f2c3dd28530a832dc3091a735311e258b02c304e5ed8d3e5ac9e09bbcd562716

Analysis

max time kernel
1060s
max time network
1063s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
10/03/2024, 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

brainsense.exe
Size

2.0MB
MD5

a38d2cd45857238391bdbe34b1a9729c
SHA1

f87a12b7bcdf981909408b91ee25521604ca451f
SHA256

f2c3dd28530a832dc3091a735311e258b02c304e5ed8d3e5ac9e09bbcd562716
SHA512

ac0c91c12a63a376d6d6f93e744269341c71cdba07ecf337cecc04d3e95e1c3bab16190bdcc576b7bde34b116604e80fc0805277b43ea8fab4314499494fe218
SSDEEP

49152:wIqRZxAFaCBUuGSWiGTO5Bqgwgk+V8uD:cZ/OUuGSzjq

Score

8^/10

discovery evasion persistence trojan

Malware Config

Signatures

Downloads MZ/PE file

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Executes dropped EXE 21 IoCs

pid	Process
2552	RobloxPlayerInstaller.exe
5200	MicrosoftEdgeWebview2Setup.exe
3480	MicrosoftEdgeUpdate.exe
3016	MicrosoftEdgeUpdate.exe
1340	MicrosoftEdgeUpdate.exe
3720	MicrosoftEdgeUpdateComRegisterShell64.exe
4912	MicrosoftEdgeUpdateComRegisterShell64.exe
4224	MicrosoftEdgeUpdateComRegisterShell64.exe
4320	MicrosoftEdgeUpdate.exe
5640	MicrosoftEdgeUpdate.exe
5660	MicrosoftEdgeUpdate.exe
1832	MicrosoftEdgeUpdate.exe
5104	MicrosoftEdge_X64_122.0.2365.80.exe
5412	setup.exe
2288	setup.exe
1740	MicrosoftEdgeUpdate.exe
5344	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
3720	MicrosoftEdgeUpdate.exe
5988	MicrosoftEdgeUpdate.exe

Loads dropped DLL 23 IoCs

pid	Process
3480	MicrosoftEdgeUpdate.exe
3016	MicrosoftEdgeUpdate.exe
1340	MicrosoftEdgeUpdate.exe
3720	MicrosoftEdgeUpdateComRegisterShell64.exe
1340	MicrosoftEdgeUpdate.exe
4912	MicrosoftEdgeUpdateComRegisterShell64.exe
1340	MicrosoftEdgeUpdate.exe
4224	MicrosoftEdgeUpdateComRegisterShell64.exe
1340	MicrosoftEdgeUpdate.exe
4320	MicrosoftEdgeUpdate.exe
5640	MicrosoftEdgeUpdate.exe
5660	MicrosoftEdgeUpdate.exe
5660	MicrosoftEdgeUpdate.exe
5640	MicrosoftEdgeUpdate.exe
1832	MicrosoftEdgeUpdate.exe
1740	MicrosoftEdgeUpdate.exe
5344	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
3720	MicrosoftEdgeUpdate.exe
5988	MicrosoftEdgeUpdate.exe
5988	MicrosoftEdgeUpdate.exe
3720	MicrosoftEdgeUpdate.exe

Registers COM server for autorun 1 TTPs 31 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Checks system information in the registry 2 TTPs 12 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Suspicious use of NtCreateThreadExHideFromDebugger 3 IoCs

pid	Process
5344	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 63 IoCs

pid	Process
5344	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\CompositorDebugger\sequence.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\DeveloperFramework\PageNavigation\button_control_start.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\VoiceChat\SpeakerLight\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\ExtraContent\textures\ui\LuaApp\category\ic-top [email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\GameSettings\placeholder.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\Settings\MenuBarIcons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\Settings\Radial\EmptyTopLeft.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Trust Protection Lists\Mu\Cryptomining	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\LayeredClothingEditor\Default_Preview_Avatars.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\StyleEditor\style-elements.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\chatBubble_blue_notify_bkg.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Locales\sr-Cyrl-BA.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Locales\ja.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.80\Locales\ga.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\9SliceEditor\GridPattern.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\VR\notifier_glow.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\AvatarEditorImages\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\AvatarEditorImages\Sliders\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\AnimationEditor\ScrollbarBottom.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\CollisionGroupsEditor\manage-hover.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\LayeredClothingEditor\WorkspaceIcons\Mesh Visibility Icon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\VoiceChat\Misc\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\ExtraContent\textures\ui\LuaApp\icons\ic-more-friends.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\StudioSharedUI\menu.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\VerifiedBadgeNameIcon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\Settings\Radial\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Locales\fa.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.80\Locales\pt-BR.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_3x_12.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_es.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\sky\bn.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\DevConsole\Filter-stroke.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\Vehicle\SpeedBarEmpty.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\RobloxPlayerLauncher.exe	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\ExtraContent\textures\ui\LuaApp\icons\ic-more-create.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\ExtraContent\textures\ui\LuaChat\icons\ic-check.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\DeveloperFramework\UIOff_dark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\Keyboard\mic_icon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\Settings\MenuBarAssets\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\Settings\MenuBarIcons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\ExtraContent\textures\ui\LuaApp\category\ic-top [email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\configs\ReflectionLoggerConfig\EphemeralCounterWhitelistMock.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\VR\Radial\Icons\2DUI.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\ExtraContent\textures\ui\LuaChat\9-slice\chat-bubble-tip-right.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\models\ViewSelector\Axis.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\VoiceChat\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.80\Locales\bs.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\PurchasePrompt\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\Vehicle\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\VoiceChat\SpeakerNew\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\PlatformContent\pc\textures\metal\reflection.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Trust Protection Lists\Mu\LICENSE	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\fonts\families\BuilderSans.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\AvatarEditorImages\Stretch\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 41 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc.1.0\ = "Google Update Policy Status Class"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CurVer\ = "MicrosoftEdgeUpdate.Update3COMClassService.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CurVer	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback\ = "Microsoft Edge Update Legacy On Demand"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0\CLSID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0\CLSID\ = "{77857D02-7A25-4B67-9266-3E122A8F39E4}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe\" %1"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\Elevation\Enabled = "1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdate.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\a.htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 821850.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\a-literal-baseplate.htm:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 41 IoCs

pid	Process
1188	brainsense.exe
1188	brainsense.exe
3276	msedge.exe
3276	msedge.exe
5388	msedge.exe
5388	msedge.exe
5232	identity_helper.exe
5232	identity_helper.exe
4428	msedge.exe
4428	msedge.exe
4676	msedge.exe
4676	msedge.exe
1144	msedge.exe
1144	msedge.exe
5840	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
752	msedge.exe
752	msedge.exe
2552	RobloxPlayerInstaller.exe
2552	RobloxPlayerInstaller.exe
3480	MicrosoftEdgeUpdate.exe
3480	MicrosoftEdgeUpdate.exe
3480	MicrosoftEdgeUpdate.exe
3480	MicrosoftEdgeUpdate.exe
3480	MicrosoftEdgeUpdate.exe
3480	MicrosoftEdgeUpdate.exe
5344	RobloxPlayerBeta.exe
5344	RobloxPlayerBeta.exe
3044	msedge.exe
3044	msedge.exe
4160	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe
3720	MicrosoftEdgeUpdate.exe
3720	MicrosoftEdgeUpdate.exe
3720	MicrosoftEdgeUpdate.exe
3720	MicrosoftEdgeUpdate.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3480	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	3480	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	3720	MicrosoftEdgeUpdate.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe

