Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ui_0.0.18_...up.exe

windows10-2004-x64

10

Resubmissions

17/01/2025, 06:29

250117-g858yavnay 10

17/01/2025, 06:06

250117-gtsdjavpel 8

17/01/2025, 06:04

250117-gs3swatrex 7

17/01/2025, 01:53

250117-cbebqsyjew 10

Analysis

  • max time kernel
    537s
  • max time network
    430s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/01/2025, 06:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ui_0.0.18_x64-setup.exe

  • Size

    5.9MB

  • MD5

    fe3262712b0588dc4171eab5d36c4ed4

  • SHA1

    227618384173ffda1bf4ed16fd6cd780a9b2f807

  • SHA256

    37e9920fd573d58df3623bc118901a705e6a10c8dba6ae2ac995640b8d7106ea

  • SHA512

    021a0bd82833c554f3141908e238b352ee7c2f337f5b17c8f189672a924bb8610472feeeecbc6d8756c110ff5c8213d6a763d8990032e66ced563842630224d1

  • SSDEEP

    98304:x84rE89Td1HtKAv14RTvhyYdiyl4jEH+EWavAP2/KSY+mkQ+L0eF0FNdjRQLrSd0:x84rE89Td1NKvTv7UI4AeEW2KSBmk1LL

Score
10/10
defense_evasiondiscoveryevasionpersistenceprivilege_escalationspywarestealertrojan

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs
    persistence
  • Checks computer location settings 2 TTPs 9 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 49 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Indicator Removal: Clear Persistence 1 TTPs 1 IoCs

    remove IFEO.

