Overview

overview

8

Static

static

1

URLScan

urlscan

1

http://getwave.gg

windows10-2004-x64

8

Analysis

  • max time kernel
    1799s
  • max time network
    1178s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-06-2024 09:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://getwave.gg

Score
8/10
adwarediscoverypersistenceprivilege_escalationstealer

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs
    persistence
  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 49 IoCs
  • Loads dropped DLL 64 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks for any installed AV software in registry 1 TTPs 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Checks system information in the registry 2 TTPs 30 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 36 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 11 IoCs
  • Suspicious use of SendNotifyMessage 9 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 4 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://getwave.gg"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:372
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://getwave.gg
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4700
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.0.1442444933\1344846436" -parentBuildID 20230214051806 -prefsHandle 1740 -prefMapHandle 1732 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7c83f94-0613-4c36-9091-8c84dd77495c} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 1832 162d152dd58 gpu
        3⤵
          PID:692
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.1.1081426972\285388431" -parentBuildID 20230214051806 -prefsHandle 2420 -prefMapHandle 2408 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {955b8936-592f-403d-ba12-13ac77eb2b5f} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 2432 162bd28a558 socket
          3⤵
          • Checks processor information in registry
          PID:4248
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.2.1777758733\672244482" -childID 1 -isForBrowser -prefsHandle 2876 -prefMapHandle 2956 -prefsLen 23030 -prefMapSize 235121 -jsInitHandle 1116 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c5fd5dd-b623-45f8-9471-2f17fbee1431} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 2944 162d4550258 tab
          3⤵
            PID:880
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.3.215007079\1761928895" -childID 2 -isForBrowser -prefsHandle 3876 -prefMapHandle 3872 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1116 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41c15acd-0b7c-4dab-8288-805209f932f5} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 3888 162d6393858 tab
            3⤵
              PID:5020
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.4.1090697297\1362234069" -childID 3 -isForBrowser -prefsHandle 4940 -prefMapHandle 4956 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1116 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff8177b9-8968-42a2-81ce-5b416a284fd4} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 4964 162d774ca58 tab
              3⤵
                PID:3348
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.5.815357191\1512650061" -childID 4 -isForBrowser -prefsHandle 5260 -prefMapHandle 5256 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1116 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {416d786d-b593-4ae0-bc91-68c6e0e44fef} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 5268 162d8094758 tab
                3⤵
                  PID:1100
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.6.1117632552\1182601934" -childID 5 -isForBrowser -prefsHandle 4988 -prefMapHandle 3100 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1116 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff8e17bf-a089-408d-882b-a6ee925f1a27} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 5364 162d8095058 tab
                  3⤵
                    PID:3768
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.7.836769031\552916468" -childID 6 -isForBrowser -prefsHandle 5552 -prefMapHandle 5548 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1116 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fabcd944-d4df-493c-a290-49ada02fa68c} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 5384 162d8095358 tab
                    3⤵
                      PID:3628
                • C:\Windows\System32\rundll32.exe
                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                  1⤵
                    PID:5048
                  • C:\Users\Admin\Downloads\WaveInstaller.exe
                    "C:\Users\Admin\Downloads\WaveInstaller.exe"
                    1⤵
                    • Checks computer location settings
                    • Executes dropped EXE
                    • Suspicious use of AdjustPrivilegeToken
                    PID:648
                    • C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
                      "C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
                      2⤵
                      • Checks computer location settings
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of AdjustPrivilegeToken
                      PID:3056
                      • C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
                        "C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
                        3⤵
                        • Checks computer location settings
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Checks for any installed AV software in registry
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of FindShellTrayWindow
                        PID:3264
                        • C:\Users\Admin\AppData\Local\CefSharp\CefSharp.BrowserSubprocess.exe
                          "C:\Users\Admin\AppData\Local\CefSharp\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Local\CefSharp\locales" --resources-dir-path="C:\Users\Admin\AppData\Local\CefSharp" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CefSharp" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2052,i,15609741207777882255,1472398973480451673,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=2068 --mojo-platform-channel-handle=2032 /prefetch:2 --host-process-id=3264
                          4⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of AdjustPrivilegeToken
                          PID:4368
                        • C:\Users\Admin\AppData\Local\CefSharp\CefSharp.BrowserSubprocess.exe
                          "C:\Users\Admin\AppData\Local\CefSharp\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Local\CefSharp\locales" --resources-dir-path="C:\Users\Admin\AppData\Local\CefSharp" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CefSharp" --cefsharpexitsub --field-trial-handle=2608,i,15609741207777882255,1472398973480451673,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=2612 --mojo-platform-channel-handle=2604 /prefetch:3 --host-process-id=3264
                          4⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1232
                        • C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
                          "C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=3264
                          4⤵
                          • Executes dropped EXE
                          • Suspicious use of SetWindowsHookEx
                          PID:6044
                        • C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
                          "C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
                          4⤵
                          • Checks computer location settings
                          • Executes dropped EXE
                          • Modifies registry class
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of FindShellTrayWindow
                          • Suspicious use of SendNotifyMessage
                          • Suspicious use of SetWindowsHookEx
                          PID:4112
                          • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                            "C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe" /silent /install
                            5⤵
                            • Executes dropped EXE
                            • Drops file in Program Files directory
                            • Suspicious use of SetWindowsHookEx
                            PID:6824
                            • C:\Program Files (x86)\Microsoft\Temp\EUCDF5.tmp\MicrosoftEdgeUpdate.exe
                              "C:\Program Files (x86)\Microsoft\Temp\EUCDF5.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                              6⤵
                              • Event Triggered Execution: Image File Execution Options Injection
                              • Checks computer location settings
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Checks system information in the registry
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of SetWindowsHookEx
                              PID:4428
                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                7⤵
                                • Executes dropped EXE
                                • Loads dropped DLL
                                • Modifies registry class
                                • Suspicious use of SetWindowsHookEx
                                PID:7604
                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                7⤵
                                • Executes dropped EXE
                                • Loads dropped DLL
                                • Modifies registry class
                                • Suspicious use of SetWindowsHookEx
                                PID:7240
                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                  8⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Modifies registry class
                                  PID:2016
                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                  8⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Modifies registry class
                                  PID:7296
                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                  8⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Modifies registry class
                                  PID:7892
                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDYxMEZENTItNUZFRC00NkM3LTgyNTctRDY5NkIzNzRCQUU4fSIgdXNlcmlkPSJ7NzMzRDc4NzQtMUJDMy00MTFDLUI4RjEtNzNCRjQzQzU0ODI1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszNkFBRTVFOS1GMzNGLTQ1NjEtOUFEOC1FNUJFMzA5RUY1QjB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYyMjMxNDcyMDciIGluc3RhbGxfdGltZV9tcz0iNDI0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                7⤵
                                • Executes dropped EXE
                                • Loads dropped DLL
                                • Checks system information in the registry
                                • Suspicious use of SetWindowsHookEx
                                PID:7804
                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{4610FD52-5FED-46C7-8257-D696B374BAE8}" /silent
                                7⤵
                                • Executes dropped EXE
                                • Loads dropped DLL
                                • Suspicious use of SetWindowsHookEx
                                PID:7896
                        • C:\Users\Admin\AppData\Local\CefSharp\CefSharp.BrowserSubprocess.exe
                          "C:\Users\Admin\AppData\Local\CefSharp\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Local\CefSharp\locales" --resources-dir-path="C:\Users\Admin\AppData\Local\CefSharp" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CefSharp" --cefsharpexitsub --field-trial-handle=4444,i,15609741207777882255,1472398973480451673,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=4408 --mojo-platform-channel-handle=4440 /prefetch:8 --host-process-id=3264
                          4⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Suspicious behavior: EnumeratesProcesses
                          PID:8140
                        • C:\Users\Admin\AppData\Local\CefSharp\CefSharp.BrowserSubprocess.exe
                          "C:\Users\Admin\AppData\Local\CefSharp\CefSharp.BrowserSubprocess.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Local\CefSharp\locales" --resources-dir-path="C:\Users\Admin\AppData\Local\CefSharp" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CefSharp" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4408,i,15609741207777882255,1472398973480451673,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --enable-logging=handle --log-file=4520 --mojo-platform-channel-handle=4440 /prefetch:8 --host-process-id=3264
                          4⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Suspicious behavior: EnumeratesProcesses
                          PID:5712
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault1d120508h2062h439fh8583hb11c0ffdeb49
                    1⤵
                      PID:5740
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9135946f8,0x7ff913594708,0x7ff913594718
                        2⤵
                          PID:5756
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,15580567975853334028,9270909711885580135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
                          2⤵
                            PID:5992
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,15580567975853334028,9270909711885580135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:6000
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,15580567975853334028,9270909711885580135,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
                            2⤵
                              PID:6088
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:5644
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:5892
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
                                1⤵
                                  PID:5840
                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                  1⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Checks system information in the registry
                                  • Modifies data under HKEY_USERS
                                  PID:7776
                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDYxMEZENTItNUZFRC00NkM3LTgyNTctRDY5NkIzNzRCQUU4fSIgdXNlcmlkPSJ7NzMzRDc4NzQtMUJDMy00MTFDLUI4RjEtNzNCRjQzQzU0ODI1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFOUU5MEYzRi0zNDhBLTQ5RjMtQTU2NS1FNzJBMEU0MzExMzh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYyMjYzNTU5NzgiLz48L2FwcD48L3JlcXVlc3Q-
                                    2⤵
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    • Checks system information in the registry
                                    PID:7756
                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7CB52041-3C1D-44D3-B609-33480DC513CC}\MicrosoftEdge_X64_126.0.2592.81.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7CB52041-3C1D-44D3-B609-33480DC513CC}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                    2⤵
                                    • Executes dropped EXE
                                    PID:7616
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7CB52041-3C1D-44D3-B609-33480DC513CC}\EDGEMITMP_73312.tmp\setup.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7CB52041-3C1D-44D3-B609-33480DC513CC}\EDGEMITMP_73312.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7CB52041-3C1D-44D3-B609-33480DC513CC}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                      3⤵
                                      • Executes dropped EXE
                                      • Drops file in Program Files directory
                                      PID:7416
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7CB52041-3C1D-44D3-B609-33480DC513CC}\EDGEMITMP_73312.tmp\setup.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7CB52041-3C1D-44D3-B609-33480DC513CC}\EDGEMITMP_73312.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7CB52041-3C1D-44D3-B609-33480DC513CC}\EDGEMITMP_73312.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.81 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff74aabaa40,0x7ff74aabaa4c,0x7ff74aabaa58
                                        4⤵
                                        • Executes dropped EXE
                                        PID:7376
                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDYxMEZENTItNUZFRC00NkM3LTgyNTctRDY5NkIzNzRCQUU4fSIgdXNlcmlkPSJ7NzMzRDc4NzQtMUJDMy00MTFDLUI4RjEtNzNCRjQzQzU0ODI1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxMDMxQkQxQy1BMjRFLTQ0NTYtOTBDQi01MTZFNTgyODI2QkN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI2LjAuMjU5Mi44MSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjIzMTcxNzAyMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYyMzE3NDcwNTkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NDE2MTU3NTE5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xMTEwYmY2My1jNmNlLTQ3MTQtOTY5Yi1iMzAyOGI0NDFjNDc_UDE9MTcyMDM0NTU2MSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1uMW1lYzY1a3pFaUp3dTZUNXowRm1FQjhuUGxHd3ZSckVHdGVQY05RRkQycTRQZUJ4Q0JhUUh4TUhEMlF0bzdkdFRhJTJmUXpWd0FQVXE5RHJJMXdlUEtnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTczMDgyMTY4IiB0b3RhbD0iMTczMDgyMTY4IiBkb3dubG9hZF90aW1lX21zPSIxNjEzNiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY0MTYyODcxMDUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NDMyMTE3MTM1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2OTA0Mzc3MTI2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMTk1IiBkb3dubG9hZF90aW1lX21zPSIxODQ1MCIgZG93bmxvYWRlZD0iMTczMDgyMTY4IiB0b3RhbD0iMTczMDgyMTY4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0NzIyMyIvPjwvYXBwPjwvcmVxdWVzdD4