Suspicious use of UnmapMainImage 3 IoCs

pid	Process
5344	RobloxPlayerBeta.exe
4160	RobloxPlayerBeta.exe
4424	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 3876	1188	brainsense.exe	81
PID 1188 wrote to memory of 3876	1188	brainsense.exe	81
PID 1188 wrote to memory of 4036	1188	brainsense.exe	82
PID 1188 wrote to memory of 4036	1188	brainsense.exe	82
PID 1188 wrote to memory of 1200	1188	brainsense.exe	83
PID 1188 wrote to memory of 1200	1188	brainsense.exe	83
PID 1188 wrote to memory of 1964	1188	brainsense.exe	84
PID 1188 wrote to memory of 1964	1188	brainsense.exe	84
PID 1188 wrote to memory of 652	1188	brainsense.exe	85
PID 1188 wrote to memory of 652	1188	brainsense.exe	85
PID 1188 wrote to memory of 4236	1188	brainsense.exe	86
PID 1188 wrote to memory of 4236	1188	brainsense.exe	86
PID 1188 wrote to memory of 2916	1188	brainsense.exe	87
PID 1188 wrote to memory of 2916	1188	brainsense.exe	87
PID 1188 wrote to memory of 1284	1188	brainsense.exe	88
PID 1188 wrote to memory of 1284	1188	brainsense.exe	88
PID 1188 wrote to memory of 4376	1188	brainsense.exe	89
PID 1188 wrote to memory of 4376	1188	brainsense.exe	89
PID 1188 wrote to memory of 2128	1188	brainsense.exe	90
PID 1188 wrote to memory of 2128	1188	brainsense.exe	90
PID 1188 wrote to memory of 2320	1188	brainsense.exe	91
PID 1188 wrote to memory of 2320	1188	brainsense.exe	91
PID 1188 wrote to memory of 4204	1188	brainsense.exe	92
PID 1188 wrote to memory of 4204	1188	brainsense.exe	92
PID 1188 wrote to memory of 2592	1188	brainsense.exe	93
PID 1188 wrote to memory of 2592	1188	brainsense.exe	93
PID 1188 wrote to memory of 2124	1188	brainsense.exe	94
PID 1188 wrote to memory of 2124	1188	brainsense.exe	94
PID 1188 wrote to memory of 240	1188	brainsense.exe	95
PID 1188 wrote to memory of 240	1188	brainsense.exe	95
PID 1188 wrote to memory of 3088	1188	brainsense.exe	96
PID 1188 wrote to memory of 3088	1188	brainsense.exe	96
PID 1188 wrote to memory of 740	1188	brainsense.exe	97
PID 1188 wrote to memory of 740	1188	brainsense.exe	97
PID 1188 wrote to memory of 2348	1188	brainsense.exe	98
PID 1188 wrote to memory of 2348	1188	brainsense.exe	98
PID 1188 wrote to memory of 5104	1188	brainsense.exe	99
PID 1188 wrote to memory of 5104	1188	brainsense.exe	99
PID 1188 wrote to memory of 780	1188	brainsense.exe	100
PID 1188 wrote to memory of 780	1188	brainsense.exe	100
PID 1188 wrote to memory of 552	1188	brainsense.exe	101
PID 1188 wrote to memory of 552	1188	brainsense.exe	101
PID 1188 wrote to memory of 3680	1188	brainsense.exe	102
PID 1188 wrote to memory of 3680	1188	brainsense.exe	102
PID 1188 wrote to memory of 1592	1188	brainsense.exe	103
PID 1188 wrote to memory of 1592	1188	brainsense.exe	103
PID 1188 wrote to memory of 2864	1188	brainsense.exe	104
PID 1188 wrote to memory of 2864	1188	brainsense.exe	104
PID 1188 wrote to memory of 3268	1188	brainsense.exe	105
PID 1188 wrote to memory of 3268	1188	brainsense.exe	105
PID 1188 wrote to memory of 1224	1188	brainsense.exe	106
PID 1188 wrote to memory of 1224	1188	brainsense.exe	106
PID 1188 wrote to memory of 1596	1188	brainsense.exe	107
PID 1188 wrote to memory of 1596	1188	brainsense.exe	107
PID 1188 wrote to memory of 948	1188	brainsense.exe	108
PID 1188 wrote to memory of 948	1188	brainsense.exe	108
PID 1188 wrote to memory of 2284	1188	brainsense.exe	109
PID 1188 wrote to memory of 2284	1188	brainsense.exe	109
PID 1188 wrote to memory of 2608	1188	brainsense.exe	110
PID 1188 wrote to memory of 2608	1188	brainsense.exe	110
PID 1188 wrote to memory of 1956	1188	brainsense.exe	111
PID 1188 wrote to memory of 1956	1188	brainsense.exe	111
PID 1188 wrote to memory of 1348	1188	brainsense.exe	112
PID 1188 wrote to memory of 1348	1188	brainsense.exe	112

C:\Users\Admin\AppData\Local\Temp\brainsense.exe
"C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3876
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4036
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1200
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1964
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:652
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4236
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2916
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1284
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4376
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2128
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2320
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4204
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2592
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2124
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:240
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3088
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:740
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2348
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5104
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:780
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:552
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3680
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1592
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2864
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3268
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1224
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1596
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:948
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2284
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2608
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1956
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1348
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1388
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3040
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3208
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2136
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3540
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2604
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5088
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2668
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:852
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2712
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1300
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:416
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:392
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2872
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3536
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3660
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:484
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:752
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1752
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4256
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4576
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3068
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2036
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2912
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3944
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1484
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2408
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:380
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4356
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4660
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1304
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2648
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1352
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1836
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3772
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3740
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:840
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2908
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2876
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3472
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4536
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2112
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5020
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:784
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2704
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4144
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2352
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4644
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1736
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3372
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4284
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3336
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4968
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4120
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4076
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5068
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2080
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3748
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3480
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3516
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4992
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3504
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2272
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4184
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4052
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4048
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4604
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4552
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:788
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3212
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4700
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1756
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4152
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3076
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3000
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1136
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4064
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1232
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2552
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4140
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3332
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:224
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4500
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2860
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1696
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:708
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4768
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2664
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4760
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1440
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4296
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4280
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3044
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2732
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4432
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2584
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3508
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1952
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4440
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2004
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2108
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4488
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2620
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:388
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2148
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3792
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4716
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3328
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4272
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4580
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1880
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:340
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4664
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2828
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4608
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4632
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4724
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:4584
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3996
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:1344
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:2508
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3720
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:428
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3036
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:3564
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5124
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5136
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5144
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5152
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5160
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5168
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5176
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5184
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5192
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5200
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5208
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5216
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5224
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5232
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5240
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5248
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5256
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5264
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5272
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5280
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5288
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5296
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5304
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5312
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5320
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5328
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5336
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5344
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5352
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5360
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5368
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5376
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5384
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5392
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5400
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5408
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5416
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5424
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5432
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5440
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5448
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5456
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5464
- C:\Users\Admin\AppData\Local\Temp\brainsense.exe
  "C:\Users\Admin\AppData\Local\Temp\brainsense.exe"
  2⤵
  PID:5484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\brainsense.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  PID:5552
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\brainsense.exe" MD5
    3⤵
    PID:5576
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:5588
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:5600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb62353cb8,0x7ffb62353cc8,0x7ffb62353cd8
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3576 /prefetch:8
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2632 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7024 /prefetch:8
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7076 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:752
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2552
- - C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:5200
  - - C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Sets file execution options in registry
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3480
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3016
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1340
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:3720
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:4912
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:4224
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDRCRUZGRkItRjY1NS00OTA1LTg2MDYtQTA0MEE0MTRFNTM2fSIgdXNlcmlkPSJ7MjE2QjE5OUQtNDk5Ny00ODZFLUEyQUItMzNBOTdEMDA5MjY4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszNDk3N0FFMC1FNzM3LTRENzEtQTQwOC01RUNCMDg0RUZCRTB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDMuNTciIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3Mzk0MDI4NTMyIiBpbnN0YWxsX3RpbWVfbXM9IjE3NDkiLz48L2FwcD48L3JlcXVlc3Q-
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        
        PID:4320
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{04BEFFFB-F655-4905-8606-A040A414E536}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5640
- - C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\RobloxPlayerBeta.exe" -app
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of UnmapMainImage
    PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:VEy00DEgfPb4PfQCUgsrZpxoEv96GuzCEhrCNzj_aPNb54pvuJ9vhq7lgS1xQByrOvs9d5bTZpQIFTS2GMj9oRUF8cFFlC-wDm07sV9Idd7G3mbfJ7jh4Z0L39zGrJqxag4vN-aOIUPVCambUBQVUMfxij-xmltn22bZtCV4LSjlwvo54AGAZaDQIzJbygPRpygvD3mJu9y0jWGZvvC2KKgjebllueITovQQGlDCzW8+launchtime:1710109990649+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D220609443246%26placeId%3D4483381587%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D8a96a2cc-2927-4650-8310-fff6f28b7b1f%26joinAttemptOrigin%3DPlayButton+browsertrackerid:220609443246+robloxLocale:en_us+gameLocale:en_us+channel:zexpcontrol2+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9635442541218786582,11422790155267571937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:EevNF4xXBN0cS05fvYwkO23mn52yhI5uMKxSEOhveVsNwrxYm_vWa4okn_uJ07CNk5_-ZzRNWyi7H2g6LMCfM-s1540c2XOLNxjUZQ7qxQMX0TCK998m4LuyqrJ9AA9sUtpcqNevCgBJVErN8q_CEDf9O6-l2mo8Dry76-8LNBdswQ6MsFkEzjpW2I5F_gRFv4m33qj_C6ixDjAt21WGV20RbzxlAFfYp76o5JCFDh0+launchtime:1710110042637+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D220609443246%26placeId%3D4483381587%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D1f5cb586-2858-4448-ae98-34871fa3893d%26joinAttemptOrigin%3DPlayButton+browsertrackerid:220609443246+robloxLocale:en_us+gameLocale:en_us+channel:zexpcontrol2+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:4424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1280

