Analysis
-
max time kernel
731s -
max time network
736s -
platform
windows10-2004_x64 -
resource
win10v2004-20240319-en -
resource tags
arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system -
submitted
09/04/2024, 09:33
Static task
static1
Behavioral task
behavioral1
Sample
My Logo.txt
Resource
win10v2004-20240319-en
General
-
Target
My Logo.txt
-
Size
1KB
-
MD5
0c216c2df683ad0345ceaef4cf6d6d66
-
SHA1
2066c54d1e540ce6806a514879b4cc4bf80a5df8
-
SHA256
10a061a1867948f546fcca7d5acb9980dfa18b7c003504d97f35ba90a05de14b
-
SHA512
164a579bab5759c0ac5b17035f2555902295a57454bb30dd375230a8f8e4fcbe3990a0c1475f048be4f2ef5aae69aa8a6432f81c11c9d601f9dfbba56f4875b8
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Injector.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Injector.exe -
Downloads MZ/PE file
-
Sets file execution options in registry 2 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe -
Checks BIOS information in registry 2 TTPs 4 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Injector.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Injector.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Injector.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Injector.exe -
Checks computer location settings 2 TTPs 6 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation Bloxstrap-v2.5.4.exe Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation Wave.exe Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation node.exe Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation CefSharp.BrowserSubprocess.exe Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation CefSharp.BrowserSubprocess.exe -
Executes dropped EXE 41 IoCs
pid Process 6700 Wave.exe 6732 Injector.exe 7804 Injector.exe 9520 Wave.exe 7068 Bloxstrap-v2.5.4.exe 3296 MicrosoftEdgeWebview2Setup.exe 7504 MicrosoftEdgeUpdate.exe 5324 MicrosoftEdgeUpdate.exe 8476 MicrosoftEdgeUpdate.exe 5628 MicrosoftEdgeUpdateComRegisterShell64.exe 7960 MicrosoftEdgeUpdateComRegisterShell64.exe 6084 MicrosoftEdgeUpdateComRegisterShell64.exe 5180 MicrosoftEdgeUpdate.exe 5340 MicrosoftEdgeUpdate.exe 9224 MicrosoftEdgeUpdate.exe 8224 MicrosoftEdgeUpdate.exe 7984 MicrosoftEdgeUpdate.exe 6132 MicrosoftEdge_X64_123.0.2420.81.exe 9092 setup.exe 9008 setup.exe 5520 MicrosoftEdgeUpdate.exe 5728 RobloxPlayerBeta.exe 5744 MicrosoftEdgeUpdate.exe 5688 Wave.exe 9892 CefSharp.BrowserSubprocess.exe 9228 CefSharp.BrowserSubprocess.exe 9992 node.exe 10060 CefSharp.BrowserSubprocess.exe 6164 CefSharp.BrowserSubprocess.exe 3508 CefSharp.BrowserSubprocess.exe 7236 wave-luau.exe 9116 MicrosoftEdgeUpdate.exe 528 MicrosoftEdgeUpdate.exe 5608 MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe 9200 MicrosoftEdgeUpdate.exe 3652 MicrosoftEdgeUpdate.exe 5572 MicrosoftEdgeUpdate.exe 9800 MicrosoftEdgeUpdateComRegisterShell64.exe 8556 MicrosoftEdgeUpdateComRegisterShell64.exe 9716 MicrosoftEdgeUpdateComRegisterShell64.exe 1864 MicrosoftEdgeUpdate.exe -
Loads dropped DLL 64 IoCs
pid Process 6700 Wave.exe 6700 Wave.exe 6700 Wave.exe 6700 Wave.exe 6700 Wave.exe 6700 Wave.exe 9520 Wave.exe 9520 Wave.exe 9520 Wave.exe 9520 Wave.exe 9520 Wave.exe 9520 Wave.exe 7504 MicrosoftEdgeUpdate.exe 5324 MicrosoftEdgeUpdate.exe 8476 MicrosoftEdgeUpdate.exe 5628 MicrosoftEdgeUpdateComRegisterShell64.exe 8476 MicrosoftEdgeUpdate.exe 7960 MicrosoftEdgeUpdateComRegisterShell64.exe 8476 MicrosoftEdgeUpdate.exe 6084 MicrosoftEdgeUpdateComRegisterShell64.exe 8476 MicrosoftEdgeUpdate.exe 5180 MicrosoftEdgeUpdate.exe 5340 MicrosoftEdgeUpdate.exe 9224 MicrosoftEdgeUpdate.exe 9224 MicrosoftEdgeUpdate.exe 5340 MicrosoftEdgeUpdate.exe 8224 MicrosoftEdgeUpdate.exe 7984 MicrosoftEdgeUpdate.exe 5520 MicrosoftEdgeUpdate.exe 5728 RobloxPlayerBeta.exe 5744 MicrosoftEdgeUpdate.exe 5688 Wave.exe 5688 Wave.exe 5688 Wave.exe 5688 Wave.exe 5688 Wave.exe 9892 CefSharp.BrowserSubprocess.exe 9892 CefSharp.BrowserSubprocess.exe 9892 CefSharp.BrowserSubprocess.exe 9892 CefSharp.BrowserSubprocess.exe 9892 CefSharp.BrowserSubprocess.exe 9892 CefSharp.BrowserSubprocess.exe 9892 CefSharp.BrowserSubprocess.exe 9892 CefSharp.BrowserSubprocess.exe 9892 CefSharp.BrowserSubprocess.exe 9892 CefSharp.BrowserSubprocess.exe 9892 CefSharp.BrowserSubprocess.exe 9892 CefSharp.BrowserSubprocess.exe 9228 CefSharp.BrowserSubprocess.exe 9228 CefSharp.BrowserSubprocess.exe 9228 CefSharp.BrowserSubprocess.exe 9228 CefSharp.BrowserSubprocess.exe 9228 CefSharp.BrowserSubprocess.exe 5688 Wave.exe 10060 CefSharp.BrowserSubprocess.exe 10060 CefSharp.BrowserSubprocess.exe 10060 CefSharp.BrowserSubprocess.exe 10060 CefSharp.BrowserSubprocess.exe 10060 CefSharp.BrowserSubprocess.exe 6164 CefSharp.BrowserSubprocess.exe 6164 CefSharp.BrowserSubprocess.exe 6164 CefSharp.BrowserSubprocess.exe 6164 CefSharp.BrowserSubprocess.exe 6164 CefSharp.BrowserSubprocess.exe -
Registers COM server for autorun 1 TTPs 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe -
resource yara_rule behavioral1/memory/6732-2004-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp themida behavioral1/memory/6732-2006-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp themida behavioral1/memory/6732-2007-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp themida behavioral1/memory/6732-2008-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp themida behavioral1/memory/6732-2009-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp themida behavioral1/memory/6732-2010-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp themida behavioral1/memory/7804-2012-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp themida behavioral1/memory/7804-2013-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp themida behavioral1/memory/7804-2015-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp themida behavioral1/memory/7804-2016-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp themida behavioral1/memory/7804-2017-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp themida behavioral1/memory/7804-2018-0x00007FF6AE9C0000-0x00007FF6AF320000-memory.dmp themida -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Injector.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Injector.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs
flow ioc 942 camo.githubusercontent.com 943 camo.githubusercontent.com 944 camo.githubusercontent.com 945 camo.githubusercontent.com 946 camo.githubusercontent.com 947 camo.githubusercontent.com 951 raw.githubusercontent.com 940 camo.githubusercontent.com -
Checks system information in the registry 2 TTPs 22 IoCs
System information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe -
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
pid Process 5728 RobloxPlayerBeta.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 20 IoCs
pid Process 6732 Injector.exe 7804 Injector.exe 5728 RobloxPlayerBeta.exe 5728 RobloxPlayerBeta.exe 5728 RobloxPlayerBeta.exe 5728 RobloxPlayerBeta.exe 5728 RobloxPlayerBeta.exe 5728 RobloxPlayerBeta.exe 5728 RobloxPlayerBeta.exe 5728 RobloxPlayerBeta.exe 5728 RobloxPlayerBeta.exe 5728 RobloxPlayerBeta.exe 5728 RobloxPlayerBeta.exe 5728 RobloxPlayerBeta.exe 5728 RobloxPlayerBeta.exe 5728 RobloxPlayerBeta.exe 5728 RobloxPlayerBeta.exe 5728 RobloxPlayerBeta.exe 5728 RobloxPlayerBeta.exe 5728 RobloxPlayerBeta.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\eu.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\BHO\ie_to_edge_bho_64.dll setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\libGLESv2.dll setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\onramp.dll setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU30AC.tmp\msedgeupdateres_el.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU30AC.tmp\msedgeupdateres_lo.dll MicrosoftEdgeWebview2Setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\dxil.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\show_third_party_software_licenses.bat setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\VisualElements\SmallLogoBeta.png setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\ga.