                                    2⤵
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    • Checks system information in the registry
                                    PID:2444
                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                  1⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Checks system information in the registry
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4056
                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                  1⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Checks system information in the registry
                                  • Modifies data under HKEY_USERS
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:6700
                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8241CF20-C335-4C48-AF74-BBC7E8826E84}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8241CF20-C335-4C48-AF74-BBC7E8826E84}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe" /update /sessionid "{89C64658-DBD2-4A20-BE1C-086970EC541F}"
                                    2⤵
                                    • Executes dropped EXE
                                    • Drops file in Program Files directory
                                    PID:6436
                                    • C:\Program Files (x86)\Microsoft\Temp\EU4FDE.tmp\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\Temp\EU4FDE.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{89C64658-DBD2-4A20-BE1C-086970EC541F}"
                                      3⤵
                                      • Event Triggered Execution: Image File Execution Options Injection
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • Checks system information in the registry
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:6600
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                        4⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • Modifies registry class
                                        PID:6596
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                        4⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • Modifies registry class
                                        PID:6532
                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                          5⤵
                                          • Executes dropped EXE
                                          • Modifies registry class
                                          PID:6508
                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                          5⤵
                                          • Executes dropped EXE
                                          • Modifies registry class
                                          PID:2256
                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                          5⤵
                                          • Executes dropped EXE
                                          • Modifies registry class
                                          PID:3820
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODlDNjQ2NTgtREJEMi00QTIwLUJFMUMtMDg2OTcwRUM1NDFGfSIgdXNlcmlkPSJ7NzMzRDc4NzQtMUJDMy00MTFDLUI4RjEtNzNCRjQzQzU0ODI1fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7MzBFNTcwQkItODQzNi00Mjc2LUIzRjItNzNGQTcyNEIwQTA5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg3LjQxIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNTIiIGluc3RhbGxkYXRldGltZT0iMTcxNTE4OTM4OSI-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTgzNjY1NzE1NyIvPjwvYXBwPjwvcmVxdWVzdD4
                                        4⤵
                                        • Executes dropped EXE
                                        • Checks system information in the registry
                                        PID:212
                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODlDNjQ2NTgtREJEMi00QTIwLUJFMUMtMDg2OTcwRUM1NDFGfSIgdXNlcmlkPSJ7NzMzRDc4NzQtMUJDMy00MTFDLUI4RjEtNzNCRjQzQzU0ODI1fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsxOUJBMzJGOS03QkJELTRDRkQtQkMxMC0xOTNDRjZEMEM4OUF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODcuNDEiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iSXNPbkludGVydmFsQ29tbWFuZHNBbGxvd2VkPS10YXJnZXRfZGV2IiBpbnN0YWxsYWdlPSI1MiI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTUwMTI0NzE2NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NTAxMjk3MTg5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5ODE2Mjc3Mzg0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNGFkOWNiNmUtODI0NS00ZTQ3LWIyOTgtMWZmNGIwNDI1NmUxP1AxPTE3MjAzNDU4ODgmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9VDFyTmRlTmJWNERJY3M5elBGZ1hGdE9FSWVzSTZSVVpJcEVYdlVmViUyYjB3YVg4ZERweTE1aGpxajhLQndZVXBRVHZxUU5PZ2hEcVV2eGJwWWZYS3l3USUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk4MTYzNDcyODEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzRhZDljYjZlLTgyNDUtNGU0Ny1iMjk4LTFmZjRiMDQyNTZlMT9QMT0xNzIwMzQ1ODg4JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVQxck5kZU5iVjRESWNzOXpQRmdYRnRPRUllc0k2UlVaSXBFWHZVZlYlMmIwd2FYOGREcHkxNWhqcWo4S0J3WVVwUVR2cVFOT2doRHFVdnhicFlmWEt5d1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjM0Mzc2IiB0b3RhbD0iMTYzNDM3NiIgZG93bmxvYWRfdGltZV9tcz0iMjcyMDkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTgxNjQzNzUzMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5ODIxNjc3MjY4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iNTMiIHJkPSI2MzM3IiBwaW5nX2ZyZXNobmVzcz0iezFCRkI3MjdCLUYzOTMtNEUxNC05OTY2LTk0QjMyODQ0NjI4OH0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iNTIiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzU5NjQyMjAwMjg1OTE0MCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9IjUzIiByPSI1MyIgYWQ9IjYzMzciIHJkPSI2MzM3IiBwaW5nX2ZyZXNobmVzcz0ie0JEMDFCOEUzLTM3RTItNDYzQS04OUMzLTI4MEM5MTE0NjM3NX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI2LjAuMjU5Mi44MSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2Mzg0Ij48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7ODg4MkU3QUUtNjIxNS00RDMzLUE4QTItODdGMzlERUFDNUNEfSIvPjwvYXBwPjwvcmVxdWVzdD4
                                    2⤵
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    • Checks system information in the registry
                                    PID:6452
                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                  1⤵
                                  • Executes dropped EXE
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:7908
                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                  1⤵
                                  • Executes dropped EXE
                                  • Checks system information in the registry
                                  • Modifies data under HKEY_USERS
                                  PID:7924
                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTA0NDgzQ0EtNzY3RC00NEMwLUE5NzgtOUZGMDJCQ0ZGNDAxfSIgdXNlcmlkPSJ7NzMzRDc4NzQtMUJDMy00MTFDLUI4RjEtNzNCRjQzQzU0ODI1fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MkQxQzM5REEtRTUwQi00Mzg2LUFBRkMtQTRDNkZEQjk1OTAwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O2hWZkRqTWRGRzZGZ0tzME56NmVtcllDU2c2VFF2RFBvbW9sUmF5UVhCSzQ9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI1MiIgaW5zdGFsbGRhdGV0aW1lPSIxNzE1MTY1MjIxIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNTk2Mzc4MTA1ODc5MTE5Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjExNDMyNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI4MzA3NTcyMjEiLz48L2FwcD48L3JlcXVlc3Q-
                                    2⤵
                                    • Executes dropped EXE
                                    • Checks system information in the registry
                                    PID:3640
                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3206F783-6C7E-4FC4-8897-EC10228C53BF}\BGAUpdate.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3206F783-6C7E-4FC4-8897-EC10228C53BF}\BGAUpdate.exe" --edgeupdate-client --system-level
                                    2⤵
                                    • Executes dropped EXE
                                    • Adds Run key to start application
                                    PID:2136
                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTA0NDgzQ0EtNzY3RC00NEMwLUE5NzgtOUZGMDJCQ0ZGNDAxfSIgdXNlcmlkPSJ7NzMzRDc4NzQtMUJDMy00MTFDLUI4RjEtNzNCRjQzQzU0ODI1fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntDNzEzMDM2QS1EOUQ1LTQ4NEEtQURCRi04NzFEQTdFMTJGQzd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7MUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMi4wLjAuMzQiIGxhbmc9IiIgYnJhbmQ9IkVVRkkiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjg0NDM5NzA0MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyODQ0NTY3MTQ2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMzU5NDQ3MDM2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNWYxOTU2MTItMzg0YS00OGVhLTg0MDgtYjRlZGU5ZGM1NmJiP1AxPTE3MjAzNDYyMjMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9SnBRTnN4cGNDb0NKZER4QzhnZnFkOHF2TDFZUUVyUUh1TkNMeFNJUGlnYk5aUlU4dW5VWHUzMmJVMEN5NVloU25HZzluN0xuVXdBMnRkaVZ6dSUyYlljUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIyIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTMzNTk0NTcwMzgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzVmMTk1NjEyLTM4NGEtNDhlYS04NDA4LWI0ZWRlOWRjNTZiYj9QMT0xNzIwMzQ2MjIzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUpwUU5zeHBjQ29DSmREeEM4Z2ZxZDhxdkwxWVFFclFIdU5DTHhTSVBpZ2JOWlJVOHVuVVh1MzJiVTBDeTVZaFNuR2c5bjdMblV3QTJ0ZGlWenUlMmJZY1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxODA0NDQ0OCIgdG90YWw9IjE4MDQ0NDQ4IiBkb3dubG9hZF90aW1lX21zPSI0Njk2MyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMzU5NDk3MTAyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTMzNjU2MjcwNDYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzM2NzI5NzIxNCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijk1MCIgZG93bmxvYWRfdGltZV9tcz0iNTE0NjEiIGRvd25sb2FkZWQ9IjE4MDQ0NDQ4IiB0b3RhbD0iMTgwNDQ0NDgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjE2MiIvPjwvYXBwPjwvcmVxdWVzdD4
                                    2⤵
                                    • Executes dropped EXE
                                    • Checks system information in the registry
                                    PID:3256
                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                  1⤵
                                  • Executes dropped EXE
                                  • Checks system information in the registry
                                  • Modifies data under HKEY_USERS
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:5972
                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A3C9E7F2-FCF3-4766-9477-4D49C460E5EA}\MicrosoftEdge_X64_126.0.2592.81.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A3C9E7F2-FCF3-4766-9477-4D49C460E5EA}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                    2⤵
                                    • Executes dropped EXE
                                    PID:6808
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A3C9E7F2-FCF3-4766-9477-4D49C460E5EA}\EDGEMITMP_706D0.tmp\setup.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A3C9E7F2-FCF3-4766-9477-4D49C460E5EA}\EDGEMITMP_706D0.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A3C9E7F2-FCF3-4766-9477-4D49C460E5EA}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                      3⤵
                                      • Boot or Logon Autostart Execution: Active Setup
                                      • Executes dropped EXE
                                      • Installs/modifies Browser Helper Object
                                      • Drops file in Program Files directory
                                      • Modifies Internet Explorer settings
                                      • Modifies registry class
                                      • System policy modification
                                      PID:7764
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A3C9E7F2-FCF3-4766-9477-4D49C460E5EA}\EDGEMITMP_706D0.tmp\setup.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A3C9E7F2-FCF3-4766-9477-4D49C460E5EA}\EDGEMITMP_706D0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A3C9E7F2-FCF3-4766-9477-4D49C460E5EA}\EDGEMITMP_706D0.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.81 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7b68baa40,0x7ff7b68baa4c,0x7ff7b68baa58
                                        4⤵
                                        • Executes dropped EXE
                                        PID:1728
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A3C9E7F2-FCF3-4766-9477-4D49C460E5EA}\EDGEMITMP_706D0.tmp\setup.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A3C9E7F2-FCF3-4766-9477-4D49C460E5EA}\EDGEMITMP_706D0.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
                                        4⤵
                                        • Executes dropped EXE
                                        • Drops file in System32 directory
                                        • Drops file in Program Files directory
                                        • Modifies data under HKEY_USERS
                                        PID:1740
                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A3C9E7F2-FCF3-4766-9477-4D49C460E5EA}\EDGEMITMP_706D0.tmp\setup.exe
                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A3C9E7F2-FCF3-4766-9477-4D49C460E5EA}\EDGEMITMP_706D0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A3C9E7F2-FCF3-4766-9477-4D49C460E5EA}\EDGEMITMP_706D0.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.81 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7b68baa40,0x7ff7b68baa4c,0x7ff7b68baa58
                                          5⤵
                                          • Executes dropped EXE
                                          • Drops file in Program Files directory
                                          PID:6464
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
                                        4⤵
                                        • Executes dropped EXE
                                        • Drops file in Program Files directory
                                        PID:7772
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.81\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.81 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff6afeaaa40,0x7ff6afeaaa4c,0x7ff6afeaaa58
                                          5⤵
                                          • Executes dropped EXE
                                          • Drops file in Program Files directory
                                          PID:7620
                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDY3QzAzQkYtQzQ1Qy00QkMzLUFGOUMtRkE1NDZBOEFCMjQ2fSIgdXNlcmlkPSJ7NzMzRDc4NzQtMUJDMy00MTFDLUI4RjEtNzNCRjQzQzU0ODI1fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins2NzMxODhFOC00MERBLTQ5QTctODUwMS02NzQzMDhBMDVEMjZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7aFZmRGpNZEZHNkZnS3MwTno2ZW1yWUNTZzZUUXZEUG9tb2xSYXlRWEJLND0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4Ny40MSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJJc09uSW50ZXJ2YWxDb21tYW5kc0FsbG93ZWQ9LXRhcmdldF9kZXY7UHJvZHVjdHNUb1JlZ2lzdGVyPSU3QjFGQUI4Q0ZFLTk4NjAtNDE1Qy1BNkNBLUFBN0QxMjAyMTk0MCU3RCIgaW5zdGFsbGFnZT0iNTIiIGNvaG9ydD0icnJmQDAuNTMiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjYzOTAiIHBpbmdfZnJlc2huZXNzPSJ7NkIyQkNEMDQtOTUwMC00MTg5LUIxOEYtQjA1QTVENDY4RjBCfSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5Mi4wLjkwMi42NyIgbmV4dHZlcnNpb249IjEyNi4wLjI1OTIuODEiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iNTIiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1OTY0MjIwMDI4NTkxNDAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNTQ4NTI3MjEyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNTQ4NTY3MjI2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNTc4Nzg3MTQ1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNTkzOTk3MjYwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzk4NTk4NzI2NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjE0NTciIGRvd25sb2FkZWQ9IjE3MzA4MjE2OCIgdG90YWw9IjE3MzA4MjE2OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjIiIGluc3RhbGxfdGltZV9tcz0iMzkxOTYiLz48cGluZyBhY3RpdmU9IjAiIHJkPSI2MzkwIiBwaW5nX2ZyZXNobmVzcz0iezQ0QzdBRjdGLUExQzEtNEVEMi1BQUJBLTU2N0ZBQzMyMTc0Q30iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI2LjAuMjU5Mi44MSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2Mzg0IiBjb2hvcnQ9InJyZkAwLjQ0Ij48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2MzkwIiBwaW5nX2ZyZXNobmVzcz0ie0E3MUE1MkY0LTQ2MjYtNDhGQi1CRTkxLTQ4REZGRENCREUyQ30iLz48L2FwcD48L3JlcXVlc3Q-
                                    2⤵
                                    • Executes dropped EXE
                                    • Checks system information in the registry
                                    PID:6384