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:5660
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDRCRUZGRkItRjY1NS00OTA1LTg2MDYtQTA0MEE0MTRFNTM2fSIgdXNlcmlkPSJ7MjE2QjE5OUQtNDk5Ny00ODZFLUEyQUItMzNBOTdEMDA5MjY4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDMkVEQjcyRS02RkVGLTQwM0MtOERCRC04MjI4QTMyRDE3RUN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIG5leHR2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc0MDM2NzgxOTkiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:1832
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97AE0AD2-7577-438B-9B1B-A6C50F102748}\MicrosoftEdge_X64_122.0.2365.80.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97AE0AD2-7577-438B-9B1B-A6C50F102748}\MicrosoftEdge_X64_122.0.2365.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:5104
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97AE0AD2-7577-438B-9B1B-A6C50F102748}\EDGEMITMP_B1B02.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97AE0AD2-7577-438B-9B1B-A6C50F102748}\EDGEMITMP_B1B02.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97AE0AD2-7577-438B-9B1B-A6C50F102748}\MicrosoftEdge_X64_122.0.2365.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Drops file in Windows directory
    PID:5412
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97AE0AD2-7577-438B-9B1B-A6C50F102748}\EDGEMITMP_B1B02.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97AE0AD2-7577-438B-9B1B-A6C50F102748}\EDGEMITMP_B1B02.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{97AE0AD2-7577-438B-9B1B-A6C50F102748}\EDGEMITMP_B1B02.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.80 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff71da969a8,0x7ff71da969b4,0x7ff71da969c0
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:2288
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDRCRUZGRkItRjY1NS00OTA1LTg2MDYtQTA0MEE0MTRFNTM2fSIgdXNlcmlkPSJ7MjE2QjE5OUQtNDk5Ny00ODZFLUEyQUItMzNBOTdEMDA5MjY4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5MzZBRDc0MC0zRjBCLTRDODMtQkRBRi04RTE1M0NBOTYyQ0Z9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTIyLjAuMjM2NS44MCIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzQyMzI1ODY0MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc0MjM0MDgxNjciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NjkyNDMxMTEyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZDJjN2RiZi0yZmE0LTRmYzYtODYzYS0yYWM0Zjk3MzYzZDY_UDE9MTcxMDcxNDYxNyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1Cd3UzaVloMlN1QU5YdnU0ZmVsQVlVSDVsU0M4MDBOQjRZeVJGYmJFMjY3SFk2ZVRzSW16UEJjZDl5QkRrcXpYRWRwTnZDWG1IRnZqJTJmc2NldXhIUFlBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTcxNzA3OTYwIiB0b3RhbD0iMTcxNzA3OTYwIiBkb3dubG9hZF90aW1lX21zPSIxNzc0NCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc2OTI4NzQ5MDciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NzE1ODI4NDYxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NDQ3MDEyNjk3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMzcyIiBkb3dubG9hZF90aW1lX21zPSIyNjkwNyIgZG93bmxvYWRlZD0iMTcxNzA3OTYwIiB0b3RhbD0iMTcxNzA3OTYwIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI3MzExMSIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:1740

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3720

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:5988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.80\Installer\setup.exe

Filesize
6.8MB

MD5
c7355148bfe4f8c0f4a2d64009f53888

SHA1
71f924decb8b7ef5ff4c6ddd2f6a0dc49a06f381

SHA256
d79bab271698082da29359c71051899f23f3dd956548efe0eb8965e7c2969983

SHA512
fc52ace4c524e85883ca40b8fcd2a9d25a30d99a23e0be46a7b599bea0996392990fba9cb945a6dc24ca3b65d3f61eea5ce7af9d64bac1cf13345e648fa74357

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\122.0.2365.80\MicrosoftEdge_X64_122.0.2365.80.exe

Filesize
6.9MB

MD5
f064d626150261e0d220e61a81a1979f

SHA1
56ed5e25ca002af0d1343ab362b56ffccd649432

SHA256
f7cfd32f98edf36ad480a6f9b6515c107db5f5a1e04afc1207519228123edb75

SHA512
2c506c42c26f62d4d72c33833014716a0a98bcbb6c309eb8d07e10894941b115ff6e90f5e8124094cd46b4f80b79750cb80f2af4300eb1e424505c9341c3f1eb

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
7a160c6016922713345454265807f08d

SHA1
e36ee184edd449252eb2dfd3016d5b0d2edad3c6

SHA256
35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

SHA512
c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
60dba9b06b56e58f5aea1a4149c743d2

SHA1
a7e456acf64dd99ca30259cf45b88cf2515a69b3

SHA256
4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

SHA512
e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
c044dcfa4d518df8fc9d4a161d49cece

SHA1
91bd4e933b22c010454fd6d3e3b042ab6e8b2149

SHA256
9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

SHA512
f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
965b3af7886e7bf6584488658c050ca2

SHA1
72daabdde7cd500c483d0eeecb1bd19708f8e4a5

SHA256
d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

SHA512
1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
567aec2d42d02675eb515bbd852be7db

SHA1
66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

SHA256
a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

SHA512
3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
f6c1324070b6c4e2a8f8921652bfbdfa

SHA1
988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

SHA256
986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

SHA512
63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
570efe7aa117a1f98c7a682f8112cb6d

SHA1
536e7c49e24e9aa068a021a8f258e3e4e69fa64f

SHA256
e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

SHA512
5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
a8d3210e34bf6f63a35590245c16bc1b

SHA1
f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

SHA256
3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

SHA512
6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
7937c407ebe21170daf0975779f1aa49

SHA1
4c2a40e76209abd2492dfaaf65ef24de72291346

SHA256
5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

SHA512
8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
8375b1b756b2a74a12def575351e6bbd

SHA1
802ec096425dc1cab723d4cf2fd1a868315d3727

SHA256
a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

SHA512
aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
a94cf5e8b1708a43393263a33e739edd

SHA1
1068868bdc271a52aaae6f749028ed3170b09cce

SHA256
5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

SHA512
920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
7dc58c4e27eaf84ae9984cff2cc16235

SHA1
3f53499ddc487658932a8c2bcf562ba32afd3bda

SHA256
e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

SHA512
bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
e338dccaa43962697db9f67e0265a3fc

SHA1
4c6c327efc12d21c4299df7b97bf2c45840e0d83

SHA256
99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

SHA512
e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
2929e8d496d95739f207b9f59b13f925

SHA1
7c1c574194d9e31ca91e2a21a5c671e5e95c734c

SHA256
2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

SHA512
ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
39551d8d284c108a17dc5f74a7084bb5

SHA1
6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

SHA256
8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

SHA512
6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
16c84ad1222284f40968a851f541d6bb

SHA1
bc26d50e15ccaed6a5fbe801943117269b3b8e6b

SHA256
e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

SHA512
d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
34d991980016595b803d212dc356d765

SHA1
e3a35df6488c3463c2a7adf89029e1dd8308f816

SHA256
252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

SHA512
8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_da.dll

Filesize
28KB

MD5
d34380d302b16eab40d5b63cfb4ed0fe

SHA1
1d3047119e353a55dc215666f2b7b69f0ede775b

SHA256
fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

SHA512
45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_de.dll

Filesize
30KB

MD5
aab01f0d7bdc51b190f27ce58701c1da

SHA1
1a21aabab0875651efd974100a81cda52c462997

SHA256
061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

SHA512
5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_el.dll

Filesize
30KB

MD5
ac275b6e825c3bd87d96b52eac36c0f6

SHA1
29e537d81f5d997285b62cd2efea088c3284d18f

SHA256
223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

SHA512
bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
d749e093f263244d276b6ffcf4ef4b42

SHA1
69f024c769632cdbb019943552bac5281d4cbe05

SHA256
fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

SHA512
48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
4a1e3cf488e998ef4d22ac25ccc520a5

SHA1
dc568a6e3c9465474ef0d761581c733b3371b1cd

SHA256
9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

SHA512
ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
28fefc59008ef0325682a0611f8dba70

SHA1
f528803c731c11d8d92c5660cb4125c26bb75265

SHA256
55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d

SHA512
2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_es.dll

Filesize
28KB

MD5
9db7f66f9dc417ebba021bc45af5d34b

SHA1
6815318b05019f521d65f6046cf340ad88e40971

SHA256
e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

SHA512
943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU6D9B.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
b78cba3088ecdc571412955742ea560b