    defense_evasion
  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

    discovery
  • Checks system information in the registry 2 TTPs 22 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 2 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 25 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 5 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 14 IoCs
  • Modifies data under HKEY_USERS 41 IoCs
  • Modifies registry class 64 IoCs
  • Runs regedit.exe 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 46 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 19 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3560
      • C:\Users\Admin\AppData\Local\Temp\ui_0.0.18_x64-setup.exe
        "C:\Users\Admin\AppData\Local\Temp\ui_0.0.18_x64-setup.exe"
        2⤵
        • Suspicious use of NtCreateUserProcessOtherParentProcess
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:3956
        • C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
          C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe /silent /install
          3⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4272
          • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\MicrosoftEdgeUpdate.exe
            "C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
            4⤵
            • Event Triggered Execution: Image File Execution Options Injection
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks system information in the registry
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:540
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              PID:2264
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              • Suspicious use of WriteProcessMemory
              PID:2184
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
                6⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Modifies registry class
                PID:4744
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
                6⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Modifies registry class
                PID:1504
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
                6⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Modifies registry class
                PID:2852
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzE0NUEzQjktQzZCQy00N0JFLUExRjQtMzMxMEVGNEFBNjZBfSIgdXNlcmlkPSJ7NTUxRTFENTItNEI5Ri00ODVCLTk0REYtRjE0NDgwMjg3QzEzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5OEY0MERCMy04QzkzLTQ4MDgtOTM2Ny05OUJDNTE5QzM4NUF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjQzIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0ODM5OTk1NTE1IiBpbnN0YWxsX3RpbWVfbXM9IjY1NyIvPjwvYXBwPjwvcmVxdWVzdD4
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Checks system information in the registry
              • System Location Discovery: System Language Discovery
              • System Network Configuration Discovery: Internet Connection Discovery
              PID:3888
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{C145A3B9-C6BC-47BE-A1F4-3310EF4AA66A}" /silent
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:392
      • C:\Users\Admin\AppData\Local\ui\ui.exe
        "C:\Users\Admin\AppData\Local\ui\ui.exe"
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:4768
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=ui.exe --webview-exe-version=0.0.18 --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=4768.984.10682540641292140589
          3⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks system information in the registry
          • Enumerates system info in registry
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:1376
          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.265 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=131.0.2903.146 --initial-client-data=0x160,0x164,0x168,0x13c,0x198,0x7ffd1ff76070,0x7ffd1ff7607c,0x7ffd1ff76088
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:776
          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.18 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1840,i,5950389726663791008,11258894005972507348,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1836 /prefetch:2
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1928
          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.18 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1620,i,5950389726663791008,11258894005972507348,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:3
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:456
          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.18 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2316,i,5950389726663791008,11258894005972507348,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2332 /prefetch:8
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1756
          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.18 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3464,i,5950389726663791008,11258894005972507348,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
            4⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:540
      • C:\Users\Admin\AppData\Local\ui\ui.exe
        "C:\Users\Admin\AppData\Local\ui\ui.exe"
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        • Suspicious use of FindShellTrayWindow
        PID:4876
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=ui.exe --webview-exe-version=0.0.18 --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=4876.3892.2826075269380002311
          3⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks system information in the registry
          • Enumerates system info in registry
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • System policy modification
          PID:3132
          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.265 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=131.0.2903.146 --initial-client-data=0x180,0x184,0x188,0x15c,0x1b4,0x7ffd1ff76070,0x7ffd1ff7607c,0x7ffd1ff76088
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:180
          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.18 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1848,i,7506151753568370539,1233141033237544959,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1844 /prefetch:2
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2172
          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.18 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1912,i,7506151753568370539,1233141033237544959,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2032 /prefetch:3
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1972
          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.18 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2316,i,7506151753568370539,1233141033237544959,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2324 /prefetch:8
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:4796
          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe
            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.18 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3484,i,7506151753568370539,1233141033237544959,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
            4⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1948
      • C:\Users\Admin\AppData\Local\ui\uninstall.exe
        "C:\Users\Admin\AppData\Local\ui\uninstall.exe"
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1120
        • C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
          "C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\ui\
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          PID:1764
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdate.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdate.exe"
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:396
        • C:\Windows\SysWOW64\wermgr.exe
          "C:\Windows\system32\wermgr.exe" "-outproc" "0" "396" "972" "876" "968" "0" "0" "0" "0" "0" "0" "0" "0"
          3⤵
          • System Location Discovery: System Language Discovery
          • Checks processor information in registry
          • Enumerates system info in registry
          PID:2668
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateSetup.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateSetup.exe"
        2⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        PID:1492
        • C:\Program Files (x86)\Microsoft\Temp\EUCF96.tmp\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\Temp\EUCF96.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
          3⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks system information in the registry
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:4148
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /healthcheck
            4⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:3224
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDk4MTVDNDktNjRDNC00NTVDLUIzNkItNDY5Q0U5NERFODU3fSIgdXNlcmlkPSJ7NTUxRTFENTItNEI5Ri00ODVCLTk0REYtRjE0NDgwMjg3QzEzfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezNGNzQ5MDc2LUZFODEtNDE5My1CN0Y0LUEyODU3QkU3OTREN30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtFK3hiQXo2WTZzVTEyODliUzZxbDRWUkxia2pmQlVHVE1Kc2pySHI0NGlJPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjQzIiBuZXh0dmVyc2lvbj0iMS4zLjE5NS40MyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjg4MjcyNjk2MCIgaW5zdGFsbF90aW1lX21zPSI2MiIvPjwvYXBwPjwvcmVxdWVzdD4
            4⤵
            • Executes dropped EXE
            • Checks system information in the registry
            • System Location Discovery: System Language Discovery
            • System Network Configuration Discovery: Internet Connection Discovery
            PID:2020
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{D9815C49-64C4-455C-B36B-469CE94DE857}"
            4⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:4992
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
        2⤵
        • Executes dropped EXE
        • Modifies registry class
        PID:2492
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateOnDemand.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateOnDemand.exe"
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4732
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ondemand
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1860
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateCore.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateCore.exe"
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4080
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E16B3E5A-79D0-4F51-87B1-9E0C2E1BFDC4}\EDGEMITMP_25450.tmp\setup.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E16B3E5A-79D0-4F51-87B1-9E0C2E1BFDC4}\EDGEMITMP_25450.tmp\setup.exe"
        2⤵
        • Executes dropped EXE
        PID:2844
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E16B3E5A-79D0-4F51-87B1-9E0C2E1BFDC4}\EDGEMITMP_25450.tmp\setup.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E16B3E5A-79D0-4F51-87B1-9E0C2E1BFDC4}\EDGEMITMP_25450.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.265 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E16B3E5A-79D0-4F51-87B1-9E0C2E1BFDC4}\EDGEMITMP_25450.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.146 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff63d952918,0x7ff63d952924,0x7ff63d952930
          3⤵
          • Executes dropped EXE
          PID:468
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --force-first-run
          3⤵
          • Enumerates system info in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:3520
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd313046f8,0x7ffd31304708,0x7ffd31304718
            4⤵
              PID:1928
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16345974029839168812,17064486852799468789,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
              4⤵
                PID:4816
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,16345974029839168812,17064486852799468789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
                4⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:2064
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,16345974029839168812,17064486852799468789,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
                4⤵
                  PID:4556
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16345974029839168812,17064486852799468789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
                  4⤵
                    PID:2684
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16345974029839168812,17064486852799468789,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
                    4⤵
                      PID:1600
                • C:\Windows\system32\taskmgr.exe
                  "C:\Windows\system32\taskmgr.exe" /4
                  2⤵
                  • Checks SCSI registry key(s)
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  PID:3988
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                  2⤵
                  • Enumerates system info in registry
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                  PID:1336
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd22b146f8,0x7ffd22b14708,0x7ffd22b14718
                    3⤵
                      PID:4368
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,1068455264046738888,9164924413824055677,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
                      3⤵
                        PID:2952
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,1068455264046738888,9164924413824055677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
                        3⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2492
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,1068455264046738888,9164924413824055677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
                        3⤵
                          PID:1244
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1068455264046738888,9164924413824055677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
                          3⤵
                            PID:380
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1068455264046738888,9164924413824055677,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
                            3⤵
                              PID:3592
                          • C:\Windows\regedit.exe
                            "C:\Windows\regedit.exe"
                            2⤵
                            • Indicator Removal: Clear Persistence
                            • Event Triggered Execution: Netsh Helper DLL
                            • Runs regedit.exe
                            • Suspicious behavior: GetForegroundWindowSpam
                            PID:1908
                          • C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
                            "C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"
                            2⤵
                            • Executes dropped EXE
                            • System Location Discovery: System Language Discovery
                            PID:4852
                          • C:\Windows\system32\NOTEPAD.EXE
                            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\HGNBWBGW-20241007-0917.log
                            2⤵
                              PID:2632
                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                            1⤵
                            • Executes dropped EXE
                            • Loads dropped DLL
                            • Checks system information in the registry
                            • System Location Discovery: System Language Discovery
                            • Modifies data under HKEY_USERS
                            • Suspicious use of WriteProcessMemory
                            PID:4296
                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzE0NUEzQjktQzZCQy00N0JFLUExRjQtMzMxMEVGNEFBNjZBfSIgdXNlcmlkPSJ7NTUxRTFENTItNEI5Ri00ODVCLTk0REYtRjE0NDgwMjg3QzEzfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NDVGRTFBRUMtMTMyMy00NzExLTk2MTktOUM5MEE5NTU2MDJDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxMDEiIGluc3RhbGxkYXRldGltZT0iMTcyODI5MjkwMiIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzcyNzY1NDY4NjUyMDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4NDQ4MzkyODciLz48L2FwcD48L3JlcXVlc3Q-
                              2⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Checks system information in the registry
                              • System Location Discovery: System Language Discovery
                              • System Network Configuration Discovery: Internet Connection Discovery
                              PID:3644
                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A8FCFD45-FB21-445B-9536-CB78DEB28E27}\MicrosoftEdge_X64_131.0.2903.146.exe
                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A8FCFD45-FB21-445B-9536-CB78DEB28E27}\MicrosoftEdge_X64_131.0.2903.146.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                              2⤵
                              • Executes dropped EXE
                              • Suspicious use of WriteProcessMemory
                              PID:4872
                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A8FCFD45-FB21-445B-9536-CB78DEB28E27}\EDGEMITMP_5D3D8.tmp\setup.exe
                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A8FCFD45-FB21-445B-9536-CB78DEB28E27}\EDGEMITMP_5D3D8.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A8FCFD45-FB21-445B-9536-CB78DEB28E27}\MicrosoftEdge_X64_131.0.2903.146.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                3⤵
                                • Checks computer location settings
                                • Executes dropped EXE
                                • Drops file in Program Files directory
                                • Suspicious use of WriteProcessMemory
                                PID:756
                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A8FCFD45-FB21-445B-9536-CB78DEB28E27}\EDGEMITMP_5D3D8.tmp\setup.exe
                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A8FCFD45-FB21-445B-9536-CB78DEB28E27}\EDGEMITMP_5D3D8.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.265 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A8FCFD45-FB21-445B-9536-CB78DEB28E27}\EDGEMITMP_5D3D8.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.146 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff7b75b2918,0x7ff7b75b2924,0x7ff7b75b2930
                                  4⤵
                                  • Executes dropped EXE
                                  PID:3368
                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzE0NUEzQjktQzZCQy00N0JFLUExRjQtMzMxMEVGNEFBNjZBfSIgdXNlcmlkPSJ7NTUxRTFENTItNEI5Ri00ODVCLTk0REYtRjE0NDgwMjg3QzEzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDNDU3Rjg4QS1BNEIyLTRFMTEtOTc3RC0yOTQ1NTg2QjUyMDJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMxLjAuMjkwMy4xNDYiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4NTE4NzA1NTYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0ODUxODcwNTU2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTA1ODg1NzI2NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvOGY4ZWY2NzYtYWNiMy00ZjE1LWE4NTQtMTYzNDRjYTAzZTkwP1AxPTE3Mzc3MDAyMDEmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9aFVjQ2g3SXpUZnNFMElpN3FGRWVUelFYT2U4WGt4V3d2MGk4c01BYkl0YUpiY3RsZXk2YXMyczlEZHQ2WXp5QlYlMmIweFZGZWhDVDhpRTNTeXA1dGRCdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3Njc1NDI1NiIgdG90YWw9IjE3Njc1NDI1NiIgZG93bmxvYWRfdGltZV9tcz0iMTM4ODYiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDU5MTY5NzkxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTA3NDMyNjAyMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTY5NDQ2NTMyMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjM0NCIgZG93bmxvYWRfdGltZV9tcz0iMjA3MzAiIGRvd25sb2FkZWQ9IjE3Njc1NDI1NiIgdG90YWw9IjE3Njc1NDI1NiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNjIwMTQiLz48L2FwcD48L3JlcXVlc3Q-
                              2⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Checks system information in the registry
                              • System Location Discovery: System Language Discovery
                              • System Network Configuration Discovery: Internet Connection Discovery
                              PID:856
                          • C:\Windows\System32\rundll32.exe
                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                            1⤵
                              PID:4968
                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                              1⤵
                              • Executes dropped EXE
                              • Checks system information in the registry
                              • System Location Discovery: System Language Discovery
                              PID:1484
                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E16B3E5A-79D0-4F51-87B1-9E0C2E1BFDC4}\MicrosoftEdge_X64_131.0.2903.146.exe
                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E16B3E5A-79D0-4F51-87B1-9E0C2E1BFDC4}\MicrosoftEdge_X64_131.0.2903.146.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                2⤵
                                • Executes dropped EXE
                                PID:3112
                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E16B3E5A-79D0-4F51-87B1-9E0C2E1BFDC4}\EDGEMITMP_25450.tmp\setup.exe
                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E16B3E5A-79D0-4F51-87B1-9E0C2E1BFDC4}\EDGEMITMP_25450.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E16B3E5A-79D0-4F51-87B1-9E0C2E1BFDC4}\MicrosoftEdge_X64_131.0.2903.146.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                  3⤵
                                  • Checks computer location settings
                                  • Executes dropped EXE
                                  • Drops file in Program Files directory
                                  PID:4136
                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E16B3E5A-79D0-4F51-87B1-9E0C2E1BFDC4}\EDGEMITMP_25450.tmp\setup.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E16B3E5A-79D0-4F51-87B1-9E0C2E1BFDC4}\EDGEMITMP_25450.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.265 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E16B3E5A-79D0-4F51-87B1-9E0C2E1BFDC4}\EDGEMITMP_25450.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.146 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff63d952918,0x7ff63d952924,0x7ff63d952930
                                    4⤵
                                    • Executes dropped EXE
                                    • Drops file in Program Files directory
                                    PID:4668
                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDk4MTVDNDktNjRDNC00NTVDLUIzNkItNDY5Q0U5NERFODU3fSIgdXNlcmlkPSJ7NTUxRTFENTItNEI5Ri00ODVCLTk0REYtRjE0NDgwMjg3QzEzfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0RGRUQzMEM0LUIzQTUtNDVDNy1COTlCLTFGOEMzMTg3RDBENX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtFK3hiQXo2WTZzVTEyODliUzZxbDRWUkxia2pmQlVHVE1Kc2pySHI0NGlJPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzEuMC4yOTAzLjE0NiIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2NTg3IiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzODE1NjkxMzQ2NTU1MTQwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY4OTk5MTQ0NjciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2ODk5OTE0NDY3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjkwOTEzMjg4MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY5MjI4ODI4NTkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc0MzQ0NjI4NzgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI5MDYiIGRvd25sb2FkZWQ9IjE3Njc1NDI1NiIgdG90YWw9IjE3Njc1NDI1NiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjEiIGluc3RhbGxfdGltZV9tcz0iNTExNTgiLz48L2FwcD48L3JlcXVlc3Q-
                                2⤵
                                • Executes dropped EXE
                                • Checks system information in the registry
                                • System Location Discovery: System Language Discovery
                                • System Network Configuration Discovery: Internet Connection Discovery
                                PID:3576
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:4068
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:5112
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2360
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:4872
                                    • C:\Windows\system32\OpenWith.exe
                                      C:\Windows\system32\OpenWith.exe -Embedding
                                      1⤵
                                      • Suspicious behavior: GetForegroundWindowSpam
                                      • Suspicious use of SetWindowsHookEx
                                      PID:1480
                                      • C:\Windows\system32\NOTEPAD.EXE
                                        "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Sigma\Cryptomining
                                        2⤵
                                          PID:628

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Reconnaissance

                                      Resource Development

                                      Initial Access

                                      Execution

                                      Persistence

                                      Event Triggered Execution

                                      3
                                      T1546

                                      Component Object Model Hijacking

                                      1
                                      T1546.015

                                      Image File Execution Options Injection

                                      1
                                      T1546.012

                                      Netsh Helper DLL

                                      1
                                      T1546.007

                                      Privilege Escalation

                                      Event Triggered Execution

                                      3
                                      T1546

                                      Component Object Model Hijacking

                                      1
                                      T1546.015

                                      Image File Execution Options Injection

                                      1
                                      T1546.012

                                      Netsh Helper DLL

                                      1
                                      T1546.007

                                      Defense Evasion

                                      Indicator Removal

                                      1
                                      T1070

                                      Clear Persistence

                                      1
                                      T1070.009

                                      Modify Registry

                                      1
                                      T1112

                                      Credential Access

                                      Credentials from Password Stores

                                      1
                                      T1555

                                      Credentials from Web Browsers

                                      1
                                      T1555.003

                                      Unsecured Credentials

                                      1
                                      T1552

                                      Credentials In Files

                                      1
                                      T1552.001

                                      Discovery

                                      Browser Information Discovery

                                      1
                                      T1217

                                      Network Share Discovery

                                      1
                                      T1135

                                      Peripheral Device Discovery

                                      1
                                      T1120

                                      Query Registry

                                      6
                                      T1012

                                      System Information Discovery

                                      7
                                      T1082

                                      System Location Discovery

                                      1
                                      T1614

                                      System Language Discovery

                                      1
                                      T1614.001

                                      System Network Configuration Discovery

                                      1
                                      T1016

                                      Internet Connection Discovery

                                      1
                                      T1016.001

                                      Lateral Movement

                                      Collection

                                      Data from Local System

                                      1
                                      T1005

                                      Command and Control

                                      Exfiltration

                                      Impact

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.146\Installer\setup.exe
                                        Filesize