                                Network

                                MITRE ATT&CK Matrix ATT&CK v13

                                Initial Access

                                Execution

                                Persistence

                                Boot or Logon Autostart Execution

                                2
                                T1547

                                Registry Run Keys / Startup Folder

                                1
                                T1547.001

                                Active Setup

                                1
                                T1547.014

                                Event Triggered Execution

                                2
                                T1546

                                Image File Execution Options Injection

                                1
                                T1546.012

                                Component Object Model Hijacking

                                1
                                T1546.015

                                Browser Extensions

                                1
                                T1176

                                Privilege Escalation

                                Boot or Logon Autostart Execution

                                2
                                T1547

                                Registry Run Keys / Startup Folder

                                1
                                T1547.001

                                Active Setup

                                1
                                T1547.014

                                Event Triggered Execution

                                2
                                T1546

                                Image File Execution Options Injection

                                1
                                T1546.012

                                Component Object Model Hijacking

                                1
                                T1546.015

                                Defense Evasion

                                Modify Registry

                                5
                                T1112

                                Credential Access

                                Discovery

                                Query Registry

                                5
                                T1012

                                System Information Discovery

                                4
                                T1082

                                Software Discovery

                                1
                                T1518

                                Security Software Discovery

                                1
                                T1518.001

                                Lateral Movement

                                Collection

                                Exfiltration

                                Command and Control

                                Web Service

                                1
                                T1102

                                Impact

                                Resource Development

                                Reconnaissance

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Installer\setup.exe
                                  Filesize

