Analysis
-
max time kernel
588s -
max time network
589s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
09/04/2024, 11:47
Static task
static1
Behavioral task
behavioral1
Sample
file.html
Resource
win10v2004-20240226-en
General
-
Target
file.html
-
Size
311KB
-
MD5
88a455a4e44fba06985c58bd120e9ea2
-
SHA1
2eebe84f7c0e79f195ab9fc198a7d21a23560d40
-
SHA256
d87ebd2195a7afc26e8b620660337fddad34a8320a1ff6faa71752518f5f3976
-
SHA512
f72c2087a1d8a44cf80d9c7ba24f769f4495a7b0cd23428ee390bf7ffb102908cf9fb07cb42641a8c5d8ad6b3e57ca84cd0f196af50bc62e737595de5d62ed7a
-
SSDEEP
3072:FiogAkHnjPIQ6KSEX/5HAPaW+LN7DxRLlzglKurx4:3gAkHnjPIQBSERgPCN7jBurx4
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Injector.exe -
Downloads MZ/PE file
-
Sets file execution options in registry 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Injector.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Injector.exe -
Checks computer location settings 2 TTPs 7 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation Wave.exe Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation CefSharp.BrowserSubprocess.exe Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation node.exe Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation CefSharp.BrowserSubprocess.exe Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation Bloxstrap.exe Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation Bloxstrap-v2.5.4.exe Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation MicrosoftEdgeUpdate.exe -
Executes dropped EXE 30 IoCs
pid Process 5396 Wave.exe 456 Bloxstrap-v2.5.4.exe 12636 MicrosoftEdgeWebview2Setup.exe 13056 MicrosoftEdgeUpdate.exe 13100 MicrosoftEdgeUpdate.exe 13140 MicrosoftEdgeUpdate.exe 13160 MicrosoftEdgeUpdateComRegisterShell64.exe 13188 MicrosoftEdgeUpdateComRegisterShell64.exe 13236 MicrosoftEdgeUpdateComRegisterShell64.exe 13272 MicrosoftEdgeUpdate.exe 13308 MicrosoftEdgeUpdate.exe 4612 MicrosoftEdgeUpdate.exe 7656 MicrosoftEdgeUpdate.exe 5584 MicrosoftEdge_X64_123.0.2420.81.exe 5460 setup.exe 5648 setup.exe 7724 MicrosoftEdgeUpdate.exe 5448 RobloxPlayerBeta.exe 2644 Wave.exe 6572 CefSharp.BrowserSubprocess.exe 7276 CefSharp.BrowserSubprocess.exe 7272 node.exe 10636 CefSharp.BrowserSubprocess.exe 10684 CefSharp.BrowserSubprocess.exe 10668 CefSharp.BrowserSubprocess.exe 1216 wave-luau.exe 6304 CefSharp.BrowserSubprocess.exe 11676 Bloxstrap.exe 11876 RobloxPlayerBeta.exe 8232 Injector.exe -
Loads dropped DLL 64 IoCs
pid Process 5396 Wave.exe 5396 Wave.exe 5396 Wave.exe 5396 Wave.exe 5396 Wave.exe 5396 Wave.exe 13056 MicrosoftEdgeUpdate.exe 13100 MicrosoftEdgeUpdate.exe 13140 MicrosoftEdgeUpdate.exe 13160 MicrosoftEdgeUpdateComRegisterShell64.exe 13140 MicrosoftEdgeUpdate.exe 13188 MicrosoftEdgeUpdateComRegisterShell64.exe 13140 MicrosoftEdgeUpdate.exe 13236 MicrosoftEdgeUpdateComRegisterShell64.exe 13140 MicrosoftEdgeUpdate.exe 13272 MicrosoftEdgeUpdate.exe 13308 MicrosoftEdgeUpdate.exe 4612 MicrosoftEdgeUpdate.exe 4612 MicrosoftEdgeUpdate.exe 13308 MicrosoftEdgeUpdate.exe 7656 MicrosoftEdgeUpdate.exe 7724 MicrosoftEdgeUpdate.exe 5448 RobloxPlayerBeta.exe 2644 Wave.exe 2644 Wave.exe 2644 Wave.exe 2644 Wave.exe 2644 Wave.exe 6572 CefSharp.BrowserSubprocess.exe 6572 CefSharp.BrowserSubprocess.exe 6572 CefSharp.BrowserSubprocess.exe 6572 CefSharp.BrowserSubprocess.exe 6572 CefSharp.BrowserSubprocess.exe 6572 CefSharp.BrowserSubprocess.exe 6572 CefSharp.BrowserSubprocess.exe 6572 CefSharp.BrowserSubprocess.exe 6572 CefSharp.BrowserSubprocess.exe 6572 CefSharp.BrowserSubprocess.exe 6572 CefSharp.BrowserSubprocess.exe 6572 CefSharp.BrowserSubprocess.exe 6572 CefSharp.BrowserSubprocess.exe 7276 CefSharp.BrowserSubprocess.exe 7276 CefSharp.BrowserSubprocess.exe 7276 CefSharp.BrowserSubprocess.exe 7276 CefSharp.BrowserSubprocess.exe 7276 CefSharp.BrowserSubprocess.exe 2644 Wave.exe 10636 CefSharp.BrowserSubprocess.exe 10636 CefSharp.BrowserSubprocess.exe 10684 CefSharp.BrowserSubprocess.exe 10684 CefSharp.BrowserSubprocess.exe 10636 CefSharp.BrowserSubprocess.exe 10636 CefSharp.BrowserSubprocess.exe 10684 CefSharp.BrowserSubprocess.exe 10684 CefSharp.BrowserSubprocess.exe 10636 CefSharp.BrowserSubprocess.exe 10684 CefSharp.BrowserSubprocess.exe 10668 CefSharp.BrowserSubprocess.exe 10668 CefSharp.BrowserSubprocess.exe 10668 CefSharp.BrowserSubprocess.exe 10668 CefSharp.BrowserSubprocess.exe 10668 CefSharp.BrowserSubprocess.exe 6304 CefSharp.BrowserSubprocess.exe 6304 CefSharp.BrowserSubprocess.exe -