                                        6.6MB

                                        MD5

                                        e8e8b726812f34db032aca8b97d8ae7f

                                        SHA1

                                        cfc2f7ddc42bcd55bc1de597dbd228faef9573c0

                                        SHA256

                                        46e9e7a54c7cb4b0f6f3eba955827af81cfd62bc7ba2b374c21ba7e802d820a7

                                        SHA512

                                        f26ae84b91c2f3cfb8b531c4ddcee86e3a95744d4d52162b54b055827952c78c3fcd138f1508babbab68c04b87138a74d9b81ae7ccc6919b2c4f482f71dc1d6d

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E16B3E5A-79D0-4F51-87B1-9E0C2E1BFDC4}\EDGEMITMP_25450.tmp\SETUP.EX_
                                        Filesize

                                        2.6MB

                                        MD5

                                        7349ba3fd11e969251f9ce1f5daf8f78

                                        SHA1

                                        04e7417dc17a848b2fcfeaebb84e403a77ae9b1c

                                        SHA256

                                        bc16ba05ea264056790d6fe3ce3d253e7a601f4087ff1908d9cf2a936528c57b

                                        SHA512

                                        e1fb555ff9b641efafc9e0715af620f7f58b188f8340a64d9fce5270fafc67b709f2aa1b0989d8606bfce53ce94ed9ca6c5cdaa77dbe63055f29644ba736840c

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\EdgeUpdate.dat
                                        Filesize

                                        12KB

                                        MD5

                                        369bbc37cff290adb8963dc5e518b9b8

                                        SHA1

                                        de0ef569f7ef55032e4b18d3a03542cc2bbac191

                                        SHA256

                                        3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

                                        SHA512

                                        4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\MicrosoftEdgeComRegisterShellARM64.exe
                                        Filesize

                                        182KB

                                        MD5

                                        8f7c44e937ecc243d05eab5bb218440b

                                        SHA1

                                        57cd89be48efe4cad975044315916cf5060bc096

                                        SHA256

                                        bc3cdd57a892ce1841787061e23e526ad46575460cd66c1dc6dcf0f811563d59

                                        SHA512

                                        9f0020b81d1945fea12efe1a0a5e59caae4a01432429e065e35c73b15db873253094b2ff1f8903a348446dfc9c9fb658f8bfed8c25bc56e8b546c16304a385a3

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\MicrosoftEdgeUpdate.exe
                                        Filesize

                                        201KB

                                        MD5

                                        70cc35c7fb88d650902e7a5611219931

                                        SHA1

                                        85a28c8f49e36583a2fa9969e616ec85da1345b8

                                        SHA256

                                        7eca199201273f0bcff1e26778cb535e69c74a69064e7759ff8dad86954d42b1

                                        SHA512

                                        3906ddb96b4b1b68b8c2acc940a62c856e8c3415a1b459f17cf2afc09e05751e0086f8e4e5e0ddd8e45cfb61f811bbe4dd96198db68072b45b6379c88d9ea055

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                                        Filesize

                                        215KB

                                        MD5

                                        714c34fe6098b45a3303c611c4323eae

                                        SHA1

                                        9dc52906814314cad35d3408427c28801b816203

                                        SHA256

                                        fbf495968c4a385ff0790e6b65d26610ef917a2b36a5387eff7ae79d7a980ac5

                                        SHA512

                                        68a65496275a1511b2d3bd98ac5592cb1c1eb9df0448471a8985cb2f458c66163e6d55545940de72dea80118ff8ec7ba0ad3276f51095f55c1243fb9f3311345

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\MicrosoftEdgeUpdateCore.exe
                                        Filesize

                                        262KB

                                        MD5

                                        c8b26176e536e1bce918ae8b1af951a2

                                        SHA1

                                        7d31be0c3398d3bad91d2b7c9bc410f4e45f37be

                                        SHA256

                                        be6ab7dd506e44a0a9eb0dd531929bd8aa0796d85a0353e6944bc6bf1630b717

                                        SHA512

                                        5a362cbabebbffbb0797646576b65e2934a3b0a30306d74078ef2448fea3940df14f0b8f149691a100cc170bd548c9b420dcc8aa41eb1ea0700c9f155626c565

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\NOTICE.TXT
                                        Filesize

                                        4KB

                                        MD5

                                        6dd5bf0743f2366a0bdd37e302783bcd

                                        SHA1

                                        e5ff6e044c40c02b1fc78304804fe1f993fed2e6

                                        SHA256

                                        91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

                                        SHA512

                                        f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdate.dll
                                        Filesize

                                        2.1MB

                                        MD5

                                        40cd707dd3011a9845ff9c42256ea7e3

                                        SHA1

                                        4045ae709979f75b1cf32142c1137b4be2ab9908

                                        SHA256

                                        9f4c7072716e0be1be08207a7024a5e41162e288e677d805be8e5469a8bd4909

                                        SHA512

                                        bf1ada8a0d9c3d9f39fb739d05fc4a61f0a7e0e1bb5eb44e6f0f5f58381ee6d80aad89dbc3211b70a6294fc69d5820c70fa8488ef2f793a3710ecff5ee90422e

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_af.dll
                                        Filesize

                                        29KB

                                        MD5

                                        e91e279752e741b25cf473338d5aac88

                                        SHA1

                                        2b8ea61868a26408cd1dd351cca5139a046bbb7b

                                        SHA256

                                        5635ecedd84330f070a9d6f4cea8b8b81e9dad8592d336ebfd236b7d67e58acc

                                        SHA512

                                        7404cdb82309351a21415b045fc7165137492aa262d00fd0f74bad4262ce10e86c3bde1718c38757b7133e41d044035e731c52cccea285d659c4a570776ae535

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_am.dll
                                        Filesize

                                        24KB

                                        MD5

                                        bd175cb3dfc1d43944223bd5d7177539

                                        SHA1

                                        193623dc372937f31a545344d340360665b8d69a

                                        SHA256

                                        bf0d65cebe0c29f15a616a0dda2f1a414e3f96fe7a28ff7876e811855be6621b

                                        SHA512

                                        f5742352852837ce16f3cf1655e4d41e301f0351b68c7346457978aa310b95b69b1070741fc2ab8be5ff449f6fd44660df3b15811630efc1420ced1455fcaf5f

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_ar.dll
                                        Filesize

                                        26KB

                                        MD5

                                        42015aafd53012b9c8afa009ee501fa0

                                        SHA1

                                        c1fc049feab4fb4b87faf96c31b3d1160f1c1d39

                                        SHA256

                                        86858a1807e6cf0b91565ed7a5a15db24720b0a7f60ae41e67dbf9faeb6ef2fa

                                        SHA512

                                        9ce323da000b51480ee35973872fc7d181e1f69e820ac737c62c36eaa81eb99965bae39fdd394459adfaf8f746f5dc3b768015e01d8724e2d0718f5286c29389

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_as.dll
                                        Filesize

                                        29KB

                                        MD5

                                        8a54873d54a41442b62f9fea9492d3a6

                                        SHA1

                                        fb19af151b15f4bdb7a555924f1835b0337ff1d7

                                        SHA256

                                        af9bdd050b27b8883f72e3596179fe244a6a2e3545950c82889aac7198cf3c32

                                        SHA512

                                        7cc0a578586853afd027264c3898cb1460b23a47eab9c79e064b9f327fbdee6e3f9bc7043a5a76a710ada05edae4ac0b47529be3ae67ca9b5afaaa16151797c7

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_az.dll
                                        Filesize

                                        29KB

                                        MD5

                                        e47db9afb646fb31cc8650837f487134

                                        SHA1

                                        f304204c908ea1fe2bcaf76040d5d1f13f1e99e0

                                        SHA256

                                        4e03ed7a538793fdcd4c646c62ddd278c46911099e6485bb2644a17ad3a8ecf6

                                        SHA512

                                        b2b01c86c78ec3450635c0fdef9666ce302600956e8def3bb02d205ba2a11b3d422520a64361c6f666998bd82b5557ec96cbcaba9e1b712c756e75128c8f9bc0

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_bg.dll
                                        Filesize

                                        29KB

                                        MD5

                                        5887cd452245dc7bd0389a0ad5db98e0

                                        SHA1

                                        6486d0ae59ba338e8bce87b438f86691e955840d

                                        SHA256

                                        922a102cae4e74bfc0b402bbb136116eddc71a8adcf7f1268d48006c858d1d60

                                        SHA512

                                        0720aaebca04e84d8af2d7b153b0fc51e5651cf664051b8c4b44159ed4c6328eb237ba4f4c97bebedbb1a45ca5c1d0f249cdccac76c6d5619e0e761d12aaaba1

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_bn-IN.dll
                                        Filesize

                                        29KB

                                        MD5

                                        6aab6d42c7b7a90523a3272ad3916096

                                        SHA1

                                        cc638bd6ec6478734b243de2daa4a80f03f37564

                                        SHA256

                                        67180722f255985e849ec3ab313dcdc0bf2834bad7b6163a0b14587fdf4b4c66

                                        SHA512

                                        ebc17e0ef86b8e5bb938040ad78b299e33d1228c730666526aab27e464626b71ea900cb6dbe074bda5e42e77cd569b083637e233d757b8b0bdee2df2e0c509f2

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_bn.dll
                                        Filesize