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\123.0.2420.81.manifest setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\augloop_client.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\identity_proxy\win11\identity_helper.Sparse.Internal.msix setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\mr.pak setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU30AC.tmp\NOTICE.TXT MicrosoftEdgeWebview2Setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\lv.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\identity_proxy\win10\identity_helper.Sparse.Dev.msix setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EUE58D.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\msedge_100_percent.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\ar.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\fr-CA.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\vccorlib140.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\lo.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\edge_feedback\camera_mf_trace.wprp setup.exe File opened for modification C:\Program Files\MsEdgeCrashpad\metadata setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\d3dcompiler_47.dll setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\it.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\hi.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\hu.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\VisualElements\SmallLogo.png setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EUE58D.tmp\msedgeupdateres_quz.dll MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe File created C:\Program Files (x86)\Microsoft\Temp\EU30AC.tmp\msedgeupdateres_es.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU30AC.tmp\msedgeupdateres_kok.dll MicrosoftEdgeWebview2Setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\icudtl.dat setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Notifications\SoftLandingAssetLight.gif setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\zh-CN.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\v8_context_snapshot.bin setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\en-US.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\prefs_enclave_x64.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedge_100_percent.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\identity_proxy\stable.identity_helper.exe.manifest setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\VisualElements\LogoDev.png setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\msedge.exe.sig setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EUE58D.tmp\msedgeupdateres_fr.dll MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe File created C:\Program Files (x86)\Microsoft\Temp\EUE58D.tmp\msedgeupdateres_ja.dll MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\et.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Trust Protection Lists\Mu\Analytics setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EUE58D.tmp\msedgeupdateres_ko.dll MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\VisualElements\SmallLogoCanary.png setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\sr-Cyrl-BA.pak setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EUE58D.tmp\msedgeupdateres_iw.dll MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\onramp.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\et.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\identity_proxy\win10\identity_helper.Sparse.Stable.msix setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\zh-CN.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\zh-TW.pak setup.exe File opened for modification C:\Program Files\MsEdgeCrashpad\settings.dat setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\oneds.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\VisualElements\SmallLogoBeta.png setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU30AC.tmp\msedgeupdateres_ms.dll MicrosoftEdgeWebview2Setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Trust Protection Lists\Sigma\Other setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\nl.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\MEIPreload\manifest.json setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\sr-Latn-RS.pak setup.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\AppCompat\Programs\Amcache.hve.tmp MicrosoftEdgeUpdate.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString wermgr.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz wermgr.exe -
Enumerates system info in registry 2 TTPs 8 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU wermgr.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133571289014600290" chrome.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.Update3COMClassService" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17" MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\PROGID MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachine" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\ = "Microsoft Edge Update Legacy On Demand" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus" MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\CLSID\ = "{08D832B9-D2FD-481F-98CF-904D00DF63CC}" MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VERSIONINDEPENDENTPROGID MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalServer32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\ = "Microsoft Edge Update Broker Class Factory" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\CurVer\ = "MicrosoftEdgeUpdate.ProcessLauncher.1.0" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0\ = "Microsoft Edge Update CredentialDialog" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell Wave.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\msedgeupdate.dll,-3000" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3" MicrosoftEdgeUpdate.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 7420 chrome.exe 7420 chrome.exe 6700 Wave.exe 6700 Wave.exe 9520 Wave.exe 7284 chrome.exe 7284 chrome.exe 7504 MicrosoftEdgeUpdate.exe 7504 MicrosoftEdgeUpdate.exe 7504 MicrosoftEdgeUpdate.exe 7504 MicrosoftEdgeUpdate.exe 7504 MicrosoftEdgeUpdate.exe 7504 MicrosoftEdgeUpdate.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 5728 RobloxPlayerBeta.exe 5728 RobloxPlayerBeta.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
pid Process 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe Token: SeShutdownPrivilege 2208 chrome.exe Token: SeCreatePagefilePrivilege 2208 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe -
Suspicious use of SendNotifyMessage 50 IoCs
pid Process 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 2208 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7284 chrome.exe 7068 Bloxstrap-v2.5.4.exe 7068 Bloxstrap-v2.5.4.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 5976 OpenWith.exe 5976 OpenWith.exe 5976 OpenWith.exe 5688 Wave.exe 5688 Wave.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 5728 RobloxPlayerBeta.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2208 wrote to memory of 1328 2208 chrome.exe 108 PID 2208 wrote to memory of 1328 2208 chrome.exe 108 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1504 2208 chrome.exe 109 PID 2208 wrote to memory of 1768 2208 chrome.exe 111 PID 2208 wrote to memory of 1768 2208 chrome.exe 111 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112 PID 2208 wrote to memory of 2116 2208 chrome.exe 112
Processes
-
C:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\My Logo.txt"1⤵PID:3848
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2208 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc78ee9758,0x7ffc78ee9768,0x7ffc78ee97782⤵PID:1328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:22⤵PID:1504