Registers COM server for autorun 1 TTPs 33 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe -
resource yara_rule behavioral1/memory/8232-9448-0x00007FF7EF270000-0x00007FF7EFBD0000-memory.dmp themida -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Injector.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs
flow ioc 734 camo.githubusercontent.com 735 camo.githubusercontent.com 736 camo.githubusercontent.com 737 camo.githubusercontent.com 738 camo.githubusercontent.com 739 camo.githubusercontent.com 745 raw.githubusercontent.com 732 camo.githubusercontent.com -
Checks system information in the registry 2 TTPs 10 IoCs
System information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe -
Suspicious use of NtCreateThreadExHideFromDebugger 2 IoCs
pid Process 5448 RobloxPlayerBeta.exe 11876 RobloxPlayerBeta.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 37 IoCs
pid Process 5448 RobloxPlayerBeta.exe 5448 RobloxPlayerBeta.exe 5448 RobloxPlayerBeta.exe 5448 RobloxPlayerBeta.exe 5448 RobloxPlayerBeta.exe 5448 RobloxPlayerBeta.exe 5448 RobloxPlayerBeta.exe 5448 RobloxPlayerBeta.exe 5448 RobloxPlayerBeta.exe 5448 RobloxPlayerBeta.exe 5448 RobloxPlayerBeta.exe 5448 RobloxPlayerBeta.exe 5448 RobloxPlayerBeta.exe 5448 RobloxPlayerBeta.exe 5448 RobloxPlayerBeta.exe 5448 RobloxPlayerBeta.exe 5448 RobloxPlayerBeta.exe 5448 RobloxPlayerBeta.exe 11876 RobloxPlayerBeta.exe 11876 RobloxPlayerBeta.exe 11876 RobloxPlayerBeta.exe 11876 RobloxPlayerBeta.exe 11876 RobloxPlayerBeta.exe 11876 RobloxPlayerBeta.exe 11876 RobloxPlayerBeta.exe 11876 RobloxPlayerBeta.exe 11876 RobloxPlayerBeta.exe 11876 RobloxPlayerBeta.exe 11876 RobloxPlayerBeta.exe 11876 RobloxPlayerBeta.exe 11876 RobloxPlayerBeta.exe 11876 RobloxPlayerBeta.exe 11876 RobloxPlayerBeta.exe 11876 RobloxPlayerBeta.exe 11876 RobloxPlayerBeta.exe 11876 RobloxPlayerBeta.exe 8232 Injector.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\ffmpeg.dll setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\identity_proxy\win10\identity_helper.Sparse.Stable.msix setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\gl.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\identity_proxy\resources.pri setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\pt-PT.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\tr.pak setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU8E90.tmp\msedgeupdateres_kk.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\EdgeWebView.dat setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\mojo_core.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedge_200_percent.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\fa.pak setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU8E90.tmp\msedgeupdateres_as.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU8E90.tmp\msedgeupdateres_ug.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\pt-BR.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\msedge.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\hu.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\qu.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\tt.pak setup.exe File created C:\Program Files\MsEdgeCrashpad\settings.dat setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\msedge_200_percent.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\msedge_elf.dll setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Notifications\SoftLandingAssetDark.gif setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\VisualElements\LogoBeta.png setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\vulkan-1.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\id.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\identity_proxy\win10\identity_helper.Sparse.Internal.msix setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\kok.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\identity_proxy\win11\identity_helper.Sparse.Dev.msix setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\az.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Trust Protection Lists\Sigma\Cryptomining setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\te.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\identity_proxy\win11\identity_helper.Sparse.Dev.msix setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU8E90.tmp\msedgeupdateres_hr.