1

                              d5b5bbf396dc291274584ef71f444f420b6056f1

                              SHA256

                              f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                              SHA512

                              de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\GrShaderCache\data_0
                              Filesize

                              8KB

                              MD5

                              cf89d16bb9107c631daabf0c0ee58efb

                              SHA1

                              3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                              SHA256

                              d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                              SHA512

                              8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\GrShaderCache\data_2
                              Filesize

                              8KB

                              MD5

                              0962291d6d367570bee5454721c17e11

                              SHA1

                              59d10a893ef321a706a9255176761366115bedcb

                              SHA256

                              ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                              SHA512

                              f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\GrShaderCache\data_3
                              Filesize

                              8KB

                              MD5

                              41876349cb12d6db992f1309f22df3f0

                              SHA1

                              5cf26b3420fc0302cd0a71e8d029739b8765be27

                              SHA256

                              e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                              SHA512

                              e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State
                              Filesize

                              1KB

                              MD5

                              e678561d920f74d0a57747b34d3f67cd

                              SHA1

                              d0bfef0624a93981ff0c25e5b38f44134a805b52

                              SHA256

                              54eadf7d8b605f02de5c09bf0d57825ef4344cf2ee9bd1718cd8feba03255a7c

                              SHA512

                              30f7c21fcfaef02f61415a2ee99a9c7cf2bf421072f89c46250e0dcdff9cb8748fdb179a0954127fe02814023b56e8d9d84cfadcb2422a35e1ffa0950b247e3d

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State
                              Filesize

                              2KB

                              MD5

                              fcb3decd4c5b7759e60967a0f22109f3

                              SHA1

                              1ccca417862836d475d7185d3a41239725f6c13f

                              SHA256

                              3fa34224119cbdfd1c428edd233d1a4dac75ac28f8ca3004c8670d1353f429e2

                              SHA512

                              901c04e438d7434a1eea090d470dc27fdf9eed284daa265b4327b355ad5b8f5c236f98a4bf64b76d7c54f99ce19caba6156653f75b262442841dd990abeae0fc

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State
                              Filesize

                              3KB

                              MD5

                              bdae021bf375126e3b4766de2dec6706

                              SHA1

                              3e337780dae81cbbf91a0c9c56e19e55bb80b7d9

                              SHA256

                              417a717cd1fe8fa8f36fb61a9fcd82d667ecb937e245f20d71399f10ba45b969

                              SHA512

                              105be9ec23c34287f6e1ec61b66c46cbacf1b444b1205b0d0499153736d7214be9c5c9664428404bf905f10970dd49be8b7c7df2584efad5738b639e3a1442bb

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State
                              Filesize

                              16KB

                              MD5

                              61b166a338814b20b52e3b8e5898ae72

                              SHA1

                              b933375a04a0ab7ad01be9029a1573c285a6376e

                              SHA256

                              530f53bd4336be742054470cb0686d41ac0817b41ffe1c304fc32adc306acff1

                              SHA512

                              4b397d7380b8057b954d06f1573a5a974ba0a2bc5f22a6ae114556cafa81a4000f7600b7ffbaa0130d1f208f1fa2fa66a5304fafdfa85d0cc705cb9f6710e550

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Local State~RFe5a3191.TMP
                              Filesize

                              1KB

                              MD5

                              331cfa5f33bc6a35b3eb7737fec5c300

                              SHA1

                              c0bd8667f5aad14cb35538713261cbf9efe23d8a

                              SHA256

                              1d0b3a3ffb03ac95b7d4f5d33b74c21bb30990eafaae0040a12cd77f72f6c75e

                              SHA512

                              5fcceff0bfb3d5e17b4bf4213379a1faeca78cc437ed88267bcc275718a587be20f257006bcbaf9a3df56665a9c21b7f49ca1392c030e82699825b4976e5c444

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\PKIMetadata\14.0.0.2\crs.pb
                              Filesize

                              289KB

                              MD5

                              5533fc3f4c1820b787df3ec6fdc2ef1a

                              SHA1

                              f39ff89fcc1af711e8127c52ba55c8ad347e84a2

                              SHA256

                              56711adeba4ecafe298eab09cf0ef2f1d7f3260a2aa4366b927029781d270938

                              SHA512

                              5194c0562b8cb8e23fde7b561b00dd6bed93782f2e9253324a8e8ef05b69b66a549f2061ff3a9010a73a1412cc64889bc93931d0f212b8a68e39838dabd8e811