SHA1
bc04cf9014cec5b9f240235b5ff0f29dbdb22926

SHA256
f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085

SHA512
04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
677KB

MD5
3447df71dfeea0a3a4603241750b4f31

SHA1
82de99a01b540f3f093d3231d829376dc1e4554a

SHA256
49c4c1ad621ce9d217f476786e9f7c7cc5dd130ef77298128f431c5d5b4be9dd

SHA512
2a820689b2c040eebf5a59265487b9d687ded05a93f3784143250ef3a47eb77b07a0a9501dbfafdf0c795d6c5fd8c045c2665f420f611c07f254f104ffa8f789

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\RobloxPlayerLauncher.exe

Filesize
2.1MB

MD5
3284c219e000b888ac6228bf8309ee26

SHA1
b869ee344489947ce759604d82103c7efbc0f7c7

SHA256
f02927c7b1dfb0216f3287f79407bd7cc84a03d55bab37e9be68d44c735a292c

SHA512
42977c6d4e3b969406818f92f605979be47f942f9ccd6280cee5c686c70c090f5aff0094cedcc7b33b39fcf7b78186933a8fd399638c0902c713d062d9b5fefc

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-97058ca6653344cd\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
14KB

MD5
9cb007327e46891ad32b301719333d75

SHA1
40847cd1a6cbc1ee256f50b61a1e0049b9ce45ba

SHA256
f2968db0115e324f7f33b28a5d87cee50d237b5fb088c00ae976180e94cff4af

SHA512
55f89bb8a2aee828ff3d7aa27d635042fd98e65453492485055cad6b50339ca5ac295695af97c3a2ef5e47b053654709d675e0db61299168da73347a83758156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce319bd3ed3c89069337a6292042bbe0

SHA1
7e058bce90e1940293044abffe993adf67d8d888

SHA256
34070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3

SHA512
d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
12b71c4e45a845b5f29a54abb695e302

SHA1
8699ca2c717839c385f13fb26d111e57a9e61d6f

SHA256
c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0

SHA512
09f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7b1636f7-5b5e-421e-926e-00e34a471f24.tmp

Filesize
4KB

MD5
72a7dbc6c95a8aa76f3ba5c6713737c5

SHA1
2221753035b2db8675c461670dbac2d7cbecadc2

SHA256
4442fd2ce2b28494ef359712ab69cdf379786adab8af91a5808bcf16cbe320b8

SHA512
355396ffc056d064125e9690d532112b68992a3adbda6b4e56f51c01ab66b84a60565e0f3a81d781b32b0628195e75a57c7a3d507fa481de56eaff81bb06dace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f9f0d5155bfa7a500636e94641f586fe

SHA1
70d2bf0aff1654012f0474ea69bde5d01733335f

SHA256
5db8f9a996fabc059757ba5c89e073c522e9459430a6707c3156070cca4e62a0

SHA512
67c14895e33146e59833196b245d5c042c1a8d75f81ab1b059a9d0510d0c8f48429e5f6b408b8478244d00ac894932218acdb8c5d6fec1dbeba1bababae554c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
168064bbe19a7799b761c0528cec686f

SHA1
0e3733ebfdba2526e9ba658221694ea327bee8e0

SHA256
3d74c00cf3b0f14f583238c3a2bbdd58148518ac276fa4f1231903335078c911

SHA512
5547b49e497ff05d617044b0e79659190ce3f46c321239f2fed7aab2455766ac4e3c6bb03f34376274efbcde1c06d9d23fb2f63791530e841ff6a804a65db647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
56a5d98960093d2d4f5c8c26b04379d8

SHA1
817a10bd4954db17a2f01ad1dbca6c2699a9ef91

SHA256
d7bcc05f7a8578bda6bbe4a6503c47db0e1944d0cb6c064910f1611e6f2cdd55

SHA512
f9a09159059ad85dc827c762a2919a2cbd215bddd37c0f5087d472034bafccbaeaf7781d74cb381f0053f3fd581b7f5fb4603b08b0ec228c67353184edef2986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
05fc1852d853bb86eb09a93bea0501b3

SHA1
98e09db3b7b9d26000b29dfffdd7f549a54331e0

SHA256
56c54db9401b4965960c673f286d0dfc69b357225e2ea25de5c7aa70aee60b25

SHA512
42672071659d01e6945f07a0cac2d87646ab64e9c46b2a3977b6681753e29553b623fce179f81579b97e6323126cbc091f1419d76bf91754c435dc513d884ab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1287214656e69688ae7c81e3367080d5

SHA1
008da91ebe8ffe2e0ae310de81ea3f6daedaf876

SHA256
0a2a5729453818e33922a9fc9fe0321c380a4ed28ac07d69c6bf89a0213639b5

SHA512
87ef2a659bc9c6199ba1957c04110090a752ffaed6db391f581c2d3ae6ecb5b30b5e04dd066d505488c4c3edc3728a44e85d4f520f8bc48d69cb3066808c2af8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a1b33e0acb03fefcdbc4f24a9d3d461d

SHA1
b26eeeaa44349c98b10ac28609afe157b1b740c4

SHA256
e0f4a60e720fb89679279a3bb2ab2621fefe2f0b0ecc317e586af7370d54a753

SHA512
9ce9b9150f89bbf2d48d657487e222bc348ab7fead8718175a2a29d4c5ff31c74a65ca365b242ed6882214a57ad18233f167bbbc2a070d2a510d0520f4ca8935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
937ecd0d97148976c233c915fedff0c4

SHA1
5f725d257e3ddd9ce8b2ef0baa07a2d392fc0e68

SHA256
cec99f847b5a3b019fd890054e7cf0dd1cbaa3edc3a1451c7f8c2e22ad6b90cf

SHA512
02b653f43157a60577ee931c23a1b0930ad79a9924ab5480018dd590cba4b82f9743821529f48414628b110de596e0ac317556ea8eef4a4995f596e9092e849f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2ea4cacaa321fc742a17a9ec871f7b7a

SHA1
7682afe422f3442dbad849c002a609073f09e39b

SHA256
eef8c69c4d680311b34e0004097eebf3d2691804f638c912d68b314ed2b3aba4

SHA512
d69376a07d9e1c398806cbff2c99b7a520b7b5f37b85e972918ccc38dbbf7f407de90f7e299b0bc716e9fa1f8d440037dc3b888a87bd991ece9cc2804ab41f26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
381fca5c4046512b6df43c1d2f7c5fd4

SHA1
3bb76648c2578c3e4979eb1379b919e9e3a50a15

SHA256
9f4baa31880263e99cca3d9f4af759a615e7a8f12d8441a0226855c92ad7578c

SHA512
fd11efe0a160087321dccafc1d89683b297edef5bb08c17512973217dc0c3fa036720f381fd4a6b912a6af6f8dfeebec7ddae59e3e8bae29ec125d4d30f1a3be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fb7970431a65269c6cce1f6392d13e80

SHA1
6e81de557ea2dbea1b94268fa98835c20a17adc0

SHA256
710d10a02776579cdb9b36626ccec02985bdf3039d46da67ab98ce6437d5bc4a

SHA512
91e3780c7263d7fe803c3e854f22c7ea25024e4de44038c55da486d11334ba787ddeaba2849f0cf873a250d1f9fe58ba225a20c5e91dbe171e07ea347c778922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3326b79ba3324298cfe757515ad97c93

SHA1
5d1b8afdd0bb597fd180f4cb7096b35a19e00b9d

SHA256
ff2bb7ab5b961d949640bd432a284b5af9bbf4d9818557614f7853b59bcc39ea

SHA512
cfb6e19dc67a79dba9048013c4c4eb88a2433a976e536932bc329a0bef027d5738237c7e09d2e233491fed4a32455bec3642bae1ee2e80bbe85e9fd04e3da5ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c8b32a082698d8b6923f465bf5396ee

SHA1
3015ecd5b4e4a53031322bffbea2f12d6b712775

SHA256
9328af273ab50e21dd42910da780e1987e4768b81f1a65e7b6474a644686936a

SHA512
45919988f65842a896d1f3e763b4826e0261cdfe84e51e13b55cc9e89e9923d2f24f3dc8253a201be80adbea7b3adbb92f4690348cb06816dfc34bf8360fe2b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd104943533edb8dc3ee3a66a1ba4065

SHA1
08cfb26df5bf19eb86cd6b01d5309cd0b028f07c

SHA256
ba58488e300b4e9189dfcdd4d063b9f90481eaa4a393193729b333db66cb22ee

SHA512
bf35c20a16f3c25c7823812f3638a621019a50ae113b1a6c1c70fa4aae1628ba19955aadec452451254e715a68f5c6da88d8fbdf7ec0ebcf5a250a2d52dc1d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c4597a6e6077264c27b83fcc69684902