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\concrt140.dll setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Trust Protection Lists\Sigma\Fingerprinting setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\libGLESv2.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\vcruntime140.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\VisualElements\SmallLogoCanary.png setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\hr.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\mojo_core.dll setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\onnxruntime.dll setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\PdfPreview\PdfPreviewHandler.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\elevation_service.exe setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Trust Protection Lists\Sigma\LICENSE setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Trust Protection Lists\manifest.json setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\ms.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\nn.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\dual_engine_adapter_x64.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\fa.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\nb.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Trust Protection Lists\Sigma\Analytics setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\sr-Latn-RS.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\eventlog_provider.dll setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Trust Protection Lists\Mu\LICENSE setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\WidevineCdm\manifest.json setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\en-US.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\VisualElements\SmallLogoCanary.png setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\es.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\identity_proxy\win11\identity_helper.Sparse.Internal.msix setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\id.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Trust Protection Lists\Mu\TransparentAdvertisers setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\VisualElements\Logo.png setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\vk_swiftshader_icd.json setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString taskmgr.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies data under HKEY_USERS 41 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService.1.0\ = "Update3COMClass" MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0\ = "Google Update Policy Status Class" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ProgID MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ServiceParameters = "/comsvc" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc.1.0\ = "Google Update Policy Status Class" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\ = "Microsoft Edge Update Process Launcher Class" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ProgID MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.ProcessLauncher" MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ELEVATION MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\CLSID\ = "{77857D02-7A25-4B67-9266-3E122A8F39E4}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\PROGID MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VersionIndependentProgID MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine.dll" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ELEVATION MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\ = "Microsoft Edge Update CredentialDialog" MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\roblox\shell\open Bloxstrap-v2.5.4.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B} MicrosoftEdgeUpdate.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 775609.crdownload:SmartScreen msedge.exe File created C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe\:SmartScreen:$DATA Bloxstrap-v2.5.4.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 332 msedge.exe 332 msedge.exe 2064 msedge.exe 2064 msedge.exe 624 identity_helper.exe 624 identity_helper.exe 4320 msedge.exe 4320 msedge.exe 7252 msedge.exe 7252 msedge.exe 7252 msedge.exe 7252 msedge.exe 5396 Wave.exe 5396 Wave.exe 1428 msedge.exe 1428 msedge.exe 8120 msedge.exe 8120 msedge.exe 13056 MicrosoftEdgeUpdate.exe 13056 MicrosoftEdgeUpdate.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 13056 MicrosoftEdgeUpdate.exe 13056 MicrosoftEdgeUpdate.exe 13056 MicrosoftEdgeUpdate.exe 13056 MicrosoftEdgeUpdate.exe 456 Bloxstrap-v2.5.4.exe 456 Bloxstrap-v2.5.4.exe 5448 RobloxPlayerBeta.exe 5448 RobloxPlayerBeta.exe 456 Bloxstrap-v2.5.4.exe 456 Bloxstrap-v2.5.4.exe 456 Bloxstrap-v2.5.4.exe 456 Bloxstrap-v2.5.4.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 6460 7zFM.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 8232 Injector.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 59 IoCs