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:82⤵PID:1768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:82⤵PID:2116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:4648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:4076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4512 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:5396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:82⤵PID:5536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4976 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:82⤵PID:5544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5084 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:5680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4780 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:5760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4812 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:5928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4924 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:5964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5472 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:82⤵PID:5284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:82⤵PID:5548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:82⤵PID:5484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3108 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:5152
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5880 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:5556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4900 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:5808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5620 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:5904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5628 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:5736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6072 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:4644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:82⤵PID:5764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:82⤵PID:5796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6084 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:5520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6436 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:5776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6384 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:5432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7172 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:82⤵PID:2364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6276 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:2772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6260 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:6228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6324 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:6236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=1996 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:6244
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=1800 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:6252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7416 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:6260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6824 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:6268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8004 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:6296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8148 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:6304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8528 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:6896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8648 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:6904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8040 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:7160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8816 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:6224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9164 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:6220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9304 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:6872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9460 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:6876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9472 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:6556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9748 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:6860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9892 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:3192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9920 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:2664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=10180 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:5412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10184 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:1472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10472 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:2228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10480 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:6912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10756 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:6940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10904 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:5796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=10932 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:5508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=11204 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=11228 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:7148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=6316 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:8676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=6700 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:8776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=12012 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:8880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10044 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:8888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=12316 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:9064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=12328 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:9120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=11544 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:8432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=11772 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:8556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=12572 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:8564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=12720 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:5504
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=12740 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:5532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=12948 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:8848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=13236 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:9084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=13256 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:12⤵PID:9104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4532 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:7420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3352 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:82⤵PID:7640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1916,i,7834238436335692748,11350929881512810929,131072 /prefetch:82⤵PID:8896
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:5196
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1332 --field-trial-handle=2260,i,11662483365823245381,11064702639240765741,262144 --variations-seed-version /prefetch:81⤵PID:6880
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:9744
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap26024:76:7zEvent169981⤵PID:10192
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:5976
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap30084:76:7zEvent59471⤵PID:180