SHA1
668b281ec8d5ff688df0aef9b7ba5a49c2e42c44

SHA256
89d5bdbc2c63d975ef81590d35690797591b6586bb55ac0dd34b024eab11a875

SHA512
769968b1fe321203be137b13959836905e288b05a74a7ca16a228ff1ed0a791e3388e24cd0b02d0b8ea499db8211629b5adab76419e4adba1ee2b663a7eafa8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
69c4ab7765fea82bfeb7c2bd838a04f7

SHA1
b3500683f2d0a5455a8a1d8b4e4729c2d557f945

SHA256
85090ef1eb2303ef0313d3d572e821a32bda4e7f8439de0ed12edf5b04a88d65

SHA512
763123a1dec9f664b6400b851837051fe3e4235421b706b7c7c29699e089d05507cf1eea16e255f1eb3fab57195772483ad1c0e99be9bfbcbc18551c638edef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
beeab7eaaf2cbb8439fc89b5d87c25f5

SHA1
3fcb43e51f6aa545bbfd9b87f5f4a87fa675f8c2

SHA256
7b28ba24a8246b5f78db257e15a04731ae2cc3b940fc2c861ff2090bb64f4cc2

SHA512
e7ae881aed3458121b2c62407e2b6915430d19b182daf3de6a803d1a2732379d709018555d252fef59040024c93157fa747a8afddb826db45aae8db1789b025b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ea858e5e64d8922f52fc411b5e4232a9

SHA1
00911075efde54d77207d6752a29187d7593750d

SHA256
1a3c418cc9e5ca881996d9ca6e901a8f04e42dd8eee32e1cedcb1ac3ca2b4a28

SHA512
5e061c68f196c2a93a48194bf6e1e41c9e98c213f5178eea14fead11898b5dbbbbcacc7fdd5ac1c1084d3ce33f4c75015108910e77b05fb5d14149281c277fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1175fa9d4dab5b738f51b5b90fce5da0

SHA1
6f533c086fb058277e434ffe2bde0a17a11c66d5

SHA256
84b04e9f5ff2b4b171dac1fd93a71687c1ff3acbeffc9380a409b0cff27ac493

SHA512
caee86c8576477cf6349f5cf8cc93b3cfed412ae3e6e1c49902826d58dded63443ed1775ea75a8b4b95243ee23ecea5fd9d4b177c75081386681aa9d14778c7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9ae24346234a515db9f7e5b8ffc84ba2

SHA1
d18201e9eabdb766311fb8fcc2d0efd4addc5ad8

SHA256
7c56524ed1e9fc2550a392514c3768772c47c5eaa176fe87245d8f37cc1153ca

SHA512
cc8a96f57a6c42ffddc25b0170c6e9c494260fed67e6a61469d5498819eba77b2c0299bafb8686d1583a0e5b47e735d0b157efc7778a54f4e21d22a2c0d69dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e7ff27a200031ebb5df1db947eb15850

SHA1
97352955b6cbde10ef58f395381540c2ad606ec3

SHA256
89802ca75321a946c17f515a4943cc0d2d3944690490192a9c85fd447121ca97

SHA512
0bc060d09481310bf082d4d4d44b279a8c5e4eb8b5d0858ab6d115939e7e91a8eb8ed30870094ee247896f4673c568924b8fbdc2b4e3301c99dde5ffea7a1caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
be2c2632b1234d443065a21cfbab6574

SHA1
dfd45ba3027370e32db5622e6f4ba325591683e4

SHA256
87325f5f0a4cd9b3c04368f42f2a329f45c32c2b2ce7598fb2456393535def32

SHA512
642e14ed4f9bf655ff55a6ac260a52b1c5c609f35bafd84d95413aa60bd94db260e6d4fa907b2ab1587a932bb6e7d8bbb029b7142eecec6f7872b9a5b6105c26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2a407661575a1f4d1ce44e7fe574605d

SHA1
826864bff227b4fa911862f8c3b6b6df820f2217

SHA256
2d8f51d1682e6a1b8468c980b6acb38952131bd53d7281722baa5f7eba06d4bd

SHA512
2db372fe28250c72edfc88c415729a0b5e83aec35850f3ec171280ce29191b5dabd7980700efd351991665049ebcdea8720bcd34010ad0270c12e6f8ebc5b250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
4b6cc9823ac32feda0356d5d34adf6f9

SHA1
0c2b7fca6004bf98b68f3a8e93f1ea0040e16c01

SHA256
80c672e28ffbd950d845c08cc44fdaeaa27acea9a6afdf63603dbd1178e4e9bd

SHA512
f875b9ea3e77d39e34c438bbd79af576bc18a95b5399ba2de2d35ca8fbfcd0f88a83117055806bf2650e062f3bfce0b99bbefcfbb897ec68256a8b7dabd451b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
282f1851ebc2f6100f8e24e068d6580d

SHA1
7fdb0dbf1baaba17ff137e81f1d36b7985b4adb3

SHA256
2090f275a2116e246460ccc0219e60a94e80cc5265ffbf0254a8d1297505de1f

SHA512
2668a268d7087553c951c0b0614bc85239549d085bc03f6205bf703b306ff69f9553dc0bc8ffac9009a80f3ba3ea93cf8e491973617f710a904fc73431e958a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
571790ac58973a87f1343b991a741ea9

SHA1
22367d79167e4fda84c74c8622f66665bc3e6ed9

SHA256
4ff8b79e46198311c01c6a7ed30c428ae8b36a9b166d8d4c1fe9f3d3e5ea3d17

SHA512
a5ef165a703939e66e34630b5e4c175c3a69e44fd2b177e4157c984f10715250e65c56908185a962d58976709eb9371785dadd15594e1a90183b4c7b5952b0a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
af7fb011434740b7aa03cbf4328da744

SHA1
a78d361621efb86fefcd53975707f72dc948c25f

SHA256
a0e39a155b9ff78d9a615cceb8ee2f8e48c25ab7a1d192b1aa73f1cb72b36907

SHA512
231557d4175bc38fc3b2763795521ba321bac4616bb0a3e46b98cc3b5190dc4782792221ce7ba7d9c4ef13554bdb7c296d777ad71d18b53fec322582e276cb44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1bbc49ab6c7df5a1802f8a56eb237206

SHA1
0e75378949a6c849a0b17bab17eec03629de6ca9

SHA256
a4c384677859328ad5fcdf1c5180fe1c0e38638cf0f8d41826412f27b0ada0ca

SHA512
82101ffca24e58430cece47d5be7f16e5a24ebc25088fb16ed02646a10d82a4497aeac1600501db5e283a0980b5d32493e6eb79cd6a7cd2b3a79ab42d5d2c62c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7f24fec852e61bbd2189e5330dbda145

SHA1
45a2195034f84038fe1127e18d2f701471d80d21

SHA256
235995bd331804c2328cc2c0e6807190a80018a7cbd1a4856aba75c17f84027b

SHA512
102d8d339fb7a86ddd9826f4ffbbf75af2b6a0d480a90232da248483c331853eb95de7edd512c76f588156d2153f061e77ea0b97023710dcd4c2da3ae05f38c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
bbc2daafa6ae2f6bd2aac608bdd83b80

SHA1
a701eb35398e6c0db167e55f3ffd13c2f373f588

SHA256
e864110901f3516817b9c3484750648448d7da022ac7f833c5474f5362cd4415

SHA512
cb6f3ebf6917582bbd356dfd01ff1309138f06f317d2149621fd7561417bd218d693d761b21140e3e769b0a1d42d88ca0303214e5badb71bf8ad91f0ab6e630d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a9679cddcfc8660334ef9907078ba3d6

SHA1
9c447bebc3d1ce20e81d6c7070a0629e481b8171

SHA256
a05f4a773ef26f72e6296a9db1e1df17473e396c68d490ff975d4fd801b01f6a

SHA512
df692b828c03694fbc4f120ed0d3d2ec9f0eb2e376b9c64598a44d70ad1d019016e04328fa21e7e92781f09c272f207884e7ad26061e8bfcf3716470bedb7e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1452f85f3f9bfa1ac423be746fbebc60

SHA1
dae1bd3afe9043d85ee4447835356c6d285016ce

SHA256
00a7ab1b03b8dbd4726faa669c23798ee18c74f099a8bc9e8992197b6e881d2d

SHA512
429aaa451fcef7249c8db82819570e8485370e4627e6aac64c7f9d684ecae92a673c050f0f7d8b6bb0cd8b4c4db7d6017f8266b4ba283fff67de50b7a7f1875f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2b511432aaaf36473f6d0ba57bd4d9e7