                                  6.5MB

                                  MD5

                                  7c44a5cba89f38d967b1f4e11225da0f

                                  SHA1

                                  44837f2ff9b3ebc7c371ee5f9e0cd5dcaad508dd

                                  SHA256

                                  a10c3e0b2ec1286bfe6b3fe9005a9132fad01be9afc4bdd5adb29f174b8fb706

                                  SHA512

                                  25b4cae7fc6d200dab70e94461b7f2e7899813975cab498fb367a32aa2e187fb7b1330545b60f6340d53fe5e04a1ecfb5d6b8bf004ac26ecaa7a8f6e387dfe99

                                  Download Submit
                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe
                                  Filesize

                                  17.2MB

                                  MD5

                                  3f208f4e0dacb8661d7659d2a030f36e

                                  SHA1

                                  07fe69fd12637b63f6ae44e60fdf80e5e3e933ff

                                  SHA256

                                  d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b

                                  SHA512

                                  6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740

                                  Download Submit
                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.41\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
                                  Filesize

                                  1.6MB

                                  MD5

                                  a9ad77a4111f44c157a1a37bb29fd2b9

                                  SHA1

                                  f1348bcbc950532ac2b48b18acd91533f3ac0be2

                                  SHA256

                                  200a59abdeb32cc4d2cec4079be205f18b5f45bae42acb7940151f9780569889

                                  SHA512

                                  68f58a15ef5ba5d49d8476bee4a488e9a721f703a645ddd29148915d555ca2eb451635c3b762e5a0f786d69bb5cba9bffac3eeee196f1ec7ad669e2d729fe898

                                  Download Submit
                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A3C9E7F2-FCF3-4766-9477-4D49C460E5EA}\EDGEMITMP_706D0.tmp\SETUP.EX_
                                  Filesize

                                  2.6MB

                                  MD5

                                  33efe1418d476ff5d8eaffa404072360

                                  SHA1

                                  0b24c3cf402737e23b509b7cd9c49761d2d6ea08

                                  SHA256

                                  caa9ce4d4a529b0a5e19c24a85cbe3bcd74b7d8bc5d3f946c909cf05deb16d10

                                  SHA512

                                  0438c9b819a695edc549ea19419fab9b6f152d3e457c8f59418d1bbc409a80ca4988d1b6797d9b4c47aa79761074f5f9c36d96d131b72a64b45cf3bfb4b80c0b

                                  Download Submit
                                • C:\Program Files (x86)\Microsoft\Temp\EUCDF5.tmp\MicrosoftEdgeUpdate.exe
                                  Filesize

                                  201KB

                                  MD5

                                  4dc57ab56e37cd05e81f0d8aaafc5179

                                  SHA1

                                  494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                  SHA256

                                  87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                  SHA512

                                  320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                  Download Submit
                                • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3264_352178025\LICENSE
                                  Filesize

                                  473B

                                  MD5

                                  f6719687bed7403612eaed0b191eb4a9

                                  SHA1

                                  dd03919750e45507743bd089a659e8efcefa7af1

                                  SHA256

                                  afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

                                  SHA512

                                  dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

                                  Download Submit
                                • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3264_352178025\manifest.json
                                  Filesize

                                  984B

                                  MD5

                                  0359d5b66d73a97ce5dc9f89ed84c458

                                  SHA1

                                  ce17e52eaac909dd63d16d93410de675d3e6ec0d

                                  SHA256

                                  beeab2f8d3833839399dde15ce9085c17b304445577d21333e883d6db6d0b755

                                  SHA512

                                  8fd94a098a4ab5c0fcd48c2cef2bb03328dd4d25c899bf5ed1ca561347d74a8aab8a214ba2d3180a86df72c52eb26987a44631d0ecd9edc84976c28d6c9dc16a

                                  Download Submit
                                • C:\Program Files\MsEdgeCrashpad\settings.dat
                                  Filesize

                                  280B

                                  MD5

                                  d7908688fedbdff145c99b19d55a423e

                                  SHA1

                                  97b20094d644613f0614c5a93ea9103932b48a9b

                                  SHA256

                                  2a901298613c8804808eb6583ea8df5c35df5ffbaec6471074d75f02c55ce103

                                  SHA512

                                  800d11b4e1e90640f41e042612bd75cf090f5ce18d588cabdf15abc90859e337e0b6ddbfc9b3e2405fcff31e7af5294a6c2d343cc636a74b994b62d718f4cff3

                                  Download Submit
                                • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                  Filesize

                                  108KB

                                  MD5

                                  530932ee867336d4471e3bc53580a728

                                  SHA1

                                  b7b70db6bb6b08348fc4c01446d618b5ca0714ff

                                  SHA256

                                  eb097be11e7715a9b8a9005b392361a21fc49bec5b6636b642c3fa4277173690

                                  SHA512

                                  efecbe3c65f779d94df6275d1a9e1e26e58f163bc559952cd344567fbaff02cee80f635f91c37f0c2bbbc0bec8305bda3946685584782244b0c1fdb1bcae36a4

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.dll
                                  Filesize

                                  4.3MB

                                  MD5

                                  6546ceb273f079342df5e828a60f551b

                                  SHA1

                                  ede41c27df51c39cd731797c340fcb8feda51ea3

                                  SHA256

                                  e440da74de73212d80da3f27661fcb9436d03d9e8dbbb44c9c148aaf38071ca5

                                  SHA512

                                  f0ea83bf836e93ff7b58582329a05ba183a25c92705fab36f576ec0c20cf687ce16a68e483698bda4215d441dec5916ffbdfa1763fb357e14ab5e0f1ffcaf824

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
                                  Filesize

                                  249KB

                                  MD5

                                  772c9fecbd0397f6cfb3d866cf3a5d7d

                                  SHA1

                                  6de3355d866d0627a756d0d4e29318e67650dacf

                                  SHA256

                                  2f88ea7e1183d320fb2b7483de2e860da13dc0c0caaf58f41a888528d78c809f

                                  SHA512

                                  82048bd6e50d38a863379a623b8cfda2d1553d8141923acf13f990c7245c833082523633eaa830362a12bfff300da61b3d8b3cccbe038ce2375fdfbd20dbca31

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.runtimeconfig.json
                                  Filesize

                                  372B

                                  MD5

                                  d94cf983fba9ab1bb8a6cb3ad4a48f50

                                  SHA1

                                  04855d8b7a76b7ec74633043ef9986d4500ca63c

                                  SHA256

                                  1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

                                  SHA512

                                  09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Modifications\ClientSettings\ClientAppSettings.json
                                  Filesize

                                  120B

                                  MD5

                                  636492f4af87f25c20bd34a731007d86

                                  SHA1

                                  22a5c237a739ab0df4ff87c9e3d79dbe0c89b56a

                                  SHA256

                                  22a1e85723295eeb854345be57f7d6fb56f02b232a95d69405bf9d9e67a0fa0d

                                  SHA512

                                  cd2e3a738f535eb1a119bd4c319555899bcd4ce1049d7f8591a1a68c26844f33c1bd1e171706533b5c36263ade5e275b55d40f5710e0210e010925969182cd0c

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\shimmer_lightTheme.png
                                  Filesize

                                  20KB

                                  MD5

                                  4f8f43c5d5c2895640ed4fdca39737d5

                                  SHA1

                                  fb46095bdfcab74d61e1171632c25f783ef495fa

                                  SHA256

                                  fc57f32c26087eef61b37850d60934eda1100ca8773f08e487191a74766053d1

                                  SHA512

                                  7aebc0f79b2b23a76fb41df8bab4411813ffb1abc5e2797810679c0eaa690e7af7561b8473405694bd967470be337417fa42e30f0318acbf171d8f31620a31aa

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\[email protected]
                                  Filesize

                                  71KB

                                  MD5

                                  3fec0191b36b9d9448a73ff1a937a1f7

                                  SHA1

                                  bee7d28204245e3088689ac08da18b43eae531ba

                                  SHA256

                                  1a03e6f6a0de045aa588544c392d671c040b82a5598b4246af04f5a74910dc89

                                  SHA512

                                  a8ab2bc2d937963af36d3255c6ea09cae6ab1599996450004bb18e8b8bdfbdde728821ac1662d8a0466680679011d8f366577b143766838fe91edf08a40353ce

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaDiscussions\buttonFill.png
                                  Filesize