-
C:\Users\Admin\Desktop\WaveTrial\Wave.exe"C:\Users\Admin\Desktop\WaveTrial\Wave.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:6700
-
C:\Users\Admin\Desktop\WaveTrial\Injector.exe"C:\Users\Admin\Desktop\WaveTrial\Injector.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:6732
-
C:\Users\Admin\Desktop\WaveTrial\Injector.exe"C:\Users\Admin\Desktop\WaveTrial\Injector.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:7804
-
C:\Users\Admin\Desktop\WaveTrial\Wave.exe"C:\Users\Admin\Desktop\WaveTrial\Wave.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:9520
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:7284 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc78ee9758,0x7ffc78ee9768,0x7ffc78ee97782⤵PID:8712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:22⤵PID:9580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:82⤵PID:6556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:82⤵PID:6140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2828 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:12⤵PID:5080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2844 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:12⤵PID:4440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4612 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:12⤵PID:7592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:82⤵PID:9668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4960 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:82⤵PID:9644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:82⤵PID:8196
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5132 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:82⤵PID:7368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3944 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:12⤵PID:7828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2932 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:12⤵PID:8388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5576 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:12⤵PID:9192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:82⤵PID:9980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:82⤵PID:1052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5840 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:82⤵PID:8744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4672 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:82⤵PID:8700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:82⤵PID:8360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6048 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:82⤵PID:7984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1684 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:82⤵PID:7936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 --field-trial-handle=1888,i,5800763699867220125,13887135032616834225,131072 /prefetch:82⤵PID:4524
-
-
C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe"C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:7068 -
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe" /silent /install3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3296 -
C:\Program Files (x86)\Microsoft\Temp\EU30AC.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EU30AC.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"4⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
PID:7504 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:5324
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:8476 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:5628
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:7960
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:6084
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEZBMEU3QkEtMTA3Ny00MTI5LUI0MEItQzYyMjNGNjJENzQ2fSIgdXNlcmlkPSJ7MzRGRTJCNDItRjIzNi00MkRCLUE0RDMtQUFFMzVDNDVDNDMzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDNDREMzA3NC00NUVDLTQ3MTMtQjkyMy02MTI2RkVENjVFNjl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODUuMjEiIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3Nzk5ODkxMjk5IiBpbnN0YWxsX3RpbWVfbXM9Ijk5MSIvPjwvYXBwPjwvcmVxdWVzdD45⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:5180
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{4FA0E7BA-1077-4129-B40B-C6223F62D746}" /silent5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5340
-
-
-
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe" --app -channel production3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:5728
-
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:6112
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:9224 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEZBMEU3QkEtMTA3Ny00MTI5LUI0MEItQzYyMjNGNjJENzQ2fSIgdXNlcmlkPSJ7MzRGRTJCNDItRjIzNi00MkRCLUE0RDMtQUFFMzVDNDVDNDMzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4MjcyOTZEQi05MzJCLTQ4NzMtODBEMS01Q0YyQ0M5QzVGODB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3ODE1NDIxMjk0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:8224
-
-
C:\Windows\SysWOW64\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "0" "9224" "1144" "1092" "1148" "0" "0" "0" "0" "0" "0" "0" "0"2⤵
- Checks processor information in registry
- Enumerates system info in registry
PID:5260
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEZBMEU3QkEtMTA3Ny00MTI5LUI0MEItQzYyMjNGNjJENzQ2fSIgdXNlcmlkPSJ7MzRGRTJCNDItRjIzNi00MkRCLUE0RDMtQUFFMzVDNDVDNDMzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszQURCMTc1Mi03QzA5LTQ3RUQtOTUwQi03MUNFMUIwMjBGMDJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjEyMi4wLjIzNjUuOTIiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzEwODk3MzMwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzg0MTE1MTIzNCIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:7984
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{200E7F22-6373-48CF-A00F-35223B9A536D}\MicrosoftEdge_X64_123.0.2420.81.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{200E7F22-6373-48CF-A00F-35223B9A536D}\MicrosoftEdge_X64_123.0.2420.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Executes dropped EXE
PID:6132 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{200E7F22-6373-48CF-A00F-35223B9A536D}\EDGEMITMP_18858.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{200E7F22-6373-48CF-A00F-35223B9A536D}\EDGEMITMP_18858.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{200E7F22-6373-48CF-A00F-35223B9A536D}\MicrosoftEdge_X64_123.0.2420.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:9092 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{200E7F22-6373-48CF-A00F-35223B9A536D}\EDGEMITMP_18858.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{200E7F22-6373-48CF-A00F-35223B9A536D}\EDGEMITMP_18858.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.106 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{200E7F22-6373-48CF-A00F-35223B9A536D}\EDGEMITMP_18858.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.81 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff65fc5baf8,0x7ff65fc5bb04,0x7ff65fc5bb104⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:9008
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEZBMEU3QkEtMTA3Ny00MTI5LUI0MEItQzYyMjNGNjJENzQ2fSIgdXNlcmlkPSJ7MzRGRTJCNDItRjIzNi00MkRCLUE0RDMtQUFFMzVDNDVDNDMzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2MzQzQUEzMi1CQzQ4LTRCMDAtOEExOS04QjMxNDlGODU0ODJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyMy4wLjI0MjAuODEiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc4NTI3MDExOTAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3ODUyOTkxNDk3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODExNDM4MTE4OSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvN2EwYTBiZDYtYjljOS00YzU2LTk2NDktZTllOWMyMmZiZTQzP1AxPTE3MTMyNjA0MDQmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9T1YlMmZIajNoMjNUWXBRa0RIZ1plZjJiMUN6cVNPaTV3WWZoS2h3Qm1JU3lrVUs4U0luREhnRk9FbjRKcFNVZnFtdUFnWkU2cU1NMVZza2FlNzU2dWUlMmJRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTcyMDg2NzQ0IiB0b3RhbD0iMTcyMDg2NzQ0IiBkb3dubG9hZF90aW1lX21zPSIxNzY1MyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgxMTQ1MzA4OTgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MTM2NjcwNjY5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NzQ4ODIxMjk3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNzYxIiBkb3dubG9hZF90aW1lX21zPSIyNjEyMiIgZG93bmxvYWRlZD0iMTcyMDg2NzQ0IiB0b3RhbD0iMTcyMDg2NzQ0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MTE4MCIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:5520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3620 --field-trial-handle=2260,i,11662483365823245381,11064702639240765741,262144 --variations-seed-version /prefetch:81⤵PID:6260