                                        29KB

                                        MD5

                                        abc20df0545611a835dcd895d2832cca

                                        SHA1

                                        39e90363156c461e5aef64a714ba43cc61617ee5

                                        SHA256

                                        75d8c2e259b4d113c0967615af61e8f54eafb49c498767291627faae9fcf504b

                                        SHA512

                                        732f31d175f08c5c69b9cf540e2b0e72b8986b44d1ebfdf0e56eb56b68bea64e6446932a546f1fc30dbbbad4ccaf6bc935177a6348c5280ef786d6d8dfa7b325

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_bs.dll
                                        Filesize

                                        29KB

                                        MD5

                                        327e92c7a55ec996ce09dfcf8c89e753

                                        SHA1

                                        2a51c99519257ddebf0d8280d46e0c0fd416e7a5

                                        SHA256

                                        2b61608a7aca43b7ea4374b79acc6e15deb382eef0fa8751c8e57e03e061cab0

                                        SHA512

                                        ac3ca0f66b899759f0d23ba64ff291486edb1e1d3bb626ad3efe3e3a6fd2aa4081411546e4849ff1645dcd26161f35defbd8442278e6d6f66311780c60474296

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
                                        Filesize

                                        30KB

                                        MD5

                                        e0d2675c6de1b8d4e5e463246529a304

                                        SHA1

                                        132dace535b9cdc7a4e5f6137407d5becb23c4c6

                                        SHA256

                                        4af082aa0193b9b15622eba1f6165d0b6032b4dab17ba16a8a9affb267ebec34

                                        SHA512

                                        afafc1ca5abc636066ee98a6c68356d68f506fe3734a4b3e68073eed1f2ddc51840464e91d3cd3b28648fcc26b9457ef6484100f9543739220ad75a9eecb1e90

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_ca.dll
                                        Filesize

                                        30KB

                                        MD5

                                        bfac1c3869df5375aedb24458cf321b7

                                        SHA1

                                        848232c155c7dca65f6cb22d27a72f2c78e964d8

                                        SHA256

                                        a9f5cf25b9512e1d30ecb769a5eeb694888b72b7f05b78c417814802c5aedbd7

                                        SHA512

                                        732270e8e8036f8ec59c214ca3804c6c67420bcf5fd633347c764f90b06b25fd73a0c7aa75ec42461ae3d3570fbfec5c5a7eee10e8d494b805b7c7e0d4aa227e

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_cs.dll
                                        Filesize

                                        28KB

                                        MD5

                                        c5681c3b4a8145d3b6cbf51e3f0b12fb

                                        SHA1

                                        908a0546ce091906aa5e7728660b838bf1e619e4

                                        SHA256

                                        2b47a6c19ec492149eca6afb03ca82ac1418a727f35cb641bce9f22136dd3459

                                        SHA512

                                        06c850119b5199bfcec41abe2b5e6929e0a960b69337c6048e0dbdd37ca56401885785de96cec235093a4d6536d9de55178a4c739a6ebd5e34514e12635b6d31

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_cy.dll
                                        Filesize

                                        28KB

                                        MD5

                                        3206ad1fbe5c53d278607da7767b1996

                                        SHA1

                                        6964da8787c299e71f8428b22ed8ff6909912034

                                        SHA256

                                        9ea2727ca92f74c7c35ea22287f13ef262241a905567b908e2860f19e044a848

                                        SHA512

                                        38281ab3590a2e6210d1d9c0d1f5a4a3ef19772065f87d94570bb448fb83ea0579aa8bac9e94b05ba2b6bb2bb882f1be6d45c921c52ca2f0608056512fb3338c

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_da.dll
                                        Filesize

                                        29KB

                                        MD5

                                        7f0ce1bf90bc88d5fb4d32d359063868

                                        SHA1

                                        59d8ba8397c325ed7b2dcd6a262906795549af6c

                                        SHA256

                                        1147a2cac674209b9087f7c81c09000a2177bb7d42d0d518e3c93d8a9ee2d7fb

                                        SHA512

                                        5cd723cad43388c7e2db4452caa20c07e73a676c82bfaca27a293ab70acdbb115fd82c7a65dee3e6c6d8969c4b99e90ce832760b6f7ab47e9a4f631ce53813d7

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_de.dll
                                        Filesize

                                        31KB

                                        MD5

                                        d9eb30f1811161a6903901f1ff316ebd

                                        SHA1

                                        7ce5e34af30e821a0bbb7074da57636c1be15d6f

                                        SHA256

                                        73b4fab09f7f224b2527dffdb617b7f852c78eca8989d493ba2fa2201b1becf3

                                        SHA512

                                        9d2e2a44fd027c30836254de1ec99fdff4bad2d3488f25d88a9f80f5f994dd5c660903dd3586dca85fa9e1a269ac8c51b5a060156fa65dc1df0d8137bf878c82

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_el.dll
                                        Filesize

                                        31KB

                                        MD5

                                        85dadb4cac0d76fd821346c411d5c3d0

                                        SHA1

                                        999dc0bd7250f71465f5098dde263a7a82ba7b3c

                                        SHA256

                                        1392f864c486e4b4b6859d900b12182f5ad5ec90e183808ab7ed0049aedd807d

                                        SHA512

                                        649833bf473139db879c2c7218567c49ad6436e3af1efdc7d9e9d48b8d3347e2bfacd6140a59d7973fa9df9cc9cab0e042bdaa7dbf32846bdf6b812b7ecaef07

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_en-GB.dll
                                        Filesize

                                        27KB

                                        MD5

                                        5d4f7ab307f71d761a7f0e193f4b2ca1

                                        SHA1

                                        a3580268a98ad5242c7c56fa759f39276b6149de

                                        SHA256

                                        e2f0a11b5269b08261397e2ba8e2a5e44d5bf2e042a1cb91ad395d7c274b44d8

                                        SHA512

                                        307c489db833e4f2c74ab5201909ad2c53c691e0409f5abc29540a84d1c5ae146a072fecaa0ac886c83e4521fecc58ae5b0ff4331f3b37f39114d1fdea731021

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_en.dll
                                        Filesize

                                        27KB

                                        MD5

                                        cfb71031c56d9e8b9490d01fbe86302c

                                        SHA1

                                        9e11ecf5efc88e0beee1db46620bebc73f86dd21

                                        SHA256

                                        b18e14d0e24546193822b83996c5b311500ca213beb4d497cbd1dda9dac9db2f

                                        SHA512

                                        9cf993ea53673e416eead78d45a6d700b74001b69b1b987d479e77348ea8dc151f4ba6d6b1220db21ce792f9da51b9c83f33663621f9350b848a766ceae92370

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_es-419.dll
                                        Filesize

                                        29KB

                                        MD5

                                        b25a10d8b739ac2eac10b7b7fc7a61d5

                                        SHA1

                                        ec993d8113e4c0a4a1b36920a8991521e4f7eb57

                                        SHA256

                                        cad0cef66ad1097dc11e6396d0a0fb11ec1734acfde15e9eae402ba0d068615f

                                        SHA512

                                        315971e819d2c3dc5fc30ffe2275c3608125f1e4f14dbeb39aa0fd014291dec0c5efb3e02628bf345c92ea0faaa38e30d4ed5c3793995afff9cb9c933f234513

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_es.dll
                                        Filesize

                                        29KB

                                        MD5

                                        6c3d219e2169f5566a8bed031b21bdc4

                                        SHA1

                                        073a61c02b87e37e87fd3c8e609a56828ec49a47

                                        SHA256

                                        3a841555813f21928fdd45003a3f694a87074869b001b3e063eb97ad35d8fe17

                                        SHA512

                                        2b57d8325ada86a1ea01df0c7d0122875450f913bc8c21d8a7dd44ac7037a170e2f4fc92c13c58980aa9371a7bdfdfee34b9e188e16ad0b89181f7f901467152

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_et.dll
                                        Filesize

                                        28KB

                                        MD5

                                        27d45a84e2b94a60d5a821597fdad6dc

                                        SHA1

                                        2125fe5fbaa2db280a859ef3a7d27ba21efec036

                                        SHA256

                                        65f3cd75a7121dc3d417a9c3180bb52b485b5e7d0ac3b483fa355d13515f970a

                                        SHA512

                                        eddccfeee69b7a53adf32e72724ec8ba1668d1927322ce61429a4c663cf3d17e3f6f59fe1930b96f78faa70d30edfd7845ba53cc161f06a4e67ad43d11cd576e

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_eu.dll
                                        Filesize

                                        29KB

                                        MD5

                                        d8323f3db20d104441f548decfd022ba

                                        SHA1

                                        de7f58b9ee7cbcad73433a17ff55385fd7e91035

                                        SHA256

                                        d07d8eb066e953af02a6e3a160232a73c1b66bb54d93d6b2ebc1557d1d322358

                                        SHA512

                                        7de3a803131086c3368d4acada0b6a29ef4ed4102a151eb000056c233da4853c97e394c98d6fd856714758ee17a0cc4c3df061a1b5d2b2b3e3bf95447bb729a5

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_fa.dll
                                        Filesize

                                        28KB

                                        MD5

                                        6ba182cbb744541288629a2464ba99e6

                                        SHA1

                                        366751e425128654514dc82112238a7d6f4c9908

                                        SHA256

                                        cca362dd297b8d8e20893cf4da8cf9efc9848f97a04a9d69cabff67ae947607d

                                        SHA512

                                        ab3da91d7ab7150100b580d7b25a5fe9cea67affb1c4ac9e479b70e2d17ebb14a0745bf62ffb3792b8ce4cbea130cbd0012053a5dba7930252e2c09b763ea658

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_fi.dll
                                        Filesize

                                        28KB

                                        MD5

                                        e7a774a7b404ab800efbdf7ea52e7ead

                                        SHA1

                                        3f0476821281614b9ee32faa5c534de5f6dc21f9

                                        SHA256

                                        1e1f09beed91a6a84535a1cf2b4df5e416cbbf785546f798d736009e31f95691

                                        SHA512

                                        85091f8bf809e88e248f4a899682f15586a083d1bb94cb5674da0e463716fa927ebef578519b653ac4ced381f98c4cf7a409c1ed52927dcf7fce4813008ce900