                                  247B

                                  MD5

                                  81ce54dfd6605840a1bd2f9b0b3f807d

                                  SHA1

                                  4a3a4c05b9c14c305a8bb06c768abc4958ba2f1c

                                  SHA256

                                  0a6a5cafb4dee0d8c1d182ddec9f68ca0471d7fc820cf8dc2d68f27a35cd3386

                                  SHA512

                                  57069c8ac03dd0fdfd97e2844c19138800ff6f7d508c26e5bc400b30fe78baa0991cc39f0f86fa10cd5d12b6b11b0b09c1a770e5cb2fdca157c2c8986a09e5ff

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                  Filesize

                                  1.5MB

                                  MD5

                                  610b1b60dc8729bad759c92f82ee2804

                                  SHA1

                                  9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

                                  SHA256

                                  921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

                                  SHA512

                                  0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\configs\DateTimeLocaleConfigs\zh-hans.json
                                  Filesize

                                  2KB

                                  MD5

                                  fb6605abd624d1923aef5f2122b5ae58

                                  SHA1

                                  6e98c0a31fa39c781df33628b55568e095be7d71

                                  SHA256

                                  7b993133d329c46c0c437d985eead54432944d7b46db6ad6ea755505b8629d00

                                  SHA512

                                  97a14eda2010033265b379aa5553359293baf4988a4cdde8a40b0315e318a7b30feee7f5e14c68131e85610c00585d0c67e636999e3af9b5b2209e1a27a82223

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\configs\DateTimeLocaleConfigs\zh-tw.json
                                  Filesize

                                  2KB

                                  MD5

                                  702c9879f2289959ceaa91d3045f28aa

                                  SHA1

                                  775072f139acc8eafb219af355f60b2f57094276

                                  SHA256

                                  a92a6988175f9c1d073e4b54bf6a31f9b5d3652eebdf6a351fb5e12bda76cbd5

                                  SHA512

                                  815a6bef134c0db7a5926f0cf4b3f7702d71b0b2f13eca9539cd2fc5a61eea81b1884e4c4bc0b3398880589bff809ac8d5df833e7e4aeda4a1244e9a875d1e97

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\sounds\ouch.ogg
                                  Filesize

                                  6KB

                                  MD5

                                  9404c52d6f311da02d65d4320bfebb59

                                  SHA1

                                  0b5b5c2e7c631894953d5828fec06bdf6adba55f

                                  SHA256

                                  c9775e361392877d1d521d0450a5368ee92d37dc542bc5e514373c9d5003f317

                                  SHA512

                                  22aa1acbcdcf56f571170d9c32fd0d025c50936387203a7827dbb925f352d2bc082a8a79db61c2d1f1795ad979e93367c80205d9141b73d806ae08fa089837c4

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\textures\Cursors\KeyboardMouse\IBeamCursor.png
                                  Filesize

                                  292B

                                  MD5

                                  464c4983fa06ad6cf235ec6793de5f83

                                  SHA1

                                  8afeb666c8aee7290ab587a2bfb29fc3551669e8

                                  SHA256

                                  99fd7f104948c6ab002d1ec69ffd6c896c91f9accc499588df0980b4346ecbed

                                  SHA512

                                  f805f5f38535fe487b899486c8de6cf630114964e2c3ebc2af7152a82c6f6faef681b4d936a1867b5dff6566b688b5c01105074443cc2086b3fe71f7e6e404b1

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\Clear.png
                                  Filesize

                                  538B

                                  MD5

                                  fa8eaf9266c707e151bb20281b3c0988

                                  SHA1

                                  3ca097ad4cd097745d33d386cc2d626ece8cb969

                                  SHA256

                                  8cf08bf7e50fea7b38f59f162ed956346c55a714ed8a9a8b0a1ada7e18480bc2

                                  SHA512

                                  e29274300eab297c6de895bb39170f73f0a4ffa2a8c3732caeeeac16e2c25fb58bb401fdd5823cc62d9c413ec6c43d7c46861d7e14d52f8d9d8ff632e29f167c

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\textures\StudioUIEditor\valueBoxRoundedRectangle.png
                                  Filesize

                                  130B

                                  MD5

                                  521fb651c83453bf42d7432896040e5e

                                  SHA1

                                  8fdbf2cc2617b5b58aaa91b94b0bf755d951cad9

                                  SHA256

                                  630303ec4701779eaf86cc9fbf744b625becda53badc7271cbb6ddc56e638d70

                                  SHA512

                                  8fa0a50e52a3c7c53735c7dd7af275ebc9c1843f55bb30ebe0587a85955a8da94ff993822d233f7ed118b1070a7d67718b55ba4a597dc49ed2bf2a3836c696f6

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\textures\TerrainTools\checkbox_square.png
                                  Filesize

                                  985B

                                  MD5

                                  2cb16991a26dc803f43963bdc7571e3f

                                  SHA1

                                  12ad66a51b60eeaed199bc521800f7c763a3bc7b

                                  SHA256

                                  c7bae6d856f3bd9f00c122522eb3534d0d198a9473b6a379a5c3458181870646

                                  SHA512

                                  4c9467e5e2d83b778d0fb8b6fd97964f8d8126f07bfd50c5d68c256703f291ceaed56be057e8e2c591b2d2c49f6b7e099a2b7088d0bf5bdd901433459663b1f8

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\XboxController\Thumbstick1.png
                                  Filesize

                                  641B

                                  MD5

                                  2cbe38df9a03133ddf11a940c09b49cd

                                  SHA1

                                  6fb5c191ed8ce9495c66b90aaf53662bfe199846

                                  SHA256

                                  0835a661199a7d8df7249e8ae925987184efcc4fb85d9efac3cc2c1495020517

                                  SHA512

                                  dcef5baccef9fff632456fe7bc3c4f4a403363d9103a8047a55f4bd4c413d0c5f751a2e37385fe9eba7a420dbdb77ca2ff883d47fcdd35af222191cc5bd5c7a9

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\XboxController\[email protected]
                                  Filesize

                                  1KB

                                  MD5

                                  e8c88cf5c5ef7ae5ddee2d0e8376b32f

                                  SHA1

                                  77f2a5b11436d247d1acc3bac8edffc99c496839

                                  SHA256

                                  9607af14604a8e8eb1dec45d3eeca01fed33140c0ccc3e6ef8ca4a1f6219b5dd

                                  SHA512

                                  32f5a1e907705346a56fbddfe0d8841d05415ff7abe28ae9281ba46fedf8270b982be0090b72e2e32de0ce36e21934f80eaf508fd010f7ab132d39f5305fb68f

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\XboxController\[email protected]
                                  Filesize

                                  1KB

                                  MD5

                                  499333dae156bb4c9e9309a4842be4c8

                                  SHA1

                                  d18c4c36bdb297208589dc93715560acaf761c3a

                                  SHA256

                                  d35a74469f1436f114c27c730a5ec0793073bcf098db37f10158d562a3174591

                                  SHA512

                                  91c64173d2cdabc045c70e0538d45e1022cc74ec04989565b85f0f26fe3e788b700a0956a07a8c91d34c06fc1b7fad43bbdbb41b0c6f15b9881c3e46def8103e

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\XboxController\Thumbstick2.png
                                  Filesize

                                  738B

                                  MD5

                                  a402aacac8be906bcc07d50669d32061

                                  SHA1

                                  9d75c1afbe9fc482983978cae4c553aa32625640

                                  SHA256

                                  62a313b6cc9ffe7dd86bc9c4fcd7b8e8d1f14a15cdf41a53fb69af4ae3416102

                                  SHA512

                                  d11567bcaad8bbd9e2b9f497c3215102c7e7546caf425e93791502d3d2b3f78dec13609796fcd6e1e7f5c7d794bac074d00a74001e7fe943d63463b483877546

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\XboxController\[email protected]
                                  Filesize

                                  1KB

                                  MD5

                                  83e9b7823c0a5c4c67a603a734233dec

                                  SHA1

                                  2eaf04ad636bf71afdf73b004d17d366ac6d333e

                                  SHA256

                                  3b5e06eb1a89975def847101f700f0caa60fe0198f53e51974ef1608c6e1e067

                                  SHA512

                                  e8abb39a1ec340ac5c7d63137f607cd09eae0e885e4f73b84d8adad1b8f574155b92fbf2c9d3013f64ebbb6d55ead5419e7546b0f70dcde976d49e7440743b0f

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\XboxController\[email protected]
                                  Filesize

                                  1KB

                                  MD5

                                  55b64987636b9740ab1de7debd1f0b2f

                                  SHA1

                                  96f67222ce7d7748ec968e95a2f6495860f9d9c9

                                  SHA256

                                  f4a6bb3347ee3e603ea0b2f009bfa802103bc434ae3ff1db1f2043fa8cace8fc

                                  SHA512

                                  73a88a278747de3fefbaabb3ff90c1c0750c8d6c17746787f17061f4eff933620407336bf9b755f4222b0943b07d8c4d01de1815d42ea65e78e0daa7072591e9

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\CefSharp\CefSharp.BrowserSubprocess.Core.dll
                                  Filesize