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:5744
-
C:\Users\Admin\Desktop\WaveTrial\Wave.exe"C:\Users\Admin\Desktop\WaveTrial\Wave.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5688 -
C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe"C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\Desktop\WaveTrial\debug.log" --field-trial-handle=2072,i,4087234429380233061,7540095979988604114,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:2 --host-process-id=56882⤵
- Executes dropped EXE
- Loads dropped DLL
PID:9892
-
-
C:\Users\Admin\Desktop\WaveTrial\dist\node.exe"C:\Users\Admin\Desktop\WaveTrial\dist\node.exe" server2⤵
- Checks computer location settings
- Executes dropped EXE
PID:9992 -
C:\Users\Admin\Desktop\WaveTrial\dist\shared\bin\wave-luau.exeC:\Users\Admin\Desktop\WaveTrial\dist\shared\bin\wave-luau.exe lsp --definitions=C:\Users\Admin\Desktop\WaveTrial\dist\shared\bin\globalTypes.d.luau --definitions=C:\Users\Admin\Desktop\WaveTrial\dist\shared\bin\wave.d.luau --docs=C:\Users\Admin\Desktop\WaveTrial\dist\shared\bin\en-us.json3⤵
- Executes dropped EXE
PID:7236
-
-
-
C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe"C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\Desktop\WaveTrial\debug.log" --field-trial-handle=2764,i,4087234429380233061,7540095979988604114,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=2760 /prefetch:3 --host-process-id=56882⤵
- Executes dropped EXE
- Loads dropped DLL
PID:9228
-
-
C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe"C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\Desktop\WaveTrial\debug.log" --field-trial-handle=3888,i,4087234429380233061,7540095979988604114,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=3884 /prefetch:8 --host-process-id=56882⤵
- Executes dropped EXE
- Loads dropped DLL
PID:10060
-
-
C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe"C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\Desktop\WaveTrial\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3968,i,4087234429380233061,7540095979988604114,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=3964 --host-process-id=5688 /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
PID:3508
-
-
C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe"C:\Users\Admin\Desktop\WaveTrial\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\Desktop\WaveTrial\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3972,i,4087234429380233061,7540095979988604114,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=3928 --host-process-id=5688 /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:6164
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:9116 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23429EC6-2D5B-493F-A6EE-937E6290B76D}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{23429EC6-2D5B-493F-A6EE-937E6290B76D}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe" /update /sessionid "{C0DEBB71-A45D-467D-89F6-D9A101BFE56A}"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5608 -
C:\Program Files (x86)\Microsoft\Temp\EUE58D.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EUE58D.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{C0DEBB71-A45D-467D-89F6-D9A101BFE56A}"3⤵
- Sets file execution options in registry
- Executes dropped EXE
- Checks system information in the registry
PID:9200 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc4⤵
- Executes dropped EXE
PID:3652
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver4⤵
- Executes dropped EXE
- Modifies registry class
PID:5572 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
PID:9800
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
PID:8556
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
PID:9716
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzBERUJCNzEtQTQ1RC00NjdELTg5RjYtRDlBMTAxQkZFNTZBfSIgdXNlcmlkPSJ7MzRGRTJCNDItRjIzNi00MkRCLUE0RDMtQUFFMzVDNDVDNDMzfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7MTBFQzI5OUEtNkQ0OS00Qjg4LUFFQTMtMzFFQUFDMTQ0RTQwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IlFFTVUiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4NS4yOSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTA4OTczMzAiIGNvaG9ydD0icnJmQDAuMDUiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNTQ5NTAwNDg1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg4⤵
- Executes dropped EXE
- Checks system information in the registry
PID:1864
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzBERUJCNzEtQTQ1RC00NjdELTg5RjYtRDlBMTAxQkZFNTZBfSIgdXNlcmlkPSJ7MzRGRTJCNDItRjIzNi00MkRCLUE0RDMtQUFFMzVDNDVDNDMzfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InszMUUyQTNFNi04NTNCLTRDODgtQUIwNS0yNjExQ0Q0MTY0NjV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg1LjI5IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMjAiIGNvaG9ydD0icnJmQDAuMDUiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExMjQzNjMyNzgwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExMjQzNzg5MDgyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTQ5MjE0MjQyMiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzEzMjYwNzQzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVJLSFFHN3VPN0IzblFwJTJiJTJibjFQQ0c4YmhwWDRFUzI0dGRpc2p2dGtLeTRpRUhDaGlRdVRuUFg2UDdyRUVHaDE4Mm1pMFlzMU1WTlFMb1NOQzVKZVRJQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNDkyMTYxOTkxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy83MmVkODA4Ny1lZTk4LTQyOWMtOTMzMC1jYTNjMTkzZDQxYWY_UDE9MTcxMzI2MDc0MyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1SS0hRRzd1TzdCM25RcCUyYiUyYm4xUENHOGJocFg0RVMyNHRkaXNqdnRrS3k0aUVIQ2hpUXVUblBYNlA3ckVFR2gxODJtaTBZczFNVk5RTG9TTkM1SmVUSUElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjMwNzkyIiB0b3RhbD0iMTYzMDc5MiIgZG93bmxvYWRfdGltZV9tcz0iMTkzOTQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE0OTIxODE4MTIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE0OTg4MTIwOTIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSIyMCIgcmQ9IjYyODciIHBpbmdfZnJlc2huZXNzPSJ7RkQ0NzhFMTItMTcxMC00NTMxLTlFMTYtODJGMUQzMzJDNzlFfSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSIxMjIuMC4yMzY1LjkyIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjIwIiBvb2JlX2luc3RhbGxfdGltZT0iMTg0NDY3NDQwNzM3MDk1NTE2MDYiIHVwZGF0ZV9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTUzNDk4MTM4NzI3NjMwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9IjIwIiBhZD0iLTEiIHJkPSI2Mjg3IiBwaW5nX2ZyZXNobmVzcz0iezE4MDUwQTQyLTgwMTctNDlGOS1BRUNELUU4NUZDQUUyODhCNX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTIzLjAuMjQyMC44MSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2MzA3Ij48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7QkY5RUIyQkMtQTEwOS00NThELTlCNkQtMzFBOEM5RjYzODIwfSIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Executes dropped EXE
- Checks system information in the registry
PID:528
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.8MB
MD5149e6b831dee17cc2122c64124654b5a
SHA1c4f67f0781345cfc6fdfc5670dcbecf3848afee2
SHA2563095052d066346ec2b48726ef87623f3e5e93400c6dd8b1e45a628fc0d72cf40
SHA512679966f6a48ccf9cac63c36a8f6823ed1476198b08d29368db94584b2be2ba4cb1278f4f6510a520933fd09bb83594ab544c94be4c0b05f1d8ee99443fc49085
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\123.0.2420.81\MicrosoftEdge_X64_123.0.2420.81.exe
Filesize164.1MB
MD5cf5144a59c3b26558c05a5226c4b53fe
SHA1bcf541fbd1bf0168a2d63ead5b06d8918b89b296
SHA2563a848782e612b4fd77d4910acb1a6f91b1eea3336065d4643486ff17e24970ea