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\PKIMetadata\14.0.0.2\ct_config.pb
                              Filesize

                              10KB

                              MD5

                              88ad775479d6dd2b7bf029dc6d8146ef

                              SHA1

                              cd8b05b3d74a118a34ba656cd189f01775478d8f

                              SHA256

                              7e0b43739efe05e89cb861e4c92665dfa904d40af825264f76feac68784eac39

                              SHA512

                              69195d8d431301af10786ae123ed38332e074996ef6e66f5941c4d9e6b3a81df28c1d3be4a7a527484d68740aadbf09d3daecae43a9ad6f7356b8ee68a8e38d3

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\PKIMetadata\14.0.0.2\kp_pinslist.pb
                              Filesize

                              11KB

                              MD5

                              4b87d1a12e1915c798ceea1f06f32ba9

                              SHA1

                              5a53de4e41c46f8a7e305d0674200683b166dc71

                              SHA256

                              6df3b6e3ed215cae075b142bdfc512ec65fb945b5aecd387062542fb31a4c9d9

                              SHA512

                              ea06172e1f46fed6f9d679206eb612f09ad1f5bec9c11938d2a100d8d058ff8bdf121c0cb69d6899fe4f3531c656a5beb78d2f98e4c06c8e5d8298f2b79d1b9d

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\ShaderCache\data_1
                              Filesize

                              264KB

                              MD5

                              d0d388f3865d0523e451d6ba0be34cc4

                              SHA1

                              8571c6a52aacc2747c048e3419e5657b74612995

                              SHA256

                              902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

                              SHA512

                              376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules
                              Filesize

                              1.8MB

                              MD5

                              d7c9c6d2e1d9ae242d68a8316f41198c

                              SHA1

                              8d2ddccc88a10468e5bffad1bd377be82d053357

                              SHA256

                              f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

                              SHA512

                              7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE
                              Filesize

                              24KB

                              MD5

                              aad9405766b20014ab3beb08b99536de

                              SHA1

                              486a379bdfeecdc99ed3f4617f35ae65babe9d47

                              SHA256

                              ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

                              SHA512

                              bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Luna.exe\EBWebView\TrustTokenKeyCommitments\2024.12.14.1\keys.json
                              Filesize

                              6KB

                              MD5

                              b4434830c4bd318dba6bd8cc29c9f023

                              SHA1

                              a0f238822610c70cdf22fe08c8c4bc185cbec61e

                              SHA256

                              272e290d97184d1ac0f4e4799893cb503fba8ed6c8c503767e70458cbda32070

                              SHA512

                              f2549945965757488ecd07e46249e426525c8fe771f9939f009819183ab909d1e79cbb3aeca4f937e799556b83e891bbb0858b60f31ec7e8d2d8fbb4cb00b335

                              Download Submit

                            • C:\Users\Admin\Desktop\Bootstrapper\Luna\luna\Luna.dll
                              Filesize

                              1.3MB

                              MD5

                              12ec737f9177589848de53c3ed9d21ac

                              SHA1

                              61f6fce19b45868b911f3380aa4d3ad71103bc83

                              SHA256

                              463502ccfad087fbdd28cc8509c5e0dac834d5c60f8cbcdb3f7b8132f789c8bc

                              SHA512

                              df8695f12e22223b4e3f7792cc439faa5867724ce77ef5acc0d7de0a411b9690b9381a0dcd01165660d26652a451fc7009b1aae451b5c37285d5d4a0cef113f9

                              Download Submit

                            • C:\Users\Admin\Desktop\Bootstrapper\Luna\luna\Luna.exe
                              Filesize

                              16.2MB

                              MD5

                              a497f91adf68a91ca327606fe954d29e

                              SHA1

                              c0f3cc101b8a790cd5a55e75cb5c3a07cf155c14

                              SHA256

                              a3e78d0e7f010cc290a65243e4e02e8e1620269e0d0c5e00fd5035aed21a1b02

                              SHA512

                              f93ef313f9379fb6ccf6639d0468d0001afecc04875a4dddd7b610087185bf0d6d92ec70c29c78788ce98e8dd5e0b65fac2a61ceed5414359ab48723801c0f92