                                  915KB

                                  MD5

                                  100c32f77e68a2ce962e1a28997567ea

                                  SHA1

                                  a80a1f4019b8d44df6b5833fb0c51b929fa79843

                                  SHA256

                                  c0b9e29b240d8328f2f9a29ca0298ca4d967a926f3174a3442c3730c00d5a926

                                  SHA512

                                  f95530ef439fa5c4e3bc02db249b6a76e9d56849816ead83c9cd9bcd49d3443ccb88651d829165c98a67af40b3ef02b922971114f29c5c735e662ca35c0fb6ed

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\CefSharp\CefSharp.BrowserSubprocess.exe
                                  Filesize

                                  7KB

                                  MD5

                                  516ff62b2e1f4642caa954c0968719e8

                                  SHA1

                                  e349d0ce82e2109dd0d18416d9cf46e8411b7f15

                                  SHA256

                                  19da58849cec5933860116e60a1e94b08e30d90e0f955768270b47998d612045

                                  SHA512

                                  7aa4a0c87b29c2a84f585a884d8208fc2352a43f2cdb549c100e3b121837ad5f8dadb1101f57d1d3fcb7ebec9d9f22e07dc14239b7d2e2d25793c999becf288b

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\CefSharp\CefSharp.dll
                                  Filesize

                                  272KB

                                  MD5

                                  9ca06a8f9e5f7239ca225ab810274023

                                  SHA1

                                  e1a219f567a7b7d3af9386df51b14c76e769c044

                                  SHA256

                                  5fd00ae3e83e6ca156647ff6df87b49ffc7cad47c23fe3ae07c067c5adf6f74a

                                  SHA512

                                  430c9bceed5439b987d5bd4840cfe32411ca61594f18597aca1948aa39a22c9d70beadf3bb9b1dd0373f81a94a25dcba17fa8e8c73abf06cba28d0971d5614c5

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\CefSharp\LocalPrefs.json
                                  Filesize

                                  643B

                                  MD5

                                  ef06fd929d986a19913b962c82e99e32

                                  SHA1

                                  3d8811fea3d0c7e3385df1656e7ca254109ecf37

                                  SHA256

                                  052796e400257ceb5108c72ab749fd4b1464eb4bdc2d48c9467b32f2b1dda2d7

                                  SHA512

                                  bc4eb990a2b9b2e3604038f9e91940a146efdaf77e86c0c549f433dbee4ed755ffb7136626c9ccfa2a9f056e162058011b78b74e7336b82943e71619551758ff

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\CefSharp\LocalPrefs.json
                                  Filesize

                                  755B

                                  MD5

                                  7ad0bcbf3a8a63ed1fb4bf09d58d49cf

                                  SHA1

                                  52a73fcb5115e3b8b94359186f6b761ab75b9c6a

                                  SHA256

                                  58d918c256b80a36acffee73b7ea9db2fdccf8d0e5cd8d1757c9e0635ac28da8

                                  SHA512

                                  d855b6954d910faa1bf7d038217ecf0748022b7bdcf493d343abf57c09e81e9911022a7ddb1732bb229b54b185564fee993727a9095f234aa79829c21873444f

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\CefSharp\LocalPrefs.json~RFe59c1fe.TMP
                                  Filesize

                                  434B

                                  MD5

                                  6dbf56f1598a8edfc66d4fe14cddd7d5

                                  SHA1

                                  d4d7f22d03f53a2fcca3f9b7567882c360789826

                                  SHA256

                                  d3950e8b7da2f5e0a74a32f34cdec6e820600d89ca5402e68e596455a4f8ff22

                                  SHA512

                                  f5ee57f3eb1914acb3eb1b7d7f92c9ae31bad952cb2158ede8758891b65414d72dafd4d9afcd41d29bc8368476c2972820b04e8586a56c210e3ca7adf2f847c3

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\CefSharp\ShaderCache\data_1
                                  Filesize

                                  264KB

                                  MD5

                                  d0d388f3865d0523e451d6ba0be34cc4

                                  SHA1

                                  8571c6a52aacc2747c048e3419e5657b74612995

                                  SHA256

                                  902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

                                  SHA512

                                  376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\CefSharp\chrome_100_percent.pak
                                  Filesize

                                  667KB

                                  MD5

                                  ae195e80859781a20414cf5faa52db06

                                  SHA1

                                  b18ecb5ec141415e3a210880e2b3d37470636485

                                  SHA256

                                  9957802c0792e621f76bbdb1c630fbad519922743b5d193294804164babda552

                                  SHA512

                                  c6fef84615fe20d1760ca496c98629feb4e533556724e9631d4282622748e7601225cf19dfb8351f4b540ae3f83785c1bcea6fe8c246cf70388e527654097c1c

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\CefSharp\chrome_200_percent.pak
                                  Filesize

                                  1.0MB

                                  MD5

                                  1abf6bad0c39d59e541f04162e744224

                                  SHA1

                                  db93c38253338a0b85e431bd4194d9e7bddb22c6

                                  SHA256

                                  01cb663a75f18bb2d0d800640a114f153a34bd8a5f2aa0ed7daa9b32967dc29e

                                  SHA512

                                  945d519221d626421094316f13b818766826b3bedddab0165c041540dddadc93136e32784c0562d26a420cb29479d04d2aa317b8d605cd242e5152bf05af197e

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\CefSharp\chrome_elf.dll
                                  Filesize

                                  1020KB

                                  MD5

                                  7191d97ce7886a1a93a013e90868db96

                                  SHA1

                                  52dd736cb589dd1def87130893d6b9449a6a36e3

                                  SHA256

                                  32f925f833aa59e3f05322549fc3c326ac6fc604358f4efbf94c59d5c08b8dc6

                                  SHA512

                                  38ebb62c34d466935eabb157197c7c364d4345f22aa3b2641b636196ca1aeaa2152ac75d613ff90817cb94825189612ddd12fb96df29469511a46a7d9620e724

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\CefSharp\icudtl.dat
                                  Filesize

                                  10.2MB

                                  MD5

                                  74bded81ce10a426df54da39cfa132ff

                                  SHA1

                                  eb26bcc7d24be42bd8cfbded53bd62d605989bbf

                                  SHA256

                                  7bf96c193befbf23514401f8f6568076450ade52dd1595b85e4dfcf3de5f6fb9

                                  SHA512

                                  bd7b7b52d31803b2d4b1fd8cb76481931ed8abb98d779b893d3965231177bdd33386461e1a820b384712013904da094e3cd15ee24a679ddc766132677a8be54a

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\CefSharp\libEGL.dll
                                  Filesize

                                  359KB

                                  MD5

                                  7dd6b0e4a31d35a0fae5ff425707073c

                                  SHA1

                                  fbd12e9f8e2252c52ce555c2ebbd7f07e62a0140

                                  SHA256

                                  8762d8001fc3ddd90e3129dfea172817e8d09b9936eaae391957de4326c8c906

                                  SHA512

                                  726968df6b83ab5f589276672250d92f532fe2dcea2176e42031a7f1dcecf578b0320cfe2a7d88bb9883ad99387d71c6ebf1e9968272bb5e62850ef09abd2648

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\CefSharp\libGLESv2.dll
                                  Filesize

                                  6.6MB

                                  MD5

                                  8803db5b167fb5a5f8a8c595c4e4d7c6

                                  SHA1

                                  7fde861151f3bea66c65b6c2487a30728048811a

                                  SHA256

                                  52a58d25a41f4bd31cdb4a0d306217862e04ebf7c1925cc85330054a5523d719

                                  SHA512

                                  2fa9a0eda221982896e41eb387b5e156198615ac1a1fbac0acffd13008919368b41a240df416c1fce2e48c20a14cd7af7cca9fba476ada5e64a0cadde84a44b7

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\CefSharp\locales\en-US.pak
                                  Filesize

                                  456KB

                                  MD5

                                  4430b1833d56bc8eb1f7dc82bb7f4bc9

                                  SHA1

                                  dc15e6306625f155683326e859d83f846153c547

                                  SHA256

                                  b44ddcfac9df4934007e6c55a3c7f5e7f14c7e5e29f35c81de917fc3b22aabbc

                                  SHA512

                                  faf93bf371b2a88c1b874a5e2c54e4487fd152ad19c2a406a46f55ae75ecd421a779888c2e4c170857b16bfb5d8744bc1815a4732ed50b064b3cbd0c5ffad889

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\CefSharp\resources.pak
                                  Filesize

                                  8.0MB

                                  MD5

                                  4933d92c99afa246fc59eef010d5c858

                                  SHA1

                                  98d443654e93c73dd317f9f847f71fba3d5b3135

                                  SHA256

                                  62f4674daa15245ee081920b8ee191e72f36ca8fe24f6b986a832f45676915b2

                                  SHA512

                                  a3a69523c8e7310716daeebc06c2ba4fce673eccd1958e824ff179b82f4502d0ec095190179bbb387342e4150f952ea7533182fb6ba90377d17dafba8f4da623

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\CefSharp\v8_context_snapshot.bin
                                  Filesize