SHA1
cfc4f133b8478a7ab8ac210b556acdf3ce21d407

SHA256
fbd763f7c7994d98a874defd959e11c28023e7def9724f535d042d9517e485bb

SHA512
a1b857b4aff0291a581445e0a8c7aca5be65f86ae9ff639e5adcf840db171f1e1e2f288a271a68c95d52a7fa105278e04eecfb6d4b860dc05bc66f8a36ac779f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1220ce556c44d7793e3cb46978756c13

SHA1
5fc0e66396c5169cf5089fd536bbf840ff5240ad

SHA256
f640efa3345c285fa9592a2b9ac1b2f8a1baef0558e6993f73a52392f22674a7

SHA512
c9cda8be4991a7054cd76fc227e27f3b75f86784803cad0ff5b0379b67bf8f485a8cf1cbb9d988fab76e9a6368c6d28b1feaf4071dd5c8b1db27982f48c64715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aff3a4eb7b25549518f318363bf0745c

SHA1
dedb2f54b1a38fb57a459bd73515c797f9ab11e0

SHA256
255af76241a05237700a3fcd610e0050600c8b5247636a214565bfc0591ed6d7

SHA512
3a50acbfecdffa96611687ee618d29eb48ef8c0a1d4fc0fb8009a9c8de9c4438c44a0935520458dbe17ed96565e34a123550a0c06a41dbbf3775be3610b5f903

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
139836f360f02650795bfe03c5de56e0

SHA1
4c729dcc191e8b7d74eef1c4426af8a55f83afb2

SHA256
5770f938a1f5d7f0715efb5259ec30850b1d31dd618f0b93c9f4cc0e298a3b68

SHA512
25ccc8a45ebdb488711761217737dc51f7bb9b227d9dfd51e8814e21b4ef3ed8dd0395ba942b2ccf345a1e5c27e6301e92251d3c5c01d5f73fc618a5d195d660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
55d927a8b4c67a00df205e87f326d3ed

SHA1
f98abeddae6548f43772655aeacfcfdf9534e7d3

SHA256
21464b34919d79b9c9c7bb78e36ff66bf265124e223d8231ca5d7c3f0ee76d89

SHA512
5f6095fa90003a4b2b6e655b7b166a8a7b92f1b5bace69c0648b90ef3720e17086372f8a293b2a8b8d8092a175b8b63db4bcc11a3b6d891d67a43221aa19545b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1fe91c3e3bb12d3ad87fbad1e889651c

SHA1
1fe446ca693312d24a2aca57dfc46cbb8504db11

SHA256
bbbb7b1315655481e30b775374a150c3119efd5290fdf43c5cf93a291ca5cf97

SHA512
968508eaa2e1fa5327cbd6b1c2fdd19d11ea2865ed8978b5048aad7574b3b1480c411aaf60ca2d39bdfe7f30848de06b8a9e9b480b2daad6378fc8aed1193d47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
40a70476361e2a3b446389aa09301e3a

SHA1
8b1a22c8d8ecb8d950ea7668bbcd6053f42b94c1

SHA256
50a35f60fac5b4132b307789e87cf9795aec1c96dc93164ab71d62236571ed14

SHA512
9e6ce36f38c2229af82e99d64bc4e6f0619fc627f0742d6b38f586477a088a4e46e47a673414147e4595550f7971ebc035c5e74a251f42e5ac344ec63d8d3914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
55257a41f9c0ef863dd1d50b80bd5a65

SHA1
5295e22b2c1fc40de8f617093b04b9f583556519

SHA256
2304c2fc9cf9c252704fbefe14b43905b66a825747bd931ac2b9ef671500804e

SHA512
49b5db1fa435f5f5e59f1bda8ef3b7cf2f79cca60fcc01426430cc16fdeca35779fa356a23fc38f5b395a683dba8ab27b361fa92b78e764b87559a7e2d1ba15b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
bc1f34bd1640d879c6cc71ed3ec74f13

SHA1
c8a3e9bb6cc6d4937f969d1ed4dc425a14d9becf

SHA256
07cedf4c495a166787e4f49c91423a2b78457b689b2d738362f34e19f15de354

SHA512
f48e340ac5feb5ad9d4dc0d3c1c3a077aac30ab017b3c84fba341bbca65a8cdb6478255fdba39ce70fe0c734f08e793ad32c695a25ee6ea0afd4ee39d60f2621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
28ee6fecc41b3924e13969dae386726a

SHA1
b1c1db8383c80041b251a83c408ed6a34868ac54

SHA256
f6bf0e29e0ef3e14c339b9086bdf9d962daa7f18f114f066f0c32892f4f4ff71

SHA512
658d9b1f653d0ec98971901f83a1c57276507d78a4511644ca25b1a3ae4f5dc7b16c18985b59cbc9129ec1f157b428873c5ab5abee1996d601348b12b30cd3d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
6a484847cff5ddad18af27dc8d770359

SHA1
7eed1ec6847f0110fcdc7de482d20d82a1a1bc2d

SHA256
971f2d22b7f0723268f081b27e64b00f31524c55630b75b5c32a704a63cd475b

SHA512
dbfea9a22d8bfda41bef560012dae316ce318ff5db9b8ca16efbb2bdf22a1281bb392407c5f9aa5f4641832cab5bf9310454a01e739d15a01d12d39e20ac4585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
83cbe4ec6bb505f7d3ecb19aff39e7f6

SHA1
4af3a55c8683d1fc2d09441f95cb60d237ccbb57

SHA256
9a4fb8eac3204affa7a2224634eed2af3e5e476d31bedf2bfb53e295029c96c0

SHA512
340081bd223a66b9bd7b83d17f26a2b22a2fa7a62fcacca638fa27fb29889febbf07435f9f6f0b14f2ff795d26713f90f24fd9b0eedf3413794dc95944081f78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
766d74ffe2d9e22ce55ce0c112fe5da8

SHA1
4127d8a8dbce7c1c2ffe24fc24445d4a158f9b72

SHA256
4d0346c0c4d3d78edbfb86b0e1b3d4fcc460a875dcfbafbc51e31ae656de431b

SHA512
3a6719b2f5bb948cd0b89cfa610c741eb47ee14ee01a35adebf42c1b76b5daa991f51001aeac0a5eb173cfa9ab3b95c5162739802d877f14f3c96346f2871027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
435539464ece0159ff45184c95ebbb95

SHA1
af67078ad3dbf37c51c5a1bd0559ae46a73631a7

SHA256
2ca3c427fc15cb2aedc98382cb0b8676c923b06ca96e7a9dddc04f71bd21ff73

SHA512
ac0bf7ecfad7417b88b62ed5064d82f61607b74fcfa1433413976de183b650f8dfa9680b95a7ed02359a4c5ba66fc2aaf315a460e5471d2751a580d7ba61d973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a2d80cf913f7657ae88cfd16450740e2

SHA1
d2c4a4fae8026f4129413d0d5749fac6b28f0fb1

SHA256
a2aee047fd165099d26778603742a0a764da8e88683f25f9d2098d197f6ec7f7

SHA512
c46c2ed4bb8b489e049bc6cc447f8c4b49f042995487f1cc76f63e1f5a6cb7532e692220adc526d95dbed53731a84fd7b5d0b9d7daac476d391f5b3d2113730e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ff915a139bb4b6d071035754ef06e7b3

SHA1
3bad196956b61a1e374bc08d28be9832f56f57fc

SHA256
c278764a693e261b9b94c5430dc19743a567c7c435e25e9fb6b56edb5e43487c

SHA512
4ba77070b6819826ac2ae27e0a567a5eba5811610410c966f2ab911db095b19c48c085fc778975352f5da9c3cbbe033c030105a68545caea6b44429d85776842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
92077a394280838175f833744cbbe3e3

SHA1
b26c0de585ab06a2f27c38669176be0e16db90fe

SHA256
785a1a16e8ce1ca69e4f1d0352c21920839a3bf4fe37674de68a696f695eb3f6

SHA512
0579b4e13825ba8fedc0a5902119b153214978cedd1a6a3e8f43aa27a5d76fd6e2f174b40d2055a21b341b691716250d2ecf817eb16d9f918b491a94c4f5bacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
23fee7ce86c0f4ebe29128bc7f28e910

SHA1
09e89386b4dbc131c7980befcb12c4281781cf6b

SHA256
252f3d692955930d5073b3a3fe6b686b4115e94546b24c9eccdc9bf968aa0aba

SHA512
aec0c1e2eb5f1f9ba4d18bf9628d65088ea84d39ed758800b73888ac7f00eadc919db677365fd5fd239c9bd072b6072023fabf40b16632eaffba8c4e06a0d93f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c804780892fa754767779555eb400072