SHA5122d46fdc92c09257cfafc9bdd659413d7925f405d7b78a6d9a44e353984d9fd70b7c3e9b87475eeee80f984377fdbb884055f4a4f10b7972746811326bfeb9a34
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe
Filesize1.6MB
MD5b18c705b3c68cc49d9bf3649abc75c24
SHA16dc8963dea0f3185368790dee2a346301b4fa24c
SHA256c2ca3135f3cafd79bf90d4cb3118943ca17f40e0d651d1fc32b1b3d22d1412aa
SHA5127ac302c1e85c652bd897ce1af812950cd23a53c041af82fdcecb2314bbd1667bf2fc672dea40c21858e64befc9bf60190a4428f0b41c30317bb0e5ec7c00f71b
-
Filesize
201KB
MD54dc57ab56e37cd05e81f0d8aaafc5179
SHA1494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA25687c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b
-
Filesize
171KB
MD520d700ec226e570c89f35a81914eb2f2
SHA1e93cff71921bf758f468766ff1572dfeb6d331a1
SHA25691be707cbbbd3b7285088e6ca3343f854c86cfeff3ea8c00626d1e48d9f41d46
SHA5123fc4e66c8b5029b812877ca3deb2ef0b8409177051633315b4b6f3531645eaad955a989f5035709e6d2d76b891b0038c6090a5cd0e797d3ead81f57654b8c0d4
-
Filesize
120B
MD5636492f4af87f25c20bd34a731007d86
SHA122a5c237a739ab0df4ff87c9e3d79dbe0c89b56a
SHA25622a1e85723295eeb854345be57f7d6fb56f02b232a95d69405bf9d9e67a0fa0d
SHA512cd2e3a738f535eb1a119bd4c319555899bcd4ce1049d7f8591a1a68c26844f33c1bd1e171706533b5c36263ade5e275b55d40f5710e0210e010925969182cd0c
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaApp\graphic\shimmer_lightTheme.png
Filesize20KB
MD54f8f43c5d5c2895640ed4fdca39737d5
SHA1fb46095bdfcab74d61e1171632c25f783ef495fa
SHA256fc57f32c26087eef61b37850d60934eda1100ca8773f08e487191a74766053d1
SHA5127aebc0f79b2b23a76fb41df8bab4411813ffb1abc5e2797810679c0eaa690e7af7561b8473405694bd967470be337417fa42e30f0318acbf171d8f31620a31aa
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaApp\graphic\[email protected]
Filesize71KB
MD53fec0191b36b9d9448a73ff1a937a1f7
SHA1bee7d28204245e3088689ac08da18b43eae531ba
SHA2561a03e6f6a0de045aa588544c392d671c040b82a5598b4246af04f5a74910dc89
SHA512a8ab2bc2d937963af36d3255c6ea09cae6ab1599996450004bb18e8b8bdfbdde728821ac1662d8a0466680679011d8f366577b143766838fe91edf08a40353ce
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaDiscussions\buttonFill.png
Filesize247B
MD581ce54dfd6605840a1bd2f9b0b3f807d
SHA14a3a4c05b9c14c305a8bb06c768abc4958ba2f1c
SHA2560a6a5cafb4dee0d8c1d182ddec9f68ca0471d7fc820cf8dc2d68f27a35cd3386
SHA51257069c8ac03dd0fdfd97e2844c19138800ff6f7d508c26e5bc400b30fe78baa0991cc39f0f86fa10cd5d12b6b11b0b09c1a770e5cb2fdca157c2c8986a09e5ff
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\PlatformContent\pc\textures\corrodedmetal\normaldetail.dds
Filesize176B
MD5f527b5859d7ca6c080ba954f3013883f
SHA13d00b598b1fb762ae0921bcc49ca189f05f417d2
SHA256ff11c95774ee0405666fa313f1e53ebb46b1352bfff3456ac2b2caccdab07b4d
SHA512e908a29c4316a15f5c16a005c69b402e0525b80e0c3284d6f19074ab8b05d62d079ecf43974b223a68d7c56cbf1789df69ab260553de1aab0edfbdad5e6d654d
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\configs\DateTimeLocaleConfigs\zh-hans.json
Filesize2KB
MD5fb6605abd624d1923aef5f2122b5ae58
SHA16e98c0a31fa39c781df33628b55568e095be7d71
SHA2567b993133d329c46c0c437d985eead54432944d7b46db6ad6ea755505b8629d00
SHA51297a14eda2010033265b379aa5553359293baf4988a4cdde8a40b0315e318a7b30feee7f5e14c68131e85610c00585d0c67e636999e3af9b5b2209e1a27a82223
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\configs\DateTimeLocaleConfigs\zh-tw.json
Filesize2KB
MD5702c9879f2289959ceaa91d3045f28aa
SHA1775072f139acc8eafb219af355f60b2f57094276
SHA256a92a6988175f9c1d073e4b54bf6a31f9b5d3652eebdf6a351fb5e12bda76cbd5
SHA512815a6bef134c0db7a5926f0cf4b3f7702d71b0b2f13eca9539cd2fc5a61eea81b1884e4c4bc0b3398880589bff809ac8d5df833e7e4aeda4a1244e9a875d1e97
-
Filesize
6KB
MD59404c52d6f311da02d65d4320bfebb59
SHA10b5b5c2e7c631894953d5828fec06bdf6adba55f
SHA256c9775e361392877d1d521d0450a5368ee92d37dc542bc5e514373c9d5003f317
SHA51222aa1acbcdcf56f571170d9c32fd0d025c50936387203a7827dbb925f352d2bc082a8a79db61c2d1f1795ad979e93367c80205d9141b73d806ae08fa089837c4
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\Cursors\KeyboardMouse\IBeamCursor.png
Filesize292B
MD5464c4983fa06ad6cf235ec6793de5f83
SHA18afeb666c8aee7290ab587a2bfb29fc3551669e8
SHA25699fd7f104948c6ab002d1ec69ffd6c896c91f9accc499588df0980b4346ecbed
SHA512f805f5f38535fe487b899486c8de6cf630114964e2c3ebc2af7152a82c6f6faef681b4d936a1867b5dff6566b688b5c01105074443cc2086b3fe71f7e6e404b1
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\StudioToolbox\Clear.png
Filesize538B
MD5fa8eaf9266c707e151bb20281b3c0988
SHA13ca097ad4cd097745d33d386cc2d626ece8cb969
SHA2568cf08bf7e50fea7b38f59f162ed956346c55a714ed8a9a8b0a1ada7e18480bc2
SHA512e29274300eab297c6de895bb39170f73f0a4ffa2a8c3732caeeeac16e2c25fb58bb401fdd5823cc62d9c413ec6c43d7c46861d7e14d52f8d9d8ff632e29f167c
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\StudioUIEditor\valueBoxRoundedRectangle.png
Filesize130B
MD5521fb651c83453bf42d7432896040e5e
SHA18fdbf2cc2617b5b58aaa91b94b0bf755d951cad9
SHA256630303ec4701779eaf86cc9fbf744b625becda53badc7271cbb6ddc56e638d70
SHA5128fa0a50e52a3c7c53735c7dd7af275ebc9c1843f55bb30ebe0587a85955a8da94ff993822d233f7ed118b1070a7d67718b55ba4a597dc49ed2bf2a3836c696f6
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\TerrainTools\checkbox_square.png
Filesize985B
MD52cb16991a26dc803f43963bdc7571e3f
SHA112ad66a51b60eeaed199bc521800f7c763a3bc7b
SHA256c7bae6d856f3bd9f00c122522eb3534d0d198a9473b6a379a5c3458181870646
SHA5124c9467e5e2d83b778d0fb8b6fd97964f8d8126f07bfd50c5d68c256703f291ceaed56be057e8e2c591b2d2c49f6b7e099a2b7088d0bf5bdd901433459663b1f8
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\XboxController\Thumbstick1.png
Filesize641B
MD52cbe38df9a03133ddf11a940c09b49cd
SHA16fb5c191ed8ce9495c66b90aaf53662bfe199846
SHA2560835a661199a7d8df7249e8ae925987184efcc4fb85d9efac3cc2c1495020517
SHA512dcef5baccef9fff632456fe7bc3c4f4a403363d9103a8047a55f4bd4c413d0c5f751a2e37385fe9eba7a420dbdb77ca2ff883d47fcdd35af222191cc5bd5c7a9
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\XboxController\[email protected]
Filesize1KB
MD5e8c88cf5c5ef7ae5ddee2d0e8376b32f
SHA177f2a5b11436d247d1acc3bac8edffc99c496839
SHA2569607af14604a8e8eb1dec45d3eeca01fed33140c0ccc3e6ef8ca4a1f6219b5dd
SHA51232f5a1e907705346a56fbddfe0d8841d05415ff7abe28ae9281ba46fedf8270b982be0090b72e2e32de0ce36e21934f80eaf508fd010f7ab132d39f5305fb68f
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\XboxController\[email protected]
Filesize1KB
MD5499333dae156bb4c9e9309a4842be4c8
SHA1d18c4c36bdb297208589dc93715560acaf761c3a
SHA256d35a74469f1436f114c27c730a5ec0793073bcf098db37f10158d562a3174591
SHA51291c64173d2cdabc045c70e0538d45e1022cc74ec04989565b85f0f26fe3e788b700a0956a07a8c91d34c06fc1b7fad43bbdbb41b0c6f15b9881c3e46def8103e
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\XboxController\Thumbstick2.png
Filesize738B
MD5a402aacac8be906bcc07d50669d32061
SHA19d75c1afbe9fc482983978cae4c553aa32625640
SHA25662a313b6cc9ffe7dd86bc9c4fcd7b8e8d1f14a15cdf41a53fb69af4ae3416102
SHA512d11567bcaad8bbd9e2b9f497c3215102c7e7546caf425e93791502d3d2b3f78dec13609796fcd6e1e7f5c7d794bac074d00a74001e7fe943d63463b483877546
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\XboxController\[email protected]
Filesize1KB
MD583e9b7823c0a5c4c67a603a734233dec
SHA12eaf04ad636bf71afdf73b004d17d366ac6d333e
SHA2563b5e06eb1a89975def847101f700f0caa60fe0198f53e51974ef1608c6e1e067
SHA512e8abb39a1ec340ac5c7d63137f607cd09eae0e885e4f73b84d8adad1b8f574155b92fbf2c9d3013f64ebbb6d55ead5419e7546b0f70dcde976d49e7440743b0f
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\XboxController\[email protected]
Filesize1KB
MD555b64987636b9740ab1de7debd1f0b2f
SHA196f67222ce7d7748ec968e95a2f6495860f9d9c9
SHA256f4a6bb3347ee3e603ea0b2f009bfa802103bc434ae3ff1db1f2043fa8cace8fc
SHA51273a88a278747de3fefbaabb3ff90c1c0750c8d6c17746787f17061f4eff933620407336bf9b755f4222b0943b07d8c4d01de1815d42ea65e78e0daa7072591e9
-
Filesize
738B
MD58c14f001ae6d75f4e8fd6cb3a992c864
SHA1ec775ba263ef2fd1d6f8cc48073b32d7f86fc7c4
SHA2569324617545220e057096555fdeed9569623f01bbcd7375b349126ce7e353d5d0
SHA512498e8a5f1019a3500997ec08f80045cf0229a58e6f21e3eb2d581520eaef32d7a3906d7f1a9afb2c609920b3ec8cec87b63ea7905dac92a627725b0a2c6e714d
-
Filesize
529B