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_fil.dll
                                        Filesize

                                        29KB

                                        MD5

                                        1223e486deb013055cb0b7729681b9ed

                                        SHA1

                                        b5b43fa89f066a9b6ceb47389c05b69ea6a784ba

                                        SHA256

                                        fae283a78757cdc548c728a38cb041db4ffe538c5ee7d2aa2f55e3469f95fa25

                                        SHA512

                                        8862d2f4778bfd0659dcf9dfb992072767af30dea46b34d626580ab8183a765d0c0f95a7070f0aa36e694d9e559f843672000aeaa4d8abdca60ff83da5a2b857

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_fr-CA.dll
                                        Filesize

                                        30KB

                                        MD5

                                        9fea64a22d045d8edc38a9b8480a9c12

                                        SHA1

                                        e3342e26166a43a21729b8aadeca653c03dc0528

                                        SHA256

                                        2f324851f0ccd101884b78fe1eb07c2da2932a68015eb8cfb4c801e288c8771b

                                        SHA512

                                        a3601640cf961c88efa476125a71786a109d23355922eda45b5be8824ccce650d703546c5c8c281308dce208edabbeea5cbc3b44ed678d9d36970c4e5f236c0f

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_fr.dll
                                        Filesize

                                        30KB

                                        MD5

                                        498dddf273f0f2973b1c4581e820f10c

                                        SHA1

                                        aa048015a3ed6ebf9b4848a9cc54beb5e39eedd7

                                        SHA256

                                        9ec8cec72404794a2b2a738502c7f531d976d8c99a57d2b5d2f0f2e818e35e04

                                        SHA512

                                        3596b20469daece28496a13b02ae0c1cd9265fc0046e1fffc384b8a16a4869402831386679c3e9cdfe03903df0b191d2fdc04cc531104c9c0d84bef24eb4d60e

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_ga.dll
                                        Filesize

                                        29KB

                                        MD5

                                        81d35302b31bef2a99e154eb64abbaa0

                                        SHA1

                                        ea72f2aa526ea299d5515921fa0ac8f502ce3cde

                                        SHA256

                                        0133af05b669f957174a22b0b568a17a9bef1e387f52ae157766fae42d4e647d

                                        SHA512

                                        4d1df9684e7247ec0d8fbfdcfdb6ac5b2811de649c5b7ee4a20e5733307cdf5855ff767ebcb12ba15b33be58d82bacf9a02522126d927304e11f8e64261b46bc

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_gd.dll
                                        Filesize

                                        30KB

                                        MD5

                                        2e88f4aec46a293b3ec9bca2d7d2fe73

                                        SHA1

                                        ba34b9635832b2704942d7cd8578c8d70f0ffd2e

                                        SHA256

                                        f7278ba46204bfa387eff0e72fb2a8dd32ccea154fb268a8c39b03ad5334cf38

                                        SHA512

                                        b7f655cdaa3a34a8e0e00186cc49986cf283785a133af87ae47c3a3614f0d15d5b51b4091ff33bd0fc445815665edd37d378a9665d3831d2281b0bf6cc933c87

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_gl.dll
                                        Filesize

                                        29KB

                                        MD5

                                        2dcb17e8da6ed1a62a53029940592cbc

                                        SHA1

                                        b12941091cd1a554cd23d38dffbf75ec8ff57848

                                        SHA256

                                        a6770040c2f93ffc5c542dcdb1e7ea529d6036920957a9709153d80d360b178d

                                        SHA512

                                        0c82b39c7128d81739f64346948784c60d2cc409b637d5ca79825ef12766c10861ac3c119a5f232b12f52e50d3ba6818532968c75fbf455e75bd3be83c931f10

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_gu.dll
                                        Filesize

                                        29KB

                                        MD5

                                        571b69e1a8f9cac5eca53ba624aae924

                                        SHA1

                                        89798cdf858a4ee42ab4ffc01055c0463b6c4c0a

                                        SHA256

                                        37e67d7511d261ba1e022c9019d1b223d6d092260f97b471fbe2259ac5af6d3b

                                        SHA512

                                        961834f77c2683332b7a650360c09fb08e7efedf4249e48662b9a4fb9534bdba687eb9320da1a3aafe6a9c30d624c4bb94b55e1bf086a970354df61f2065e181

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_hi.dll
                                        Filesize

                                        29KB

                                        MD5

                                        4e8b170283c3f3d182eca7ce97e71a08

                                        SHA1

                                        93d86d961014b12c1a376effb3c568318db1ecc6

                                        SHA256

                                        0eb7739ad2863ccc13fa5cdb805189634728a7613918cd54bfe53a06d9c26cf9

                                        SHA512

                                        76a384ede88986c03e659c61e5409446bb472fa50c2e2e6f6e907f74e675ef0c5e932d950733ee6dc0c167881bc948d7ba9771bb77f31db3fb540277afb829fc

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_hr.dll
                                        Filesize

                                        29KB

                                        MD5

                                        54df61c0431c61851d8b61427f2cd68e

                                        SHA1

                                        84c99b724a2a5f321fd161d3beceb894e377a121

                                        SHA256

                                        6e96de38195de0095c6ab16696ccde2577a65e8c23d07f31e9f3c9f52d76c7ab

                                        SHA512

                                        46bea4f17fb327bce8bc6cb5329b7086a772a6eae07a8f2f34309a42acbb9f3dadd675d9c8d9f9e72c85149b48419fb5807acebbcee5bee150c754f94e98d7c4

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_hu.dll
                                        Filesize

                                        29KB

                                        MD5

                                        6b201af2eae546c9b638e38cabd9676d

                                        SHA1

                                        626b2029d573f371dbeb7b7878779383adc6253d

                                        SHA256

                                        c849d765c73a969ac10acff6195edd9339054b93a15152e5d1eb1fd1b5017b06

                                        SHA512

                                        1c35c169cf16a37a5537d0911af7da64ce9a0f999e76464f3410ebb224b9e65bc71deaa253e549b196c52409127b55cbb2e4a39bf9731b3ee76dae560b74fc2c

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_id.dll
                                        Filesize

                                        28KB

                                        MD5

                                        17162657113e9d8d7c1763bfc0ec991d

                                        SHA1

                                        f2507d9d1516bbcfbe408186894474c592f141a3

                                        SHA256

                                        60d759405a83ec4bb64144ed61b0e9a704bfb3b74e8f956277df71a38b19fc9e

                                        SHA512

                                        450e90b4c8ee384994cd6f56677dcacff258eb12442af3fea3a977d7d00b943a1b1f6b12769d4a02aeadc4f4c3b82a06cf8a667ce6691ace5d479d1261a1a629

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_is.dll
                                        Filesize

                                        28KB

                                        MD5

                                        625060f019c3bb8f1d49a9b128e1e4e6

                                        SHA1

                                        0e22bd7e23fed0e856a09bfaf5ee105a3dd27edd

                                        SHA256

                                        6117fb49f06f4d8e7268de9e41862a940fd36600e23f670f3c77ec0adb27257b

                                        SHA512

                                        962910c5a438b0289eea0402a262b8b7920255a1dabafdcc477cbebcc36a1c31b69784947c794bf720e16c0798cd958616a763e67c42327a94f7e66daa63a07c

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_it.dll
                                        Filesize

                                        30KB

                                        MD5

                                        258b52e60a1e353b6117917154c7b24d

                                        SHA1

                                        c109ef8d1382991b02fe953679bf3fed063e9e82

                                        SHA256

                                        2362d8f1e8f2c92e43659d73052f2a43dabf95121f852d6d04471710f2c7109c

                                        SHA512

                                        fdaf605922e728f87d7d916f75a83f78f4549dbb35f9d2e7717d369cd658075655a1b903e705b5cb609880033c080e4b3135902fcaba7a8a96c2904f05d53164

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_iw.dll
                                        Filesize

                                        25KB

                                        MD5

                                        973e14a5557248bdc2cd3a5fa3540a77

                                        SHA1

                                        66818135e202fc53711053ceba04ecc8b9b28506

                                        SHA256

                                        0af05d8af74609c9436ed0dcd3df52f7ef3dea8b786c85376c57c0cf128b3045

                                        SHA512

                                        e8c271f52fee4f249c27c4c344b5ecbab796227aabeb36b0b7a7d82d5463bcaa707b1f8ea47b863f2d87b35fe9b361ae2e2b7d1c16a4eed0ce0d530e1e34b26a

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_ja.dll
                                        Filesize

                                        24KB

                                        MD5

                                        dd5aa26cf2d67f50540da8e552f792a7

                                        SHA1

                                        0b14b06a2beb63fde2c1bc86c49a5117287de2c7

                                        SHA256

                                        b11af70867ab588c412cb5d5cc36ec888e74a50f508eb31a28db559aa00f8a35

                                        SHA512

                                        9bc1d7965a66ddbe7dc3fefbf2eb445a0857f83a28b2b3e120de80b03b51e87e6acd20569f2b002bb7adc41cbfe147572306094d83c8ffceb44f7a8417d89e0b

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_ka.dll
                                        Filesize

                                        29KB

                                        MD5

                                        3cba4b52b099039d2fbed395a3bc7568

                                        SHA1

                                        1a5204510d2c02d02ce361c7a3295498a60efabe

                                        SHA256

                                        79d4684d4d365b2c89f16fa0522f66031a1037cb4ad2a33050ed97a1df825990

                                        SHA512

                                        6ea41e61e4fa8cbd73e693db860a84bb4c6389b0aa5aace965a9567f6c16ae23fd51c018c6d96a1c08500a3cfe6327cc4c9ca9aa6bf9ad0b2f0d0c71e8922e05

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_kk.dll
                                        Filesize