SHA1
cb9df5bc73bdfb526073b955a50321a69b700dd7

SHA256
195c2b3a51954ca29a474c4f4c913f50b161f8152a920ebd918eabc7846b84e2

SHA512
1bcec3a4c0bedd130f5ed142b8a52d53ce690907fdf911604b0d6e29e7ffa206b3b24fe5c698c330262960964a3d27fc670a49e8b4cf8adb87b6b75fbe8d2ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
27413a24b451b80a38f4c4dfc75dab66

SHA1
032f08ff13f35d81adbac0276e029d4dcaca405c

SHA256
e93f4fb820186f05f4ddb67e6ddd5a9010bd3b81c89a6a8346b2c52a37693d60

SHA512
81894c6c4472481f0671285e28d87303334cfc8380650190f53ef397cd1880a684a1b843ecca022be9145813e3a3a4bbda10e259d446dae23af385d6b84e13a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
cee465dd9500edd5569295cb4f7c92b4

SHA1
2318f92906d55eb7d5ef3ff1e0fcd95a232c7500

SHA256
065597dc95fa9872e763d2e39684efb6d690aa03f79c4cf4962fd454022dc9ba

SHA512
9d1cd3974143b3348d9e1ace7aaf633a096097790909b38066094e5111fd68298bde84891e72d2f23aa5025d5d2bf18f54040870f0a07e7a621ca470263d8130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1aa5e6f859ab5b9e7a36d252e531ff01

SHA1
1fb58288f65b6ab31ed6b2ac259feb1b684baa08

SHA256
9b5cbd671ec47756bc36021893d343905ff31e509f73e89308a30a7deacf6c19

SHA512
53e614dc85ebdd6dab96fb5f3f9d03ba5848eaa7c46502a9501e7d0ebb98e3abd444d4df04e836ec2551e0ad9b3569e489da8bd9d6b38dc32d7efb209ac92fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2b31c3269eab2c8a75ef4f7189411f93

SHA1
363527b0013650e7912945e17defd0171b3c6fda

SHA256
0249d6125335435038a4c77319faa78feab699e0f02b2e12ab5028482c3cf343

SHA512
9f595952102eac4726f8a7cd6c7cb116d98fa77229882524f9d8b8d8fb00830f741c83e0ff71f6a2e41ac1cdbf5633e76feb7ddc82b229ab149983275b5ef65f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1d10cde7eefd001dd9fb2efc2761291a

SHA1
b77043174d7f487d9c14a944b4bf79484529e729

SHA256
ea09da2211fb02d3bf2821e4680ebf3398d4db0a9a79bf36cb716ba7cfbf6eba

SHA512
d3eb138184a9256797c3f3ee508ba49893a6571fa61c15c70ecf92823596a6ab4402a74eec766493857a11fac9463c40866816c21607458b0188ea2472fbd4d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5dc4c87061e416d36444408eb7b721be

SHA1
2867f052b285470e5ff4565cdedf7d4108bebdd8

SHA256
fcfa1e0ec2fa3e2d0fd3b8d8c45bd03ec3a56f107b507b94851af65e15a375ad

SHA512
5c211ded9a76fa3e8fd66016c508f3f2ee7338eedbbbe89ff5b3cc0120af47adb07f9f99851b68e24335bda4fe25a30fc317ef3f17e0fbc59e2d0d3ee21a4899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe595c9d.TMP

Filesize
538B

MD5
29b127310a8b3ad6c85407da0f84f56c

SHA1
22c5843f8fcd0aa8a25654ae89971aac39390e0d

SHA256
c0d55ec304b06c51a2f3db76c9d4e23f924bd4d384c3b41082b2304704873cab

SHA512
e1b147fd327eedbe46f3e77277de51db4387fa2b108d854e8e079188e6bd2039d4a2d84b9a5aad3a9c0f02580149f385a4ad4e1433daead6a78cf88be62e9879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ec9f4e57-9e1f-4d83-a479-d71d8935c6b3.tmp

Filesize
4KB

MD5
ededa9fd22328bad5934cfebd5c29db4

SHA1
73191582aa2c448c4c89045b7e1682742a0538c7

SHA256
73da480e9ed36ad2fe0b9e45fddc6b018d99594db0cd91ea1a7c516fd146262a

SHA512
9475dc739ff03d7ec66a8fd0f5dc3d32f0a307ad440b0e8e9673f0b86ce2396ced9f4d40c9b4e98519fbd036079956cdf6dfcd29ae704ea6d72b4237b52e44ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8aae4b3d1742ba4c6cf83525219c90e9

SHA1
5a665e88b27ff60d69c7c8db22743c2cd135423d

SHA256
2d8bc099f6e2aca211067bd337e6bc1e523b338fa53204971fc197e75ade4d2c

SHA512
006437f6328856e7666d2dd9dfa14717775588e36c6b0cc556e30520c6d70af92803330927e3dcd2e69bf32328ad2eeb114d74450a8d99f3cf5fb650becda5b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
429db3c339697add8c0513490a27ab6a

SHA1
655a20faf80bed7ccb7e4f8c63c10e217bb670a6

SHA256
3a7cb6042eb73c1c1668499e7a2cbf4f9aa86edee6b3736a22046eebaf11aa56

SHA512
08ae59cfcbc03e4795ccfdeb01ed5318af4835b4f08542f4a8c7694c083a6c45c71e50aae56bb4280b50c27ce609133e4dd5c082547ae90a15c2a70b417c2d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
95e8da9c9ca0180f9cd2856b9e9d4786

SHA1
964bef63777d0713d6c4aa4dacb42202955d8f2b

SHA256
cae3f3af3c60add56da5153c77c8ef1b25c46b35b532fe3bc88a71db4d53431e

SHA512
f62e4094f1d5dc546a8cbda72a3a4caa35710b5a034161254251016734bae3e7e9280a9af9b89ae916b646ff9421b9c815a6b911344539dce9d6618a1f595e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f1b693a0e7f30db0cf454e03ced34f1d

SHA1
ea61f8943cd8b571c12c42b327ff2e9129c7e6aa

SHA256
eb69c550514c9d7dad41927d875998928e6efd8ca7e2808d4623b39698b40e70

SHA512
4bd1f36765ae8e32eef0d046a3c5634f4b1dcc78046dd0638fbe6288ab12dbde13cc46b6e1f5e8081959ae24cdb1be85c56d830ee35abdb3c95b29d9285707af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d7195ad0bb071b6cef0f556a885735f8

SHA1
3d08edad6bbeaaa68b31e8deff2b8b625d385020

SHA256
56533770465e5004cb698bdc5e04b10ed2e24b833b82ee77da076f773fb5aa57

SHA512
d04727475f7fd3291f21f692b9095b773bb7dcb15b5e9e3cdc001b9b0630c0cf0452c895030f189af7a43c6ed7130d0633ac06f76b316b2680ce1bfdefcdaac0

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
4.6MB

MD5
b090d2f2f22eb863bc1b19c0ce9d24ba

SHA1
92d2469466f72e05bfd1be8665673b46a8523077

SHA256
c2d04ac5575a8bad6c839b9471a7271a3d074e2f2baffed87f679be56902dd7b

SHA512
a61ab0a46af72777268662a8db8db010f6b30014a4689f08302eed56381098e5e6f8d7a7b7c0cd32e16b53a296c4ee86d9b69cbc9abaa6f6b146d72d630a6312

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\a.htm

Filesize
1KB

MD5
d6af7156b83b7122920f7c8760fc1243

SHA1
11f7d682d68344c2c7ebf2c0fe438ba25ea581f0

SHA256
f7d3f720e31e129a905735d0c96162cfa856441909289c5c7bb237188482f8c3

SHA512
9293b7adc774b78b8b157caf7eb369f62ef6595a832b8f898f8ba4163e2b8a9f45b598f95a05afcd01076a0ffb1c6be7821d5e6dcc6581f77cc750308b66615b

Download Submit
C:\Users\Admin\Downloads\a.htm:Zone.Identifier

Filesize
423B

MD5
6f61402cca71f7091bbd274bafe8a501

SHA1
61b3d299194a395dd9a82955629c2beb4007008a

SHA256
0f2ccef31745c5829f9721126100d3538d502c80a8f6b7fed135eef73447a93c

SHA512
586db671c1316192206607fd2dc9c6cd21aae1816e4691a74182983ebfe6244dbd59c4553d64d6bf25ca601b0fdc836cf951eb2d103306d65bf158914e0cd5d6

Download Submit
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
6afcc24903c91d7a9705601d0e3fec83

SHA1
cdfd81fbaa0adbc832cc94c79419809a03d3ea39

SHA256
7817283c79c9f4769715484b6e8a5d03d42d6087f976a4c2ac594c64b99e4eaa

SHA512
3ce1d84b84a3c31f6b50172bc54d621932d01ea36233dc1ca149b1fd558d935126e8ea84fba76039c5b5ce228a1efe334176ec37584e2168480b5934ad96c619