                                  643KB

                                  MD5

                                  28477a60b4fbd51dfef5237245817690

                                  SHA1

                                  b0afd5ea9f9d550124f23c65bc7851ddeffc662f

                                  SHA256

                                  169ea86f544e5cdf2a460675f876a9abb7f56bbe122782e94bb03d624931fc12

                                  SHA512

                                  3520658583bb498d5032a7f7ae77195fd2e5f8ed03c6531e56dee8320d8701102a723766e59f7766ab223f837e65a6d85cf862bb2bef6d2755ce45e672a47b22

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\CefSharp\vk_swiftshader.dll
                                  Filesize

                                  4.4MB

                                  MD5

                                  0ec149455727ace9acc09b3ba2c3a2b2

                                  SHA1

                                  6eeb990876cef6a34115b67f3190255db589f723

                                  SHA256

                                  e2d8ef53897e864b5b66bc73606681c99461798a9f4c1e13ca5cef7bc774d7fd

                                  SHA512

                                  c8eaa598c9439b1f2375fdac1f58896853510bddbd640707b9142c0d3793836120b28d7c2bd0407f0d5656dd19f14b312f37b7ac0165c9cc8b4c1a0f2af62531

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Luau Language Server\server\index.js
                                  Filesize

                                  6.1MB

                                  MD5

                                  6b1cad741d0b6374435f7e1faa93b5e7

                                  SHA1

                                  7b1957e63c10f4422421245e4dc64074455fd62a

                                  SHA256

                                  6f17add2a8c8c2d9f592adb65d88e08558e25c15cedd82e3f013c8146b5d840f

                                  SHA512

                                  a662fc83536eff797b8d59e2fb4a2fb7cd903be8fc4137de8470b341312534326383bb3af58991628f15f93e3bdd57621622d9d9b634fb5e6e03d4aa06977253

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  87f7abeb82600e1e640b843ad50fe0a1

                                  SHA1

                                  045bbada3f23fc59941bf7d0210fb160cb78ae87

                                  SHA256

                                  b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

                                  SHA512

                                  ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  e1f8c8d88aca227b2cb14d44e72b2acf

                                  SHA1

                                  d262e31c60be7c35fbb92105e1be1503c473aabd

                                  SHA256

                                  4e798988fc5b98034948ed739373f667631a838832d85b7f799658ed53606a6a

                                  SHA512

                                  706c2f493bdf472d16d2ccf0939427e6a171a27d76072a4794c5d464fe5e104aef9ab60ab6964bc30bdb4187aac15da5358caad8365c4f807652c9f4e1bfb0eb

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  8KB

                                  MD5

                                  8e3094074a7c89e7ac0112274d9d74be

                                  SHA1

                                  fa002553342e734c893bf5ee4a066559a0f39a87

                                  SHA256

                                  a65cc5a14cbfcc156e66f6cad0574f721544bbbb78453dc6b688213de6d079e1

                                  SHA512

                                  2a1ed21e8f473417703a06bce1154a57d086c14b7cdf2c86dfa0c6b6c6c41c8269dd41608387ee7200db01824374c560f42fd40dca5e4299bbbe7af257227d8a

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\activity-stream.discovery_stream.json.tmp
                                  Filesize

                                  34KB

                                  MD5

                                  a27b14a4897393ac6955a4b84282c714

                                  SHA1

                                  e6c8afc3720df32c7b94da062036e4606eac05a5

                                  SHA256

                                  40b29af9a6a6a308e4b61b104b609a2e7ccf4785debeacfb76c68f672ae484d9

                                  SHA512

                                  ba4478e4a22236411883f8392b910d02a7ed378f1e40a46b2d4342ebbc832a88042cf0ba67883f25112b9ad50e8d0f4c53216d189932a39b059829c5f65ef47e

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Wave\CefSharp.Core.Runtime.dll
                                  Filesize

                                  1.3MB

                                  MD5

                                  09cba584aa0aae9fc600745567393ef6

                                  SHA1

                                  bbd1f93cb0db9cf9e01071b3bed1b4afd6e31279

                                  SHA256

                                  0babd84d4e7dc2713e7265d5ac25a3c28d412e705870cded6f5c7c550a5bf8d5

                                  SHA512

                                  5f914fa33a63a6d4b46f39c7279687f313728fd5f8437ec592369a2da3256ccff6f325f78ace0e6d3a2c37da1f681058556f7603da13c45b03f2808f779d2aa1

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
                                  Filesize

                                  939KB

                                  MD5

                                  258a9cae6024c91784bbd8aa5379e86f

                                  SHA1

                                  fe1a808ba23053413359a78d5ec096b2cd540dd5

                                  SHA256

                                  3881840473ec5286189d2fc8e85f0f26a2532890055d1653da9580aa31b2d0e5

                                  SHA512

                                  b621ef432b430d2df0443fa0ebdd59dc7de6b32375c2fc83e8474838843c4abcf4a35f2b5f80e78911fc52336d71812ca9fbc9919314ea3b59bd26036a4ea5a5

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
                                  Filesize

                                  7.5MB

                                  MD5

                                  7e09dde2226c18dde3c76471c01b3665

                                  SHA1

                                  94bb80704e14314331e007b942a64f423104644f

                                  SHA256

                                  4f9a703b0491de02519a343659f0a351f6ad09942cd82920995d5fa89e6571ae

                                  SHA512

                                  c61c911eb37c758f64ae9372eb4208210b6a964bb8604d3fcd3285805448b1801a91c519ed0294815f8167500654b423d19161a82c82f7935ec637c4038c93dc

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Wave\d3dcompiler_47.dll
                                  Filesize

                                  3.9MB

                                  MD5

                                  3b4647bcb9feb591c2c05d1a606ed988

                                  SHA1

                                  b42c59f96fb069fd49009dfd94550a7764e6c97c

                                  SHA256

                                  35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

                                  SHA512

                                  00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

                                  Download Submit
                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs-1.js
                                  Filesize

                                  7KB

                                  MD5

                                  4de78c1fd3bcdb5b12640a645180b794

                                  SHA1

                                  7414e0bcf8b27f105d6a32ae45ba09d612cb2dd4

                                  SHA256

                                  c6f34905c82f8e5df221de962ac7ecfc3ca250c3b84eb1091f538b0b1674a5ad

                                  SHA512

                                  d198942e8bb4d3b316b772b27de596f74c0c490f7d16f034721339fce6e3f6c754a1bbf115dba97ca9c6681ccf83b90edaf755f276edda072b8dde93d7cac975

                                  Download Submit
                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs-1.js
                                  Filesize

                                  7KB

                                  MD5

                                  83c2e1187a7967bec6c847a0b7de5369

                                  SHA1

                                  d61fc044814120710d6deaf4a7b4b0b2e8623583

                                  SHA256

                                  9e0fbab6c4e48c6e5753776bae1c4fb28c8b4a4f898fd45f87c9a4070cc266d9

                                  SHA512

                                  eef2e3480a251096d3c61ae1e3053cc26d325ed2943d860275c10b4292265e6856d0de276f2f4a84b868f338b77ad6f3090a2d56a7fdf23d90a6b72d83b2b84d

                                  Download Submit
                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
                                  Filesize

                                  112KB

                                  MD5

                                  c1e8d0b5947455c61c964c14c33fa069

                                  SHA1

                                  71efce3ced5082f42d7174c707206d31308dbb85

                                  SHA256

                                  35078efea293d23e7370128b5b9d5ce7a4669efbddac9232394e47627e29cbe2

                                  SHA512

                                  06f47c114072c5ac59f1c2f155fd7a0e5778c9496bd15a0e2e7b51954ebceb6ff183f83bb8c2fa7416a1e46ae2c344e287467b53df8326428f41f2c5d8e13ce4

                                  Download Submit
                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
                                  Filesize

                                  112KB

                                  MD5

                                  f8bbf6f153399831f556e97ffd4b1ca8

                                  SHA1

                                  93e42ce6e73b6d8252226b13e4313ed1746268c3

                                  SHA256

                                  d5d63e7ce85a35a8e2c802337129a92399053750bd54fda9850a0fb070149302

                                  SHA512

                                  e4f2b766aa6a66d9ad312bc293cfe5ce40ec55d222b221df0469933e3998ac6bb990aafd2ea314f280d6dfa9111a52135cb5bf87b204716fcde722d8f608827b

                                  Download Submit
                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore.jsonlz4
                                  Filesize

                                  111KB

                                  MD5

                                  b5edfa4edc86ba10236db7006bdef94c

                                  SHA1

                                  939b2964a4ab6c109f5e46028adaedb508066b8b

                                  SHA256

                                  04e56364245b45615a3189ac676dc6bea4ceb3d960eefa7c4b98126e2863e302

                                  SHA512

                                  7039040085480444b28eaf2a16206ff728744532ceb470325df72e399bcad658f3143cf7189b93329e93d8b2290bbe9cb8659325416043e33179a092f5f0e157

                                  Download Submit
                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                                  Filesize