                                        28KB

                                        MD5

                                        6543ba7290488f5e3f68675a598255fb

                                        SHA1

                                        7359895f909776c5f14f6e5ed0fa11cd50853cd5

                                        SHA256

                                        df016969fc3ae57abbe8fa9f811364cd84612af0e819284b4d1acce981f6c21e

                                        SHA512

                                        90f376c59d67d89bcd646895209c0fca92866f9866e1cee7a51745077ad05f730cea2624837baf1e5ba92365ff46955ece98938849b87ed7f89a92897949d0f1

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_km.dll
                                        Filesize

                                        27KB

                                        MD5

                                        4d101ce3ce6be285845e8f8bae548097

                                        SHA1

                                        195f314bcbee9cc373136334b5089e855e71286c

                                        SHA256

                                        3f11a2020839f5993e6e3cb9b5e7c5c659753cfa49257d3ebc015da6a8ead94a

                                        SHA512

                                        c31214e9aacfe7056be1f7ca6399270e644acef060d208d805b59bc6635772592ae166b06d038e2eb74218c451ef0fdbb09dc7e2ef6d23b751cbd6ae935cdf6d

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_kn.dll
                                        Filesize

                                        29KB

                                        MD5

                                        cd6084bee91407a5bb932cad81ca0636

                                        SHA1

                                        c9e56e6d15b413a8061ba38d05ff402b30688684

                                        SHA256

                                        01551c5de82d4d9b262735ecdc39fd6c4ea5a94acb9cb1dc4cea0e3bcfe7ee9f

                                        SHA512

                                        4d1cfa478050c87ff0c7d0b17ab7c23fc6bc400214b121bc86fc217b7b8b764c8109bdb15a3790822295556a7d8706aaeb8ff642b24d2fbd582b2ede61a76a7f

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_ko.dll
                                        Filesize

                                        23KB

                                        MD5

                                        e73046fc5427ed78ca02c7f50136efdc

                                        SHA1

                                        df58d20768edc25637ad8fa38f71d25a86633725

                                        SHA256

                                        49e0f43057c404a4ff5a2bc306f70c3728412b887e07870cdfd1f6eb3836ee88

                                        SHA512

                                        fce94d5a6b8f99a5af8f30314a0a7a5a3a557fefc630b907e5266c9f397bf6dd1a8211fa9d6535f75a0db7016ae20a3b295c4780383516d7a234225b798be584

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_kok.dll
                                        Filesize

                                        28KB

                                        MD5

                                        735d775e6772b5072227a3efc91d6f5d

                                        SHA1

                                        b302aecc725b87d3b0402be8d5b30c35084f2d81

                                        SHA256

                                        11c257e800ef3021c2d6147999f5192b28e48a0ff9d486be5e47c181744c15a1

                                        SHA512

                                        8dcd0e07b90ceb6d6f39af9077bd85eba46506791491eda63b05471a7f984c2d1b67cc1335f788682ade2124b32e8b5b436bf717f6b5e2de8276dddbdab3fd34

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_lb.dll
                                        Filesize

                                        30KB

                                        MD5

                                        8fc766f256ccd06f09106c10f9a20edb

                                        SHA1

                                        867c9da84a0e61a8b4787bd3618ed25aea80360b

                                        SHA256

                                        7cec1855457e12c2adcdc3790856f775fcac27bc4911258937f8b08ef0a0d1f8

                                        SHA512

                                        4f545d4914ab62743d2a0c6a461c03597d38b6a8ceff85b154629d2676f41b9cde7efe2e8131d2749321e56e7ac7d90e4f958917a989170bf505840bfba059d9

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_lo.dll
                                        Filesize

                                        27KB

                                        MD5

                                        f59fdfea8b8be13fbf3ee855f0f840fc

                                        SHA1

                                        32743d1ccc6702bdcb8e4e1320c60ce3ae0c3a36

                                        SHA256

                                        ca296d434902c4146ad1828ab96679d937d8edb85adf0184de00732d86e49d08

                                        SHA512

                                        fbf31397247f434d67f1f02751a12ecce46253e43218dff701c86ef3990d8ec8cbe50dc94b32810ec665e42246277ca14846ecc77350d0fb4a706b5d03c1484c

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_lt.dll
                                        Filesize

                                        28KB

                                        MD5

                                        f4bb4677d5baafb96c2489db597ef7ef

                                        SHA1

                                        ddb9566fa8f2206df5b2a6e71870b08a4ef3e418

                                        SHA256

                                        2a0e85a66fa811b55b5fda8dbb45b5db4ea01a32cfc927e22809ad5f3c8bebfd

                                        SHA512

                                        4beb5fa5ff8643622bb6c971a84f0af33328a98fc6caebc44f02d243c3aa5fb30f390dc65921fc1aabe7099b94a8c4e748c82543670053ff6d20a3c0a15a513c

                                        Download Submit

                                      • C:\Program Files (x86)\Microsoft\Temp\EUAC9B.tmp\msedgeupdateres_lv.dll
                                        Filesize

                                        29KB

                                        MD5

                                        f4d4b8ca1664b954595d872cd6ccccd7

                                        SHA1

                                        288231017312ede121141f94ba89051fb6f3c3f1

                                        SHA256

                                        ec7072699b9c3954d0eae183312d4041299a1f2cdccde2ed8de3fe96837745ed

                                        SHA512

                                        b1474c0c4e87f499d8f1b3a83b8b001c72a48656781e8c3df87cd0a5eb2a6d9fec5abdf56922eac3fade2df232322e804f315874d983fa256941d4e03ecb93d8

                                        Download Submit

                                      • C:\Program Files\MsEdgeCrashpad\settings.dat
                                        Filesize

                                        280B

                                        MD5

                                        5dbc00eb74b0ade3a8facaa326ca0e69

                                        SHA1

                                        61603fc62b3a34f8a8af88cfc9c34776ea350cc7

                                        SHA256

                                        b01561972d55fe37304e9d7be5f8ff95d2d94319610f253badd3f84dbdfd8125

                                        SHA512

                                        ddaa15278bf6d6ffeff4fe42a5a77a20aae9b891198fc429e4f6741d185e312876036f057e47fa38f3ef95f79ac3be4332ec0fac4726f202d83cfb8d1f70546b

                                        Download Submit

                                      • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                        Filesize

                                        96KB

                                        MD5

                                        ba45e13810fa2dc2ecaf8049337a9541

                                        SHA1

                                        ebd30f09340977358b46400aef6db1a13464280c

                                        SHA256

                                        b4cd4287ab8c9cbad77b1824f55619cac8cb51061bdab94a7afd95700366a198

                                        SHA512

                                        cad37f45e8b029d79b18a8145605841c610c31c7838a8cf300d676da44acb11b50ccd99ca4f95b0b9bf60a21b9058cbf53938a3e704c989dcf29b21bcb503554

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        280B

                                        MD5

                                        874f2be09960b78a5becb4aafc1255c7

                                        SHA1

                                        1229af60a6fd2490fb9ed38c64473738c4986e01

                                        SHA256

                                        88988ea910e07a7d8fa31573d6d87d8b6edf17a2ed5e8f70c00e1b0fb9a8b4c9

                                        SHA512

                                        07b3545270d7344f1fb4aeddd857e821df7f10be92577ef90cc78436b5901d703e31ebbd8b55cfa55444812061293467847fd70f822882749ad9fae764393a1a

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        c111ce5e8b4d77a1dd292cc280ac31d7

                                        SHA1

                                        942e675d8c216034b83ea5aeca83ec31e863fd6f

                                        SHA256

                                        cc10cd3417932c797507c8492635c30b86fe53c1e06233c8b5caf144aa1074f4

                                        SHA512

                                        0306db06878e5cf161d12158df7e9074d1f9a6d915555528cf2a70974f65eb62c49069c142ecefb2f07991896d551f1e38e94798ea5306478b1883a2a9973b9a

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        041d163bbf3cfbc35f7fb9c76ed6e13c

                                        SHA1

                                        3903961facb14778ef061cda7e2e995a7a968315

                                        SHA256

                                        9a12e734a817692213b9b94ffe5cb65d7acd8f9c79b04586fe0f32e030fc58db

                                        SHA512

                                        435cbbb35ace3932f83845459b209db247eec8f21734d91c3e1e81975b467aad94d67469bef8d9d9ef21ece644522c850ce411fb25e216ca0a4d6a6a8446a688

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        0af0d1396aa55bfcae590f15af2240c9

                                        SHA1

                                        b780dc28fb1d63a292b4b77051693038d0a388a8

                                        SHA256

                                        1d504a7d8e173284dde117ab65fe7d157d1526886a8d53c21076c9bae6620543

                                        SHA512

                                        0113dac87902e3ae1171a4f9e84c62a8fc2b51d31e0edbc62a8455c34e871e34b2646f6100f8178b1628bb80bb6126f8776847107066497ae5952da015439e72

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        1fd1b75684f48e8ae0e38b8385cb9457

                                        SHA1

                                        117c49e6ca644db7f53bd684c4d97bfa9ecb8425

                                        SHA256

                                        8d337eaf12a411de11d5fe177a74148ae68ddb69e3777b5adfff88cac6076fe5

                                        SHA512

                                        b111c3f47618d7e0049fcb7df1d062461fdc7b11b4e325bbe4271c011ccd148ed5dea7280625b6561416ae24fc3160776083d78e250af0f7c88463da09c85da1

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        5KB

                                        MD5

                                        8f84920df695d405089d5c9a5888644b

                                        SHA1

                                        63558a4f3d0878abb9e40fdd417a741a6375ada6

                                        SHA256

                                        82f71e1f0930124d85bf16669160e06fb87b853c4be5a589544801bdc76a2686

                                        SHA512

                                        f814483a7c1206539ed246a51638962a5b9726e6e3853e0a43bfda8ab653e6ad9873d71f8ca7921048a21b4e386560f140fd2f5066aa69ab1af0f669af7fca10