Download Submit
memory/1188-119-0x00007FF7EE8B0000-0x00007FF7EEAAD000-memory.dmp

Filesize
2.0MB

Download
memory/1188-136-0x00007FF7EE8B0000-0x00007FF7EEAAD000-memory.dmp

Filesize
2.0MB

Download
memory/4160-2103-0x00007FFB76050000-0x00007FFB76051000-memory.dmp

Filesize
4KB

Download
memory/5344-1902-0x00007FFB76060000-0x00007FFB76070000-memory.dmp

Filesize
64KB

Download
memory/5344-1935-0x00007FFB73D80000-0x00007FFB73D90000-memory.dmp

Filesize
64KB

Download
memory/5344-1930-0x00007FFB73A60000-0x00007FFB73A70000-memory.dmp

Filesize
64KB

Download
memory/5344-1936-0x00007FFB73D80000-0x00007FFB73D90000-memory.dmp

Filesize
64KB

Download
memory/5344-1937-0x00007FFB73D80000-0x00007FFB73D90000-memory.dmp

Filesize
64KB

Download
memory/5344-1938-0x00007FFB73DA0000-0x00007FFB73DB0000-memory.dmp

Filesize
64KB

Download
memory/5344-1939-0x00007FFB73DA0000-0x00007FFB73DB0000-memory.dmp

Filesize
64KB

Download
memory/5344-1940-0x00007FFB73DA0000-0x00007FFB73DB0000-memory.dmp

Filesize
64KB

Download
memory/5344-1942-0x00007FFB74FE0000-0x00007FFB74FF0000-memory.dmp

Filesize
64KB

Download
memory/5344-1943-0x00007FFB75050000-0x00007FFB75060000-memory.dmp

Filesize
64KB

Download
memory/5344-1944-0x00007FFB75050000-0x00007FFB75060000-memory.dmp

Filesize
64KB

Download
memory/5344-1941-0x00007FFB74FE0000-0x00007FFB74FF0000-memory.dmp

Filesize
64KB

Download
memory/5344-1945-0x00007FFB75090000-0x00007FFB7509D000-memory.dmp

Filesize
52KB

Download
memory/5344-1946-0x00007FFB75090000-0x00007FFB7509D000-memory.dmp

Filesize
52KB

Download
memory/5344-1947-0x00007FFB75090000-0x00007FFB7509D000-memory.dmp

Filesize
52KB

Download
memory/5344-1948-0x00007FFB75090000-0x00007FFB7509D000-memory.dmp

Filesize
52KB

Download
memory/5344-1949-0x00007FFB75090000-0x00007FFB7509D000-memory.dmp

Filesize
52KB

Download
memory/5344-1951-0x00007FFB73F90000-0x00007FFB73FA0000-memory.dmp

Filesize
64KB

Download
memory/5344-1952-0x00007FFB73F90000-0x00007FFB73FA0000-memory.dmp

Filesize
64KB

Download
memory/5344-1953-0x00007FFB73FB0000-0x00007FFB73FB9000-memory.dmp

Filesize
36KB

Download
memory/5344-1950-0x00007FFB73F90000-0x00007FFB73FA0000-memory.dmp

Filesize
64KB

Download
memory/5344-1954-0x00007FFB73FB0000-0x00007FFB73FB9000-memory.dmp

Filesize
36KB

Download
memory/5344-1956-0x00007FFB73FB0000-0x00007FFB73FB9000-memory.dmp

Filesize
36KB

Download
memory/5344-1957-0x00007FFB73FB0000-0x00007FFB73FB9000-memory.dmp

Filesize
36KB

Download
memory/5344-1955-0x00007FFB73FB0000-0x00007FFB73FB9000-memory.dmp

Filesize
36KB

Download
memory/5344-1958-0x00007FFB736E0000-0x00007FFB736F0000-memory.dmp

Filesize
64KB

Download
memory/5344-1959-0x00007FFB736E0000-0x00007FFB736F0000-memory.dmp

Filesize
64KB

Download
memory/5344-1960-0x00007FFB737F0000-0x00007FFB73800000-memory.dmp

Filesize
64KB

Download
memory/5344-1961-0x00007FFB737F0000-0x00007FFB73800000-memory.dmp

Filesize
64KB

Download
memory/5344-1962-0x00007FFB73820000-0x00007FFB73840000-memory.dmp

Filesize
128KB

Download
memory/5344-1963-0x00007FFB73820000-0x00007FFB73840000-memory.dmp

Filesize
128KB

Download
memory/5344-1965-0x00007FFB73820000-0x00007FFB73840000-memory.dmp

Filesize
128KB

Download
memory/5344-1966-0x00007FFB73820000-0x00007FFB73840000-memory.dmp

Filesize
128KB

Download
memory/5344-1964-0x00007FFB73820000-0x00007FFB73840000-memory.dmp

Filesize
128KB

Download
memory/5344-1967-0x00007FFB736B0000-0x00007FFB736D6000-memory.dmp

Filesize
152KB

Download
memory/5344-1968-0x00007FFB736B0000-0x00007FFB736D6000-memory.dmp

Filesize
152KB

Download
memory/5344-1969-0x00007FFB736B0000-0x00007FFB736D6000-memory.dmp

Filesize
152KB

Download
memory/5344-1970-0x00007FFB736B0000-0x00007FFB736D6000-memory.dmp

Filesize
152KB

Download
memory/5344-1971-0x00007FFB736B0000-0x00007FFB736D6000-memory.dmp

Filesize
152KB

Download
memory/5344-1934-0x00007FFB73BD0000-0x00007FFB73BE0000-memory.dmp

Filesize
64KB

Download
memory/5344-1933-0x00007FFB73BD0000-0x00007FFB73BE0000-memory.dmp

Filesize
64KB

Download
memory/5344-1932-0x00007FFB73A60000-0x00007FFB73A70000-memory.dmp

Filesize
64KB

Download
memory/5344-2015-0x000001A398BE0000-0x000001A398BE1000-memory.dmp

Filesize
4KB

Download
memory/5344-1931-0x00007FFB76050000-0x00007FFB76051000-memory.dmp

Filesize
4KB

Download
memory/5344-1929-0x00007FFB757F0000-0x00007FFB757FC000-memory.dmp

Filesize
48KB

Download
memory/5344-1928-0x00007FFB75700000-0x00007FFB75720000-memory.dmp

Filesize
128KB

Download
memory/5344-1927-0x00007FFB75700000-0x00007FFB75720000-memory.dmp

Filesize
128KB

Download
memory/5344-1926-0x00007FFB75700000-0x00007FFB75720000-memory.dmp

Filesize
128KB

Download
memory/5344-1925-0x00007FFB75700000-0x00007FFB75720000-memory.dmp

Filesize
128KB

Download
memory/5344-1924-0x00007FFB75700000-0x00007FFB75720000-memory.dmp

Filesize
128KB

Download
memory/5344-1923-0x00007FFB756E0000-0x00007FFB756F0000-memory.dmp

Filesize
64KB

Download
memory/5344-1922-0x00007FFB756E0000-0x00007FFB756F0000-memory.dmp

Filesize
64KB

Download
memory/5344-1921-0x00007FFB75650000-0x00007FFB75660000-memory.dmp

Filesize
64KB

Download
memory/5344-1920-0x00007FFB75650000-0x00007FFB75660000-memory.dmp

Filesize
64KB

Download
memory/5344-1919-0x00007FFB76260000-0x00007FFB76269000-memory.dmp

Filesize
36KB

Download
memory/5344-1918-0x00007FFB761D0000-0x00007FFB76200000-memory.dmp

Filesize
192KB

Download
memory/5344-1917-0x00007FFB761D0000-0x00007FFB76200000-memory.dmp

Filesize
192KB

Download
memory/5344-1907-0x00007FFB761D0000-0x00007FFB76200000-memory.dmp

Filesize
192KB

Download
memory/5344-1906-0x00007FFB761D0000-0x00007FFB76200000-memory.dmp

Filesize
192KB

Download
memory/5344-1905-0x00007FFB761D0000-0x00007FFB76200000-memory.dmp

Filesize
192KB

Download
memory/5344-1904-0x00007FFB76180000-0x00007FFB76190000-memory.dmp

Filesize
64KB

Download
memory/5344-1903-0x00007FFB76180000-0x00007FFB76190000-memory.dmp

Filesize
64KB

Download
memory/5344-1901-0x00007FFB76060000-0x00007FFB76070000-memory.dmp

Filesize
64KB

Download
memory/5344-1900-0x000001A398BE0000-0x000001A398BE1000-memory.dmp

Filesize
4KB

Download