                              Download Submit

                            • C:\Users\Admin\Downloads\Bootstrapper.zip
                              Filesize

                              5.5MB

                              MD5

                              9ba94ac44294258328b5b23e6fbcaf4a

                              SHA1

                              3ef50da71c5800f02680733b184bb11bb0ca309b

                              SHA256

                              a9e76b770fb8a61f793a61ca6701e1f76ea95282d5a3647d8dfccf1b560f401a

                              SHA512

                              52e3118e8e40d621275d0ce3157138bb0e9a4d56c1c570666930de60e46e8050af8e0c377aea2e5ccee2ff78c427576bd4954226a0f800eac6cabbaa70f267ce

                              Download Submit

                            • C:\Users\Admin\Downloads\Bootstrapper.zip:Zone.Identifier
                              Filesize

                              26B

                              MD5

                              fbccf14d504b7b2dbcb5a5bda75bd93b

                              SHA1

                              d59fc84cdd5217c6cf74785703655f78da6b582b

                              SHA256

                              eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                              SHA512

                              aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                              Download Submit

                            • C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
                              Filesize

                              280B

                              MD5

                              99028194b092606dabbf41faeb877462

                              SHA1

                              5151aebf503306d3a1290470c6864d502b1625d1

                              SHA256

                              3cb5d054faf35ee3751847b93ae8acec5231898aba09f4f6fd45b541b00a8a57

                              SHA512

                              c0551954ea8f423f0b636766f583d475233c2fd2a50694d7bc67f1df77106f9cb300a7179d2480bb570046f183d469540198114353f9ffadc77cf07914b99bdc

                              Download Submit

                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2056_1050444805\manifest.json
                              Filesize

                              116B

                              MD5

                              2188c7ec4e86e29013803d6b85b0d5bb

                              SHA1

                              5a9b4a91c63e0013f661dfc472edb01385d0e3ce

                              SHA256

                              ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

                              SHA512

                              37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

                              Download Submit

                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2056_1210673653\manifest.fingerprint
                              Filesize

                              66B

                              MD5

                              5bbd09242392aacbb5fac763f9e3bd4e

                              SHA1

                              14bb7b23b459ce30193742ed1901a17b4dcf9645

                              SHA256

                              22b55f5d9b1bafb80e00c1304cf5e0d6057a304a2e8757b4f021b416f4397297

                              SHA512

                              541e4c7998e91a5113f627c2c44e32b54878fe225b3b9476572f025f51f2b4ec4a44b102498adcc22b8fe388970645bacfafb6e7fc8a216df4d7bbfc8b0ff670

                              Download Submit

                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2056_1210673653\manifest.json
                              Filesize

                              76B

                              MD5

                              ba25fcf816a017558d3434583e9746b8

                              SHA1

                              be05c87f7adf6b21273a4e94b3592618b6a4a624

                              SHA256

                              0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

                              SHA512

                              3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

                              Download Submit

                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2056_1508935192\manifest.json
                              Filesize

                              43B

                              MD5

                              af3a9104ca46f35bb5f6123d89c25966

                              SHA1

                              1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

                              SHA256

                              81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

                              SHA512

                              6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

                              Download Submit

                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2056_241355769\manifest.json
                              Filesize

                              102B

                              MD5

                              4990de49d0c65d3053a4fb0172694ca9

                              SHA1

                              d92e3985ceb81c788f3a20c04a58bdfc305e35f4

                              SHA256

                              36e6eeb1e6c941c6b3898c447b2964e70ebf671c5e5d7568792843cbcaac1cc8

                              SHA512

                              0b012329eadbeb45c20794aa84497d7285c837a8d6b2895906da1506dfc26698440e1c5ef7a4680ffa732274011fb1b8c7f510ec494a8f7d2a49ad58317ee47e

                              Download Submit

                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2056_319508819\hyph-as.hyb
                              Filesize