                                  192KB

                                  MD5

                                  47291f5bffb17c1658b2811eee4df7be

                                  SHA1

                                  e030537635d7c86eb9fe73d9c7fc05f5c4165545

                                  SHA256

                                  1385c163850263d9c6806b1defd58aa25e00b04a0faf83446c25ec92ac761f31

                                  SHA512

                                  7582a960472b794ae598be82cf65857cb51b389ac657c20e394d041db7a46a1eae761a2530090f67ec0e4d90edf84a7139593bc846731130b14b44a13b8d4c2b

                                  Download Submit
                                • C:\Users\Admin\Downloads\WaveInstaller.DeZvm_RI.exe.part
                                  Filesize

                                  196KB

                                  MD5

                                  c496b19062efde2e19d08ec8e42145b3

                                  SHA1

                                  67a0df12e8a879003be53043ea2068e99509b9d9

                                  SHA256

                                  011bd3ec4086adf53f7845b85624587c15854033a9e983cd7c7b3c3043c521d2

                                  SHA512

                                  60243219483045db803f6d460c5e2f013b32b88b2aadbde6991301507452a9e4376ba6367ef735d059f77b5fb0c8916546a01f95d8199717914465755d0544d5

                                  Download Submit
                                • C:\Users\Admin\Downloads\WaveInstaller.exe
                                  Filesize

                                  1.5MB

                                  MD5

                                  c822ab5332b11c9185765b157d0b6e17

                                  SHA1

                                  7fe909d73a24ddd87171896079cceb8b03663ad4

                                  SHA256

                                  344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a

                                  SHA512

                                  a8612836fb4714b939d03f7fe08391bbc635ca83ab853fc677159e5db6b00f76b9b586bdae9c19d2406d9a2713d1caf614132cb6c14e1dddc6ac45e47f7e5a5d

                                  Download Submit
                                • \??\pipe\LOCAL\crashpad_5740_EOASKKHEPOMMEFYL
                                  MD5

                                  d41d8cd98f00b204e9800998ecf8427e

                                  SHA1

                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                  SHA256

                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                  SHA512

                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                  Download Submit
                                • memory/648-193-0x000000007444E000-0x000000007444F000-memory.dmp
                                  Filesize

                                  4KB

                                  Download
                                • memory/648-291-0x00000000093D0000-0x0000000009466000-memory.dmp
                                  Filesize

                                  600KB

                                  Download
                                • memory/648-517-0x0000000074440000-0x0000000074BF0000-memory.dmp
                                  Filesize

                                  7.7MB

                                  Download
                                • memory/648-124-0x00000000096D0000-0x0000000009708000-memory.dmp
                                  Filesize

                                  224KB

                                  Download
                                • memory/648-125-0x00000000096A0000-0x00000000096AE000-memory.dmp
                                  Filesize

                                  56KB

                                  Download
                                • memory/648-120-0x000000007444E000-0x000000007444F000-memory.dmp
                                  Filesize

                                  4KB

                                  Download
                                • memory/648-297-0x0000000009640000-0x000000000964A000-memory.dmp
                                  Filesize

                                  40KB

                                  Download
                                • memory/648-296-0x0000000009630000-0x000000000963A000-memory.dmp
                                  Filesize

                                  40KB

                                  Download
                                • memory/648-295-0x000000000A7E0000-0x000000000A852000-memory.dmp
                                  Filesize

                                  456KB

                                  Download
                                • memory/648-293-0x0000000009610000-0x0000000009618000-memory.dmp
                                  Filesize

                                  32KB

                                  Download
                                • memory/648-292-0x00000000095E0000-0x0000000009606000-memory.dmp
                                  Filesize

                                  152KB

                                  Download
                                • memory/648-121-0x0000000000400000-0x0000000000592000-memory.dmp
                                  Filesize

                                  1.6MB

                                  Download
                                • memory/648-123-0x0000000074440000-0x0000000074BF0000-memory.dmp
                                  Filesize

                                  7.7MB

                                  Download
                                • memory/648-122-0x0000000074440000-0x0000000074BF0000-memory.dmp
                                  Filesize

                                  7.7MB

                                  Download
                                • memory/648-204-0x0000000074440000-0x0000000074BF0000-memory.dmp
                                  Filesize

                                  7.7MB

                                  Download
                                • memory/648-203-0x0000000074440000-0x0000000074BF0000-memory.dmp
                                  Filesize

                                  7.7MB

                                  Download
                                • memory/648-198-0x0000000074440000-0x0000000074BF0000-memory.dmp
                                  Filesize

                                  7.7MB

                                  Download
                                • memory/648-126-0x0000000074440000-0x0000000074BF0000-memory.dmp
                                  Filesize

                                  7.7MB

                                  Download
                                • memory/3056-519-0x000000000A210000-0x000000000A21A000-memory.dmp
                                  Filesize

                                  40KB

                                  Download
                                • memory/3056-520-0x000000000A250000-0x000000000A258000-memory.dmp
                                  Filesize

                                  32KB

                                  Download
                                • memory/3056-518-0x000000000A1D0000-0x000000000A1E6000-memory.dmp
                                  Filesize

                                  88KB

                                  Download
                                • memory/3056-521-0x000000000A2B0000-0x000000000A2CE000-memory.dmp
                                  Filesize

                                  120KB

                                  Download
                                • memory/3056-514-0x00000000003A0000-0x0000000000490000-memory.dmp
                                  Filesize

                                  960KB

                                  Download
                                • memory/3056-515-0x00000000094A0000-0x00000000095A0000-memory.dmp
                                  Filesize

                                  1024KB

                                  Download
                                • memory/3264-537-0x0000000000A00000-0x000000000118C000-memory.dmp
                                  Filesize

                                  7.5MB

                                  Download
                                • memory/3264-612-0x000000000FB90000-0x000000000FBB2000-memory.dmp
                                  Filesize

                                  136KB

                                  Download
                                • memory/3264-606-0x000000000E9E0000-0x000000000EA92000-memory.dmp
                                  Filesize

                                  712KB

                                  Download
                                • memory/3264-548-0x0000000006DE0000-0x0000000006F3B000-memory.dmp
                                  Filesize

                                  1.4MB

                                  Download
                                • memory/3264-538-0x0000000006510000-0x000000000655A000-memory.dmp
                                  Filesize

                                  296KB

                                  Download
                                • memory/3264-539-0x0000000006680000-0x00000000066A4000-memory.dmp
                                  Filesize

                                  144KB

                                  Download
                                • memory/3264-540-0x0000000006A60000-0x0000000006B46000-memory.dmp
                                  Filesize

                                  920KB

                                  Download
                                • memory/3264-613-0x0000000010820000-0x0000000010B74000-memory.dmp
                                  Filesize

                                  3.3MB

                                  Download
                                • memory/4368-574-0x00000000053E0000-0x000000000542A000-memory.dmp
                                  Filesize

                                  296KB

                                  Download
                                • memory/4368-567-0x00000000052A0000-0x000000000538A000-memory.dmp
                                  Filesize

                                  936KB

                                  Download
                                • memory/4368-563-0x0000000000A50000-0x0000000000A58000-memory.dmp
                                  Filesize

                                  32KB

                                  Download
                                • memory/4428-7778-0x0000000000BD0000-0x0000000000C05000-memory.dmp
                                  Filesize

                                  212KB

                                  Download
                                • memory/4428-7668-0x000000005DAB0000-0x000000005DCC0000-memory.dmp
                                  Filesize

                                  2.1MB

                                  Download
                                • memory/4428-7667-0x0000000000BD0000-0x0000000000C05000-memory.dmp
                                  Filesize

                                  212KB

                                  Download
                                • memory/4428-7730-0x000000005DAB0000-0x000000005DCC0000-memory.dmp
                                  Filesize

                                  2.1MB

                                  Download
                                • memory/5712-7762-0x0000000009960000-0x0000000009961000-memory.dmp
                                  Filesize

                                  4KB

                                  Download
                                • memory/5712-7765-0x0000000009960000-0x0000000009961000-memory.dmp
                                  Filesize

                                  4KB

                                  Download
                                • memory/5712-7763-0x0000000009960000-0x0000000009961000-memory.dmp
                                  Filesize

                                  4KB

                                  Download
                                • memory/5712-7761-0x0000000009960000-0x0000000009961000-memory.dmp
                                  Filesize

                                  4KB

                                  Download
                                • memory/5712-7766-0x0000000009960000-0x0000000009961000-memory.dmp
                                  Filesize

                                  4KB

                                  Download
                                • memory/5712-7756-0x0000000009960000-0x0000000009961000-memory.dmp
                                  Filesize

                                  4KB

                                  Download
                                • memory/5712-7757-0x0000000009960000-0x0000000009961000-memory.dmp
                                  Filesize

                                  4KB

                                  Download
                                • memory/5712-7755-0x0000000009960000-0x0000000009961000-memory.dmp
                                  Filesize

                                  4KB

                                  Download
                                • memory/5712-7767-0x0000000009960000-0x0000000009961000-memory.dmp
                                  Filesize

                                  4KB

                                  Download
                                • memory/5712-7764-0x0000000009960000-0x0000000009961000-memory.dmp
                                  Filesize

                                  4KB

                                  Download
                                • memory/6600-7923-0x0000000001000000-0x0000000001035000-memory.dmp
                                  Filesize

                                  212KB

                                  Download