MD57020b0b40d930440124a510da5e871a3
SHA1af3b284541e4a518dc02f093cb2528b6c2294b0f
SHA256a6fab16fbbd35ab419c57bf0c91f989cc75c3b80ae10b551bd4eb5e18cf313c2
SHA512c0cec0e9b261287e4895c43588e1de8267beeaee7c81664a135508f4314312e7dde6efcf25e0ae07293d28f4d8ba7e1855ab7d8c669d1504429c86a705b674ec
-
Filesize
40B
MD54a0b907083f8afcc81fd894fb6c45d01
SHA17161d696223d3373ccce860cf81249d7f738a02f
SHA25687b0af1a5d48c9852603c2cd73097e27beb903aca92354231262ceba0e276e4c
SHA5129a917882b29ac03f6af556b1c4cfb99b5e8260a4bf9a179b91cb1a1ddf47c1cd5543b8d7f008d955320e567dd4fc0236e187717d4bda748289700b3fe920aca4
-
Filesize
54KB
MD5bcd140792a4934762c6034da0680b73d
SHA1ea77262e2b72fda3409ee848f7fb6e24fa66cdda
SHA2569308d28bfcf063742f96461076daae95c2b44b71b8ca7a13658ed3d562f9a68c
SHA512b112b8975c17c0d49da6a48af80a066e478814a81ba72925be7b136e0ae27cf74962e8d4252d6d6cb79ae53569c4947830e4e599c78151516f247e553f08fce5
-
Filesize
28KB
MD5a69ba5fb68ab609d80c17365000b58f0
SHA1e71bd892f128aeedffdd9671bc765458a4a023ba
SHA2562bcfff5006b95192b71075f6512b65b2203a31755fe0bb47226c77d328e83822
SHA512df0eb52c9383736e855adbdacf4b8690087800714f5248549d5fbe822086df42fb5274eca20705a005469fb822faff2a69beff6edeb3383e2f6f4f2d09fd84ad
-
Filesize
269B
MD50e5e6cc1adff0e515e4216b123b83ea3
SHA106dffac52fa64d4d2137f07e33e29beef2605cf2
SHA256a875e0299514256674144825ba6568cf0e6c33e07699dcf46bf2068cd55e9f7c
SHA512657a0773cdb7d19c5b748d8c167fc7b5dd1ae443f319db3d2e9dff65884c42926e7986adcd1b64e1e324a6e20d6988c3fd82eab0caeeb3ee180ba15ece20e80d
-
Filesize
268KB
MD56e8f28fc54136581c468d5cf21f86f5a
SHA10958ca0c58eb02cc2a9e31a1e8e5f4ae9b1a184f
SHA2561eea77484f82a1139ae191163394332d581993391ccee060f794c5c665507169
SHA5124648d778202bf09741247dff54d8a20e20373b10eaca1b50361b4e841e512d05fd161d22b24b1e2a28cde5ef64a436a7d8d71701f788300cbb5454c5301e709b
-
Filesize
4KB
MD54cdd4a181b53a940bbc4010725015803
SHA1e8d0ec0ff880e75a50140f4d734ddf7fb52c8ae0
SHA2561a69021ba5311861bcd8644a9769ce877e95b7d0708f27cd1d513b464fd8bc88
SHA512bd2681fc43b80199850fc56ee19ad02df68a1007cc2cfa719cf675aca6b9bc13c4e501f6566fd6cc0bf86c34831dc931e7a33069851b70fc07600db028e38790
-
Filesize
2KB
MD580cead4630578b8adc83bc84242a0c1c
SHA14c0d49dd4dfbc7c8895fc85fc058be4aec38eede
SHA25660a7d82f974fa516f436355ed86d30c8d2b17a9c36cadacf41a4b019642904d0
SHA512fa327faff0c457d906336308c35e1b73951bbc75c1a8286d6eea40b4b5d5c112bcf0dd4253ebfe638552bf212f6a82a63d9c3468e0ea5d64766f0b5b231b00b0
-
Filesize
2KB
MD588b15224dd0d140c9d286453502bf577
SHA1533fd7ff1a9e5e2b7f0ef0ccd01233ee3688832b
SHA25668ab8f8929b398f1b752f7c7f3d7174296bf393fa93cd67a102b8c52861a0b65
SHA51211a5309a57b277b2bbefd430fea2431394044115a0ea5b5cd80b2565cc061218812024fa65811dbc805480440170aada9524ae63071c2b849889d0c2f84bd993
-
Filesize
264KB
MD50d1ef1a456c19b5ac467dc0b70eb3c9f
SHA13bfa4e2bee37aeb630078d9f35fc16a4b73e726e
SHA2566477d6dc60e39102136451e5d1df55593b32618bc393d20b69d48cb04b2862df
SHA5124b11e8b411fb3937c52aa4838669927325d696efd541e6789371f663813a36a77e83810e60ddc27f879e20535a8fc818f4550cf48ac9349074131a77e0263cd4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
19KB
MD5eea4a187307ef7a438def5f1599de448
SHA1cf284b3a0c1aae2dc3483661dcf6d7613a61b623
SHA25668ed2521105cc68350d2a21b75a28fc668a24ec5fa82545b3212611b47deb088
SHA5127d757b9f507c8bb3f4f70be2f06a5648c3cf5acbacaceb2e09d021c895de10fa0b629103089213993532fcb22338bd57f2dfc331ba8544b28ebd01c574e177ce
-
Filesize
22KB
MD55b084bbc9fb1dd91c7d5ec974a9b2b3c
SHA1feda04d62faef1eb579c214f3e9d18bd2a9a506d
SHA256e3246a6ef6e1447bb4e0ab1aa2bc2533b1880be45f5694211b010dc5d3ee6b5d
SHA512bf68f2ae24c1c3c3b69ca2611fefedfcc31f058cfdf4172c83d375075c00c26564942c7dac22230b48b24abbc30d826acae830ea4bf86e1e7cb41905e44a89d7
-
Filesize
24KB
MD5134212f879ae929df9273637187a40d3
SHA13cb645a174aca9066860edcf7b6ba7b9731078c5
SHA2565ec2061d0756deb693529117dd96c61939814460b12d8c57e1d3728bac225f8c
SHA512131a179b5d5d21543fdde1ad457b26fc86b744137e46295794ac82b4b5d7581f1789ae6d863f745fbfd531e2d1ca98f3df4414d74a049d6eb57b9e69ab5c78c1
-
Filesize
371B
MD59570f18ba9d6fe0627bc50409eea5621
SHA1b87456d4a4922da5d7660e84cc2df8428c850194
SHA2568ac0c1512deffe41af8e70524493d6b7dddf9a7dde73c83fb849beb7f8149e30
SHA5124de22aa3197ccd20eb0517d6c184bc0f5fd501cf0e6e9686225091252c299212c06cd82e11ce568d23b017906a90b1f0b27c0c8438e51c6169af455803d83e2a
-
Filesize
6KB
MD5c1b8e0019bb28db7053d182e9b493cbd
SHA1830e9501d5487f9881d383ae72124b76d27c4375
SHA2561e1c919d9aba6315b2643ecb008513a5c22cac4d1407520c54e72e741df3e47b
SHA512cf30ddb28ae9c63b456848caab47ddf4f8cd23070e74b440e1b4f8fdf54203764ea620731bbc59216f6048551b12dd1bd2fe2d3d2779a296f20b9fb3c389bd8c
-
Filesize
2KB
MD515e4ca97f07e057b1111f2bd65cb860d
SHA18b0272a3c5bba6b31247d5959fa048c664937119
SHA25611a108932ddd8ff830a71d5f9574613964a54ce19f8b0bfca75231652a56fb00
SHA512989a9f9892079341326886a4d323fa93e7f9e4201b2b0f92591a41c569d0d17040e022156d6cf16101a358823b0a539c91661e508c2e1505ff9d310115e4d1a2
-
Filesize
5KB
MD55d4ebf0d6e67812e9587618c4df1974f
SHA1bdcf712da82af46c4445f5ec50d659246dc7ebd1
SHA256fc46146f71583f60e5654ede9e9d5c3c1de5acb4ee270b8c4aa5ebb603086190
SHA51288dd373257f23e0f8d905a902f61184ad4c887fc345cb145609a3498ec49b7ebc296b1923a90c803a937971e4ec802747d2af3b1c88b5be293bccbeb667b4ef9
-
Filesize
6KB
MD50e7674af707c487aa9347b5663e0aed7
SHA10156c523bc5b409307c192cd113f1b202590b180
SHA256d59306026287ff80135866337272d6cfa285a1eedc972e89eac4ecb73355af4d
SHA512aca26a8d5e3fe91168b9d86bbcde7e94cd7c56dd7ed2b73a60b88d6234d78199eb6c455a599856937d75373b1e58c2021964b9e73fa7c11b120e3800bcbddd9c
-
Filesize
6KB
MD5cc3b7a3b01054550361a925ab9a7d00e
SHA138cdccdc4eab15f8cc59b0c8422f5eaeb6d0007c
SHA2566c76146bc8b2421561c854c8b820c6715d723a2504ef0d673a69300d8dfe51f8
SHA51281cb7dddfd9d9d5aa7a05f3b12f58aa0f706ce9fb188ac74b5697b4108a6dc2d50ce3861d29d16483a964fe6ca0a959e39a69bf91c67d1fdc782e60a91e41fcf
-
Filesize
7KB
MD57af2296c54abed6a768dc5673f71bef3
SHA128ac20e771cda604d63ecbab8991596536f9cb21
SHA2566975daf40028ceff0f0286c3e941b6b4029fb6daaee50504da31aa55fcefb9c1
SHA51221cc5e1df5e8b629a4e6a6e0b855f6ae617b22cd4aa208e9cc87c93c247e6362e07f17a645fcc745c904a72a5884cdc3c5d5e00cf116ab381b289fe573d789d4
-
Filesize
7KB
MD5b9694f9edc573cef631b2ee19911f63d
SHA1d4d2a3f4f0d1e9832514c24743d9a8d5da324ad6
SHA2561ca4e716de9a7ad05f175e0ec72b2c70d17beb18449e8a71e86be218e867f614
SHA512c26acba69ea2ff5effd8a8c36fd36cdcb7a5c0d5871b2fd11f25160e6da7586c652ca17c86e7de09dcf586376851ece2f4daad4c4bcf4eed4e7e88c99f03fda3
-
Filesize
5KB
MD56bdfe02c4477c71c6165bc44cdf60636
SHA18f115ec8bc891ca9f80c543f6800f40048d9ef2a
SHA2568b3f8282d8ff5cecf60c1fbe1d3ee02ab4ce286914dd60e2f72c6f6437e07766
SHA51296f5aaa81ac27cd2fee370d2481cdfa4c6cb2a91bd23e9cf9eb1681e88d0237553bc7d2a0e6a53405777173e56f7baf19c8624d0c9e43d0bb97c125f261c5e90
-
Filesize
6KB
MD59d96e50b574d4f1b7b4fd6d110d985ce
SHA101703e98e17669d94072e9b55dab5f538ce5f359
SHA2566ea26b6e19ba080d4c1a451b5dab161fcac03d389d3318d3473df404a8ae0e4c
SHA512975eda37643b065b2f51b21d69c166f1d578932f9597f962bb79bb7eb7825804ab5adbe7514ad3a1fb3d767174ee6240454684c667f10ff41df5af2f2a5a9ab3
-
Filesize
6KB
MD5291a16b65e11b2771b7f05406feccc3a
SHA1c45cf08f34e8df25d1bbd20249f9c11f20a58308
SHA256a74ced12c6004b89fb9844b72e6a00b2d58dbdc4eaac8848f3be4c9f6ad019f7
SHA512007d47e9bb8e63ad22d4799d6e4caa56604a43ceae876a97af6bcfcb1b0e8500fd92e04acdb60efb8a93a9445b304abfeb2b23175297176d7658626af6cf113e
-
Filesize
7KB
MD5952c1b99006239837392943583912831
SHA1de61f8ad9e200f830656fff9450987f4f0456c22
SHA2565acfa37f0e42e0bc54b3b9a5ecb61e420a07624f26c585b4104287b4a0831c2d
SHA512a11214852bd8fcf6c96c458f7aa23cfa1f05123af160f524b1f41e9398057b5c40a0a88a1328326cfe15ccaadbb9edca88e86cab7e7d0d64d948350af28e9daf
-
Filesize
8KB
MD5977ed0d27e40dc13af3d2b8bf52478af
SHA14cfd16b231df0abaeee2bf49eea1e2e9c3e01c44
SHA2561a0866ea9f3afa5b7919cb1a4d44071d9a733a713b156cbff3733964f2e351ef
SHA5124d65c570ca3bfd36287bd21f4c3c9c91be3ee167f67fa939fcc678da679076a954731695283abc390957c244f371199646e2ef0ffedda464feec440bae5e3059
-
Filesize
8KB
MD5fafa3f76c3bfdfddd9fdb535003a6da5
SHA18253f2d22a8e32c7c05c76f5f86f75afa757bfb0
SHA25637926a8e81f5e62b66d5c16848b94065b2c16898878c7fde5cd92e472a9c2b0f