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        6KB

                                        MD5

                                        05540fd276896804ff3935b2e39e9c46

                                        SHA1

                                        891c4b2e0e0440ebab51d729cd619dae07c18d3b

                                        SHA256

                                        ec89fe338dcb4d3435b16fc9fc0c1df6cb6637afffb3133c7ce0ea32d7e548c1

                                        SHA512

                                        d4433557ce571c61d7c21ebbd450a102a4ff268aa4ebac0c18066bc50679c3e62840eae54deab7b2f3f7d4d01f3728de5881d069149631fc67f90fb0ff9e717c

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        6KB

                                        MD5

                                        d7e5fcf10a844ccb9ef9e5c4ef8ee14a

                                        SHA1

                                        b6cfaed45587d1e719c208cdab49ef1633fbc9e1

                                        SHA256

                                        b96545d4c6f63fb5dcc245339e8ee95ecf1f2c61d532c253d130d4ce4d5ff82c

                                        SHA512

                                        56f7a838276f0a9bdf7753bc5be673c817b4a9a591aa1bcbded308cff62b01b83c852fcba2122655e72fba6d47eff14af2858afe285036d82aadede21e19cb5c

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        6KB

                                        MD5

                                        8b50f1d774ce77867dc38d9cc88544c8

                                        SHA1

                                        e13f1d9d97c3fb16b9f4a5edba725a296ba37991

                                        SHA256

                                        82452fd85f4f02cb8b6e5ed7ac51104023b8f475ac2373ac3efe56cdaf9aae32

                                        SHA512

                                        610bc1943f36a48e0a55949442acacca3d7f3eb48c561784126c87881a8e6617d6cdc52c0c63a8fab86d5a33ad9b6b0fd487231b7933c7e10600489f9763cfea

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        8KB

                                        MD5

                                        e6dcfd0177dfaf3cec93065e368cd0fb

                                        SHA1

                                        a2108c167038c1e053e62980ae2c95d96f8479bd

                                        SHA256

                                        9a9d23a3eb3ae4f10fdea97c73384203d57020f5fefbb1bb28ad40a9864039db

                                        SHA512

                                        87160e9a36716054e2774175d30aa4f88b610ed3797bfcf17a9fd548ee00751ce0fa9fb1f30c2c722caf80931abdcc23a3c3df10601b9ecd0c21c00215d954bb

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        10KB

                                        MD5

                                        f6cb6db91b7259c79a831ed1aa68bc16

                                        SHA1

                                        bae2a0bba734f2b12a526e54f9128b4efa511996

                                        SHA256

                                        2d646219dd12b84ec2f3f053e12e02ba5ac678f9855b3f6d36f0bd4761556515

                                        SHA512

                                        f39ca67ce6dfaa8493bf7c3acc66380046e46e7917dde70db4cc24cb74f83c099db4a0dac1a7adfe03d36812f577d175e4740882efb08aed9db8f8525f1a950e

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
                                        Filesize

                                        1.6MB

                                        MD5

                                        b49d269a231bcf719d6de10f6dcf0692

                                        SHA1

                                        5de6eb9c7091df08529692650224d89cae8695c3

                                        SHA256

                                        bde514014b95c447301d9060a221efb439c3c1f5db53415f080d4419db75b27e

                                        SHA512

                                        8f7c76f9c8f422e80ade13ed60f9d1fabd66fef447018a19f0398f4501c0ecc9cc2c9af3cc4f55d56df8c460a755d70699634c96093885780fc2114449784b5f

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\nss9906.tmp\NSISdl.dll
                                        Filesize

                                        15KB

                                        MD5

                                        ee68463fed225c5c98d800bdbd205598

                                        SHA1

                                        306364af624de3028e2078c4d8c234fa497bd723

                                        SHA256

                                        419485a096bc7d95f872ed1b9b7b5c537231183d710363beee4d235bb79dbe04

                                        SHA512

                                        b14fb74cb76b8f4e80fdd75b44adac3605883e2dcdb06b870811759d82fa2ec732cd63301f20a2168d7ad74510f62572818f90038f5116fe19c899eba68a5107

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\nss9906.tmp\StartMenu.dll
                                        Filesize

                                        7KB

                                        MD5

                                        d070f3275df715bf3708beff2c6c307d

                                        SHA1

                                        93d3725801e07303e9727c4369e19fd139e69023

                                        SHA256

                                        42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7

                                        SHA512

                                        fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\nss9906.tmp\System.dll
                                        Filesize

                                        12KB

                                        MD5

                                        cff85c549d536f651d4fb8387f1976f2

                                        SHA1

                                        d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

                                        SHA256

                                        8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

                                        SHA512

                                        531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\nss9906.tmp\modern-wizard.bmp
                                        Filesize

                                        25KB

                                        MD5

                                        cbe40fd2b1ec96daedc65da172d90022

                                        SHA1

                                        366c216220aa4329dff6c485fd0e9b0f4f0a7944

                                        SHA256

                                        3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

                                        SHA512

                                        62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\nss9906.tmp\nsDialogs.dll
                                        Filesize

                                        9KB

                                        MD5

                                        6c3f8c94d0727894d706940a8a980543

                                        SHA1

                                        0d1bcad901be377f38d579aafc0c41c0ef8dcefd

                                        SHA256

                                        56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

                                        SHA512

                                        2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\nss9906.tmp\nsis_tauri_utils.dll
                                        Filesize

                                        29KB

                                        MD5

                                        c5bd51b72a0de24a183585da36a160c7

                                        SHA1

                                        f99a50209a345185a84d34d0e5f66d04c75ff52f

                                        SHA256

                                        5ef1f010f9a8be4ffe0913616f6c54acf403ee0b83d994821ae4b6716ec1d266

                                        SHA512

                                        1349027b08c7f82e17f572e035f224a46f33f0a410526cf471b22a74b7904b54d1befb5ea7f23c90079605d4663f1207b8c81a45e218801533d48b6602a93dbc

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Crashpad\settings.dat
                                        Filesize

                                        280B

                                        MD5

                                        f911c141c62c485ef538d41ba252df49

                                        SHA1

                                        306588979a505c75c9a1b7e22bd78de43e09d167

                                        SHA256

                                        edc8c2cf8f55bbb430f3c6d177469f6237e832ec8b9043e69f5d1471210eb099

                                        SHA512

                                        280797e6d5dadfe32cf704afd35e372756c6144d2318ec32f772890442d89d4f12a0953fdd609b8aaf0dc1d04aaaa864ede180c8e59a9ca83e53f274ea4c3322

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Crashpad\settings.dat
                                        Filesize

                                        280B

                                        MD5

                                        330708be873f9faba0bc5f5d4d793b2d

                                        SHA1

                                        e4a1e291035020370695f190764e0dcfcd28647a

                                        SHA256

                                        f1e0633f66c562b705dee4c262d71b6741d6331f1c7fda1a0d2471c8b28058bc

                                        SHA512

                                        1cb42a89ef599c8b4025059b5c7907a95ede019a668c45e80d9fb3b956ac5a8b65c0b57f6ce3dfe1a0b9b2d0b67862c449bd3c1ebe2529e6778cc81aaf767d04

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                                        Filesize

                                        48B

                                        MD5

                                        9cfd9e1abe2524722f0d9992a3054a25

                                        SHA1

                                        cfbb4278c29bf1621c9f08108288a9081f2e24e2

                                        SHA256

                                        909a4b96376d67841a72a49027d4cebabaecaae580e88f659b2b528504890e9f

                                        SHA512

                                        51d6ec2f48a965ebe4c2fcaae2ca462881a78746da6bc77dc95d9561ad8951119a8a27ead2ad1a0aee0e5cef90790b6b6742a0f0acfb46611aeba1a61799e05e

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                                        Filesize

                                        72B

                                        MD5

                                        d1ea3ef04f4ecbb1ca9bcba0b4b813b3

                                        SHA1

                                        f74a01b3abacd3031d84ea4261a43f4697a3e546

                                        SHA256

                                        961f9dbec86c8c30fc9a1aefac965d4476e1f8d77349dd8fdf10605beb363d1c

                                        SHA512

                                        d78602672ff0cf28fc875e64d8b1f0550cb3b9674aaf0e661ba666de12ae40537e025e789cf723ef2aed33884654ca3f5f6c03632b06d74aa8e41d04ea197a94

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                                        Filesize

                                        96B

                                        MD5

                                        4c04f00c012a0ff3ed3cefdcdff255c2

                                        SHA1

                                        f2ade30a31a79cf80060a5942060060f5e6329b5

                                        SHA256

                                        1272a6d884a4e2254cd3d716f631b4050b936ad3d12ae2a3affe2d0073515e68

                                        SHA512

                                        ee6f3857cebb82dc328c165602240d7d92fafe5223803c10d00c7065eabf34c0dff9368a9567ff6cb894ac3441353bbc9cc5cfc9ab0374c5f5405a4bdaa55603

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Extension Rules\CURRENT
                                        Filesize

                                        16B

                                        MD5

                                        46295cac801e5d4857d09837238a6394

                                        SHA1

                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                        SHA256

                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                        SHA512

                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Network\Network Persistent State
                                        Filesize

                                        812B

                                        MD5

                                        a029a759da491178b98360e2ac9d45ad

                                        SHA1

                                        2d256f0e1f77b2669f5bf5ab8f15d1e55cbc6324

                                        SHA256

                                        ba27805e827a719757cfa04696d1e5b610858f40149d73018c4dad16bfd2d511

                                        SHA512

                                        1db62b0c850ec02f9ab37147d86801dd8139845b0b4eac284abda352124c5de229b5ac08163c88b316e2d1ec9a7a788b4201743dade16ff52c47b07cc6990afe

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Network\SCT Auditing Pending Reports
                                        Filesize

                                        2B

                                        MD5

                                        d751713988987e9331980363e24189ce

                                        SHA1

                                        97d170e1550eee4afc0af065b78cda302a97674c

                                        SHA256

                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                        SHA512