                              703B

                              MD5

                              8961fdd3db036dd43002659a4e4a7365

                              SHA1

                              7b2fa321d50d5417e6c8d48145e86d15b7ff8321

                              SHA256

                              c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

                              SHA512

                              531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

                              Download Submit

                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2056_319508819\hyph-hi.hyb
                              Filesize

                              687B

                              MD5

                              0807cf29fc4c5d7d87c1689eb2e0baaa

                              SHA1

                              d0914fb069469d47a36d339ca70164253fccf022

                              SHA256

                              f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

                              SHA512

                              5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

                              Download Submit

                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2056_319508819\hyph-nb.hyb
                              Filesize

                              141KB

                              MD5

                              677edd1a17d50f0bd11783f58725d0e7

                              SHA1

                              98fedc5862c78f3b03daed1ff9efbe5e31c205ee

                              SHA256

                              c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

                              SHA512

                              c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

                              Download Submit

                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2056_319508819\manifest.json
                              Filesize

                              82B

                              MD5

                              2617c38bed67a4190fc499142b6f2867

                              SHA1

                              a37f0251cd6be0a6983d9a04193b773f86d31da1

                              SHA256

                              d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

                              SHA512

                              b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

                              Download Submit

                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2056_413880353\manifest.json
                              Filesize

                              134B

                              MD5

                              58d3ca1189df439d0538a75912496bcf

                              SHA1

                              99af5b6a006a6929cc08744d1b54e3623fec2f36

                              SHA256

                              a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

                              SHA512

                              afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

                              Download Submit

                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2056_443194769\manifest.json
                              Filesize

                              80B

                              MD5

                              9e72659142381870c3c7dfe447d0e58e

                              SHA1

                              ba27ed169d5af065dabde081179476beb7e11de2

                              SHA256

                              72bab493c5583527591dd6599b3c902bade214399309b0d610907e33275b8dc2

                              SHA512

                              b887eb30c09fa3c87945b83d8dbddceee286011a1582c10b5b3cc7a4731b7fa7cb3689cb61bfead385c95902cab397d0aa26bc26086d17ce414a4f40f0e16a01

                              Download Submit

                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2056_709443699\manifest.json
                              Filesize

                              114B

                              MD5

                              e6cd92ad3b3ab9cb3d325f3c4b7559aa

                              SHA1

                              0704d57b52cf55674524a5278ed4f7ba1e19ca0c

                              SHA256

                              63dfb8d99ce83b3ca282eb697dc76b17b4a48e4065fc7efafb77724739074a9d

                              SHA512

                              172d5dc107757bb591b9a8ed7f2b48f22b5184d6537572d375801113e294febfbe39077c408e3a04c44e6072427cbe443c6614d205a5a4aa290101722e18f5e8

                              Download Submit

                            • memory/1512-736-0x000002A1BF500000-0x000002A1BF501000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1512-738-0x000002A1BF500000-0x000002A1BF501000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1512-744-0x000002A1BF500000-0x000002A1BF501000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1512-745-0x000002A1BF500000-0x000002A1BF501000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1512-746-0x000002A1BF500000-0x000002A1BF501000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1512-747-0x000002A1BF500000-0x000002A1BF501000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1512-748-0x000002A1BF500000-0x000002A1BF501000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1512-742-0x000002A1BF500000-0x000002A1BF501000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1512-737-0x000002A1BF500000-0x000002A1BF501000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1512-743-0x000002A1BF500000-0x000002A1BF501000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3364-438-0x00007FF80F450000-0x00007FF80F451000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/4108-1352-0x0000000000600000-0x0000000000635000-memory.dmp

                              Filesize

                              212KB

                              Download

                            • memory/4472-410-0x0000000000150000-0x0000000000185000-memory.dmp

                              Filesize

                              212KB

                              Download

                            • memory/4472-351-0x00000000746A0000-0x00000000748C6000-memory.dmp

                              Filesize

                              2.1MB

                              Download

                            • memory/4472-345-0x00000000746A0000-0x00000000748C6000-memory.dmp

                              Filesize

                              2.1MB

                              Download

                            • memory/4472-344-0x0000000000150000-0x0000000000185000-memory.dmp

                              Filesize

                              212KB

                              Download

                            • memory/4696-507-0x00007FF80F450000-0x00007FF80F451000-memory.dmp

                              Filesize

                              4KB

                              Download