SHA512d68ae4be353f6f791c461ad0d7d74f7a2f28d272290351987a8615526698e513cd54be3b89a74809bf2f76b0217d8fc10ff794ecda2c159b7b7cb22fff398631
-
Filesize
6KB
MD54d43de0c6896d65714cdcefd47805c0a
SHA13bacc1255519beaa11a9b030c8621973e47bd085
SHA256ea909d483ca79e77690d5d2e4c0d0b3a9eb15ad474f27b2706fba1cd0fd7cccb
SHA512865591c120846f571908d3224e54d30fb6b9c68db804385dc1a88078148314a1d97ad425656feb9b3dc5cd8aa7d4aee8cebc42e89e69e5013212a13032ab144b
-
Filesize
15KB
MD536ee5ce2924910749171fe664f0a02c4
SHA18ff75428124bddc65702d2f2b867bc5916c47ed4
SHA2562e70c5b3ad1a33483a20cfa88507cfe89087d036e9002398f4b33a193b3d46a4
SHA512bfdda46b7950553d50a7e38b0e5db961fc1fe22bd57447bf59b41b7b45980ed77f224c0257a5a5af35ee2c7e60e7216481d1ad65caa1247fa3eeea1088cc7303
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize56B
MD594275bde03760c160b707ba8806ef545
SHA1aad8d87b0796de7baca00ab000b2b12a26427859
SHA256c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968
SHA5122aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b14ec.TMP
Filesize120B
MD5645b380977084f12bc28f96c9a9acdd1
SHA11e762fb4aa8e6cb5c93dba719893ae9c7a86c2bb
SHA2567fc3c5e85bce9bc7618eb95fbf0434720df56b8973ec0c7dc64ea1ffed889d32
SHA512c920cbf693844b2608c4765c267f0b64ed0e4f69583ace09db463c29b60d2f33c9ed554d2746333db0e0852f254711152627c95b98ec1467e575dfc5145162f0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fbd81dd1-29c9-4a8d-99a7-586956a6c02b.tmp
Filesize7KB
MD570428c5df2cdf309cfab8da9cb986951
SHA1c0a584a60ad03b7dc6e066698d1b624821d2a322
SHA256e89c7be8284e4351aaaa2ddbde6272fa6ba9bd568da34db16f095d590bfeffd5
SHA5120649e4f76e1c3ddc294ff39ed6b28518093b616820a423aa7edc433269c67ba042412cacb172a0f1ecd11ed9eadd53779312dfc62cead40dedf18cde9dcdfe49
-
Filesize
288KB
MD5af91d9d6d2f0c26186e3083637fcf573
SHA1dbd2b7eaea84b8d9045b94a16710da694c588520
SHA2562b053948915af925798dc37129fc3a94db2697d46398349b4d26fe896933445c
SHA51275d8610eb3371454c702657889b1699ecf67159f4b5f6915c86c4ea013e744126f98aac2af04c02ac713b17021f0dd44ead845a27a12523a4ac0e892439003d7
-
Filesize
267KB
MD5a4d4b43e489eafc4605e6485c188e8e1
SHA185aee2eddf8295b9e7b05e7ba7d612096e952615
SHA2568f20b4039b70310f99bc18913011a96212a543e5759756d5e9943e73d05904f5
SHA5122e05d457577dfe21eda48272f8ccb6def2885a20ec4788365b33eaff2f95f1aac68be3b72a8d2eb14f629ea86a448b90098ff957f5c142476a178eab56c1506e
-
Filesize
151KB
MD574018ec5e1fda93b4849f915fb1c3b5e
SHA1304a5211e68bfeb5da84f6a744213ef5d77b7a50
SHA2567eee9a822c0c6b5828b082b88bedfd80feb7de8e913dd85aa2b32796964bf3ee
SHA512c8a8a62fca2699f993f769e0e95b8a2a1e4635fa816c949754c5b0bac0b6ab13155466c363682b953c3a878fe3980378b1c31d41ed137fd9505309f4e011e892
-
Filesize
151KB
MD5258fc18592c7d88381531946d5575f6c
SHA181101da589e84664e124762829384d3cda5a96c1
SHA256ac30ff354d2521deb9593ccdd06c4549d138ca40b6aeb8fe9670ccf2a278811f
SHA512a22e0d26ba8d977691b835097008a2e37821886f5b77ee591d20323321ed7bfc2711e77cae8455adc1d166f6c1ec8e752984dd43ffb040af26e8328c2c01f29f
-
Filesize
268KB
MD5c6e22351459476c9db6b6d82a1a2474f
SHA1163bf59b45baf63aa6cc6f7a639b1f67469d1a64
SHA256f7cad2e3344758cc519345169f1f22acafa28e0bd1d72f331e9a836c9e2040fa
SHA5124ac32f992ea6bdcf9a8a3bbff596de355e70b900ea5e18b5903c91ccc048b951ab59181def89238c8dffbfb230d24ce9cafbeacf735ad4ba59f5ac515130b496
-
Filesize
268KB
MD5844b7b96f441a0d69d779093e60b7d64
SHA148590b5498101d855b7146c73f016020edc30318
SHA2563a50ee11bb17a1608b2b63e7173edc2c4c4abf5a4d186f98ca62178065b234c9
SHA51249b7b1333fb59dce87592f690eb3dbf95e979f9516938b5f73cd687a2b2877d9ae4eaea52dcde5ae1af590f01ab88dc8a5ae648aaa5e2e386e99771503b4b80e
-
Filesize
136KB
MD5aac53a9534f24a83c1f04dd6dc1c14f7
SHA138d215f8f03651280e1d7d5d629152e9ce4b3a99
SHA25699b57607708cb1a4afe48af33e69c25617bf322ec0a9752ff18e44efdff1f7d2
SHA51249091757211dc86f1b898174b60e9e7f890a83974ebe66eaca756a412603675f57e1832c57f5664dc4734aa3ac89dcb3a7a36803983a9501e89ebabfe7e6b8ba
-
Filesize
287KB
MD5d6479d02d15d08a2b0e73669fd95e62a
SHA1d28e3d92ced28caaab513e57504bc51f0020ee7e
SHA25692c73f25bde3bfe9ab8ceb582835d5b657faa8db839d70dcd7421797c74e5fe2
SHA512bcd2899330d50ef1daf5c0678f464aa0254de0824ccabebec0ec6ae4edd437346f1d78c5f2b4c721abc52dca1ddf09fcdd5f27de79de3cb27d7a712883b26deb
-
Filesize
268KB
MD5f9c93af4fdbd0212c78a47d0fb1eefcd
SHA16093eb4e3ca785747baa7957790dc0105160cab5
SHA2560778b65069fc11ebba6da7171281843947f5cbbd673153a23752cbfdfa327e4d
SHA512e8e9e1430e6c333a3837f47627f09df491bde4ce476a2ccc468e5516aeabe36c02d8a744f4cdd9fd2c1558341e0de06193c46afa41bb6ba092aade6cf4400e5d
-
Filesize
282KB
MD5a751c5a81bcb603b1b79e7e9d68727c2
SHA145b1874f5ef2e2c11b0e3c68a062285ea24f5372
SHA256eedba609748805a8264bdec4d40b4ed193e35510b908b83c0e4f6d404df9f001
SHA512d70248f224f30ed0ceb0f7fc0e59ee6036ca56e4a5660192c01e1f30a8e6d32f1361a28008e8f105e88ce46f9219de2ae426b6f4db5a1970f6bd341d669619af
-
Filesize
110KB
MD578ac2d85322bd10aca9a1607de90c22b
SHA1547366c16494d5d3b382bd5e2bb90d4550a0abd1
SHA2569403f7acff4acbe6a5b2e2061e88de839aa9b60d982e327c47a3b57a3792df76
SHA512b6e87da38d58bd5f0f39f56b5b5acb51861ed90b79204a086c1a56f14ac1f72147d8554dd0a0f58336b49ccbf4d490f29f8ace57d429bdb44a4f4069c197aa24
-
Filesize
104KB
MD587cd23b6a380b30d765c704e31450c7a
SHA1da104afd804cd8282d333d3de4f7ccde265af824
SHA2565d07f7e94a1afd2c00fcb03ffd4507bcccf93f8cd7fca068bfa935cb0979c470
SHA512d698c76dd308feb105e9a82944b2cd573a339b7ce224cf65cd5c524d959d5d030628441ae7c664e416fe0e2153eea697dd5b1a7f9dc138bb9fc9260e6d4ba22d
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
6KB
MD5bcd22b9511d5383e23d875e2cf3c339e
SHA10ef86afaef536cc4b046ea2866414bb193d60702
SHA25695dd31f11ac1317559b6eee0479739930d503a4938283f5d831ac8add92ad792
SHA512c4e6821858720895c0bfae797097e3307bb7ea8f03dde4fefc16cce03b2a50fecfe8ed5c3225136fcd9d74ee0ed8673f795b410cd14890d22df58c1f03b693c6
-
Filesize
309B
MD51281d8dbf988446d6445f20d80a7dd35
SHA11febeae94440c97faf3ee9ead71aeb2c07c94466
SHA25626ad162615d6a724309754be76f0bac9b67fe0280fe8099212b0589e51c1c56e
SHA512841185401d1f0995bc3ca9e97c4f65aa68acbcad88dbb7278be4ebf014ed7ccb268f1fd666ca7ebcd8320a606ccb6f12b5d287e6bdb14a8ed12629bca3edb8da
-
Filesize
3.4MB
MD5a930ae45a28f99330f3a2a3bca2c5fc8
SHA14c017d351ceac93ac48382ba5b7558531ca0bfea
SHA256ff08d82ee292b5eb061afa9f74597fb6ca856b7de89cd6397d5633d011a00068
SHA5120d7fcc2d6cdc15da6ea27fa9c5efb937c852a6abc38b6c0c942fd1db3f573736fcdb91bf6f2ea1c308a0d351844d9f5b34c3b2aaa0266eec0abded73bb082b1a
-
Filesize
3.4MB
MD5a19bf5e804004e0397a4547f9a8568fe
SHA1daad35851be0986f1a99f5563976309c2f7fc800
SHA25666909b895c0b86eb1edaf95c0d728939a4986f01bf5112023bf52a6afc021155
SHA5122e98dedf48e2f16543ef28cdfad832f77a6250f6e71cadd2245e58aa4872a91934f390ad8552a1c59b035ead123904b95c31a1fb3d7ba3dbf49968b018755c5a
-
Filesize
5.5MB
MD5de2ac61fe7207c1b2f304b05fae4e39f
SHA172a4623fde7103eebcff4a55ccb8eb6acf6bbee8
SHA256c8dd69f4f8f07ebe1c73a433bbf08f67e3bef3047c35251a243c3ac78f500647
SHA5124d0be337f5d6f760fef3f79d14ef6835045e12e7eef5cf906a5f73841b01bd59d3171c31f63de34e5b44f791d5912f940fa391d96685532e0baeb7613526f8a8
-
Filesize
418KB
MD54fb046cf2752a7e38784b9c223fc749a
SHA1ec60cb7dca1a73001cffbcf858ec0a8714dbca1a
SHA25689259d80bd757a1d0a5b47b5c7eac1d8f84071d71b49049dd49a37ef8dee727c
SHA512763d7d904ae606b2e9692b46d5c18bab98eecd6973330f223da738f74f918530729df0ea8d91b976fc2787592d469c187bc027ad142dc5cef0d7b615948c7e13
-
Filesize
3.4MB
MD512fd29fcaf6f6518b8bf9e976928fa38
SHA11f9352e217518eaceefdd041e3f085ffbb93acb0
SHA256d38d6297b4653f30397b7f45964ed99a70c8ab73d60063f68d3380c309e626a4
SHA512b0c5bfb87639585564915f284ecff5af7e6664097ea3d9df6908c08ce09f9f6c31912225620bb7f7cf818efd6a7146280ce37e10ca7fb55bd381b95bb8a2189b
-
Filesize
4KB
MD5ec1e22fcdb56c0027ebc8cc4de1d0e64
SHA101c3295445117957e0aa1facbd2538d68b600c78
SHA25665f300099bb14dc2ff2e2fc3a3ebda335d16433c08e317eeb4673cf106ed34a3
SHA512090c6fa8ad2b0d1e8b4dd5d42759b6ee56e96786da9d7aba34040bf3daf5ca8c5d00c9cc10cd4b84e3ebe023b2c5550c237207902a29afa9bd9dd38757c93017
-
Filesize
7.6MB
MD5dbb820772caf0003967ef0f269fbdeb1
SHA131992bd4977a7dfeba67537a2da6c9ca64bc304c
SHA256b2ac1e407ed3ecd7c7faa6de929a68fb51145662cf793c40b69eb59295bba6bc
SHA512e8ac879c7198dffb78bc6ee4ad49b5de40a5a7dbbda53d427d0a034941487d13c8bb2b8d590a1fcdd81cd6abb8f21fdfcd52924eb00c45a42ee06c1e4b3d590f