                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Preferences
                                        Filesize

                                        6KB

                                        MD5

                                        71057bee0b0e7fcddd799240fa2231eb

                                        SHA1

                                        a687d7d8867122d281e783f3a579ed133812be61

                                        SHA256

                                        7bb0812991574461b558d55773405ba7cb3008801b5d7b66510089fbf321e5c7

                                        SHA512

                                        c59b55ec32255f827c91990f0fada11b60cebb3f322a940e293b5f1d37dbbf010170972c914cb2e4d60b3df0ba52487a1de700d934080b58295e3a63b635500e

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001
                                        Filesize

                                        41B

                                        MD5

                                        5af87dfd673ba2115e2fcf5cfdb727ab

                                        SHA1

                                        d5b5bbf396dc291274584ef71f444f420b6056f1

                                        SHA256

                                        f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                        SHA512

                                        de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\GrShaderCache\data_0
                                        Filesize

                                        44KB

                                        MD5

                                        9748da19b8ffe3e836c61c707573ab10

                                        SHA1

                                        fd362c088fc2d02a0845026e6034afbc3e0f84f2

                                        SHA256

                                        4e0fb710ac9b6e5f62ba2e55ad5eb8d9c3d568351718040794b457d51609bea2

                                        SHA512

                                        f4d0315b77195d37a6a84fc74c67aeb4cfd42132db81b27ea8d1b2223175d15469cda77d36ce28e2ae5f13da4bc3fa7238fb9b4fcb057268fd0396b702305f2a

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\GrShaderCache\data_1
                                        Filesize

                                        264KB

                                        MD5

                                        62a965fc520343d6af95ab81a7f16d94

                                        SHA1

                                        5ddbd8b9a62340980e45b450b23704095a017621

                                        SHA256

                                        a526bd57433ca7d5ffd82793abba85467ffa9b40e1d5e465f867755051972836

                                        SHA512

                                        90e82bdc8d8cdcfafc26c96aba369c73ef6ac865a7c3ee6454a7697f5fd28215e7168873dba5178af8490ae0f05cb78c0290133f039fe345d5cb7b0016b9472b

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\GrShaderCache\data_2
                                        Filesize

                                        8KB

                                        MD5

                                        0962291d6d367570bee5454721c17e11

                                        SHA1

                                        59d10a893ef321a706a9255176761366115bedcb

                                        SHA256

                                        ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                        SHA512

                                        f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\GrShaderCache\data_3
                                        Filesize

                                        4.0MB

                                        MD5

                                        74a4abb0041e920de108471ec5d1509b

                                        SHA1

                                        3ef2cc2a06c73b3acf86bf2c6cdcad2b2705b9ef

                                        SHA256

                                        e96027c393bd32118816aae9c1b7bad0351358704622f73a3f94ab3563fcd246

                                        SHA512

                                        3160ad3d24bd8f2bc5ea5d0a5516dabed9003ca27cac24800bd0aed4748d40d0fb07e41a755e1f7463fc9299dbefad01c4a8b5c6b893b54e272a9c2ec375d6c1

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Local State
                                        Filesize

                                        4KB

                                        MD5

                                        f8fae43abc85fe7d507dc3d7adb98fde

                                        SHA1

                                        eabe64fb8a08febe79f73839d75e6fc862206636

                                        SHA256

                                        d1f9afab141110cb1a08b9c6d7902f7c94327713971df7b90fcf1356fb0eb40f

                                        SHA512

                                        9a5d6dddc37767229095011a7bff3034398bc0821e46fde4fe4929ac3de1bd49cce6cd2217858b78370d03ca42081fd88a2db66e2aa96b97008e2a51521acd5a

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Local State
                                        Filesize

                                        4KB

                                        MD5

                                        41a1d956538d9966ba4938a1cedee576

                                        SHA1

                                        4bdd1591c50a69aca5b07e5d5bac62d6f18ed194

                                        SHA256

                                        6631f02bdf129a469959ad26308b8ac4f06f95ad815bb0ee34a681d91f810338

                                        SHA512

                                        1515446cfbe8440659bb4f5ec641265252c4873a43bd52108bec4de3e5f3e084f1d138dabc131f867d89a8a2a6b134a4e702718526825c58386bd050aa375f44

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Local State
                                        Filesize

                                        2KB

                                        MD5

                                        b543fde720c30a2b2b7ed6a404398a19

                                        SHA1

                                        bd52ff474e786ba88b4074eb170db2444b665c5b

                                        SHA256

                                        9c53ce23ea32c659dc2debb9bec8713967af67a6df7a420db0d2fcc30d906cea

                                        SHA512

                                        0d2c1b9efd206ffe92bf2c0db8ebdc234c6242274b0cc8f889daa5cccffc9774d13fe02013869568e74602cc471651c941bb38f5c1b8d0da4796de15ecde7fda

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Local State
                                        Filesize

                                        3KB

                                        MD5

                                        38ec0d644346da30347e1113dc5dc11a

                                        SHA1

                                        7073f34a78d90aa15b10fc7f4610a54c9cf7058a

                                        SHA256

                                        2449c351d73339de6ad9bfd2b3537499ff255bb622dc16da01cee38f8e8c1761

                                        SHA512

                                        5bf5bd94016497fc1e6962ad4f70d1056086ec5422988656593e396ca1b75a3ddfaf53a8a343020b84e2171f391748eb7b0bc9c9ed01cc0e8c2a6d654b57304b

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Local State
                                        Filesize

                                        4KB

                                        MD5

                                        516052e34834171076662d160d5e4bd9

                                        SHA1

                                        86b607e3cc5728c7c9b957ebc0d467b8494f38d6

                                        SHA256

                                        b67bcc8e27d6c66282fc87d8fb4e5ab55ee80c35ea18c9786afa01d8484badb4

                                        SHA512

                                        e7b099eb7944f5ee693ff1d93b48d9468166baf11df937f54ff8958c787273dec689eac124a9bce3245335389d8174b81d5aace804589a3bdc4dec9d68825252

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Local State
                                        Filesize

                                        1KB

                                        MD5

                                        d59a5e1b2993e12c432cb8b085c0fe24

                                        SHA1

                                        f7996867c70b539c6ea81c4c829491c24b89058f

                                        SHA256

                                        19967f4ee65348ab2d6102160b95fbc01e5163700082e35f15bebb71eb57bcb9

                                        SHA512

                                        e3688251ece12ea647d4b63a5b725db904fe003c86e197cb69a9e42db331a20577e452d44427af5d22a81a66d6481d9a2938f6f3448113328369e4366ec91e3d

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Local State
                                        Filesize

                                        4KB

                                        MD5

                                        dbefbcaea7ef64868e39dab9ca515df4

                                        SHA1

                                        9840e96a9c5fc46516277969a6007467fbbe00ff

                                        SHA256

                                        3151b73b4878e8242820bae3b7018c5622ef22415efe6ae4efcb5061815cb542

                                        SHA512

                                        1e14df5ddbf499899901341b0cf140a4a27abee34b050ec75045993208c482f1da67186c13a004472851fe62cd9bab10f773a66526a63b0d72c9a988407231e0

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Local State~RFe595181.TMP
                                        Filesize

                                        1KB

                                        MD5

                                        82984b9bdeda395c4dcfb490d1166043

                                        SHA1

                                        0c06b47d670c5634074010c1ea3511be927a3d56

                                        SHA256

                                        de8c124e9f1824bc89fa7d2a885c406f63252069c150a73b967daa2e3cac1eba

                                        SHA512

                                        2532c6ee397b550e5c7fc034ba9570803b10fd3471ddebc494225ec8688d63a5d9e67d1188bb1343b60f4e8761ec37e2eec723fc04dd9708d462fb99fe1c71f0

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\ui\ui.exe
                                        Filesize

                                        15.5MB

                                        MD5

                                        adfd4e69b7a4de56648f836350c8d01b

                                        SHA1

                                        76c5b6cec70438d696d396163e44d66e3d9b3b28

                                        SHA256

                                        917a12d98c84b71b9b14786281b917943e94a7ac10e65ebb282b3165a93e8339

                                        SHA512

                                        11f731ce35b876d47465eff2a768d2e8ea381b1e59facf1707a00d3b5a4abb9518648191c1f5ae1f20d0cda78253fa4d575dc23135fad33270cafeb54f24a2a2

                                        Download Submit

                                      • memory/540-210-0x0000000000B40000-0x0000000000B75000-memory.dmp

                                        Filesize

                                        212KB

                                        Download

                                      • memory/540-211-0x0000000073890000-0x0000000073AB6000-memory.dmp

                                        Filesize

                                        2.1MB

                                        Download

                                      • memory/540-251-0x0000000073890000-0x0000000073AB6000-memory.dmp

                                        Filesize

                                        2.1MB

                                        Download

                                      • memory/540-388-0x00007FFD40030000-0x00007FFD40031000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/540-268-0x0000000000B40000-0x0000000000B75000-memory.dmp

                                        Filesize

                                        212KB

                                        Download

                                      • memory/1756-396-0x00007FFD3E740000-0x00007FFD3E741000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/1756-395-0x00007FFD40030000-0x00007FFD40031000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/1928-325-0x00007FFD40030000-0x00007FFD40031000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3988-1394-0x000002C194EF0000-0x000002C194EF1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3988-1401-0x000002C194EF0000-0x000002C194EF1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3988-1400-0x000002C194EF0000-0x000002C194EF1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3988-1399-0x000002C194EF0000-0x000002C194EF1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3988-1398-0x000002C194EF0000-0x000002C194EF1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3988-1402-0x000002C194EF0000-0x000002C194EF1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3988-1403-0x000002C194EF0000-0x000002C194EF1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3988-1404-0x000002C194EF0000-0x000002C194EF1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3988-1393-0x000002C194EF0000-0x000002C194EF1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3988-1392-0x000002C194EF0000-0x000002C194EF1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download