pid Process 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeRestorePrivilege 6460 7zFM.exe Token: 35 6460 7zFM.exe Token: SeSecurityPrivilege 6460 7zFM.exe Token: SeDebugPrivilege 5396 Wave.exe Token: SeDebugPrivilege 456 Bloxstrap-v2.5.4.exe Token: SeDebugPrivilege 13056 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 8788 taskmgr.exe Token: SeSystemProfilePrivilege 8788 taskmgr.exe Token: SeCreateGlobalPrivilege 8788 taskmgr.exe Token: 33 8788 taskmgr.exe Token: SeIncBasePriorityPrivilege 8788 taskmgr.exe Token: SeDebugPrivilege 13056 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 2644 Wave.exe Token: SeDebugPrivilege 6572 CefSharp.BrowserSubprocess.exe Token: SeDebugPrivilege 7276 CefSharp.BrowserSubprocess.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeDebugPrivilege 10636 CefSharp.BrowserSubprocess.exe Token: SeDebugPrivilege 10684 CefSharp.BrowserSubprocess.exe Token: SeDebugPrivilege 10668 CefSharp.BrowserSubprocess.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe Token: SeShutdownPrivilege 2644 Wave.exe Token: SeCreatePagefilePrivilege 2644 Wave.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 456 Bloxstrap-v2.5.4.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe 8788 taskmgr.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 456 Bloxstrap-v2.5.4.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 5448 RobloxPlayerBeta.exe 11876 RobloxPlayerBeta.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2064 wrote to memory of 2556 2064 msedge.exe 88 PID 2064 wrote to memory of 2556 2064 msedge.exe 88 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 4360 2064 msedge.exe 89 PID 2064 wrote to memory of 332 2064 msedge.exe 90 PID 2064 wrote to memory of 332 2064 msedge.exe 90 PID 2064 wrote to memory of 3136 2064 msedge.exe 91 PID 2064 wrote to memory of 3136 2064 msedge.exe 91 PID 2064 wrote to memory of 3136 2064 msedge.exe 91 PID 2064 wrote to memory of 3136 2064 msedge.exe 91 PID 2064 wrote to memory of 3136 2064 msedge.exe 91 PID 2064 wrote to memory of 3136 2064 msedge.exe 91 PID 2064 wrote to memory of 3136 2064 msedge.exe 91 PID 2064 wrote to memory of 3136 2064 msedge.exe 91 PID 2064 wrote to memory of 3136 2064 msedge.exe 91 PID 2064 wrote to memory of 3136 2064 msedge.exe 91 PID 2064 wrote to memory of 3136 2064 msedge.exe 91 PID 2064 wrote to memory of 3136 2064 msedge.exe 91 PID 2064 wrote to memory of 3136 2064 msedge.exe 91 PID 2064 wrote to memory of 3136 2064 msedge.exe 91 PID 2064 wrote to memory of 3136 2064 msedge.exe 91 PID 2064 wrote to memory of 3136 2064 msedge.exe 91 PID 2064 wrote to memory of 3136 2064 msedge.exe 91 PID 2064 wrote to memory of 3136 2064 msedge.exe 91 PID 2064 wrote to memory of 3136 2064 msedge.exe 91 PID 2064 wrote to memory of 3136 2064 msedge.exe 91
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\file.html1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2064 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc55746f8,0x7ffdc5574708,0x7ffdc55747182⤵PID:2556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:4360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:82⤵PID:3136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:4084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:12⤵PID:3560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵PID:3192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:82⤵PID:2980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:12⤵PID:1124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:12⤵PID:2344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:12⤵PID:2872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2392 /prefetch:12⤵PID:4768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:12⤵PID:5368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:12⤵PID:5452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵PID:5596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵PID:5604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:12⤵PID:5612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:12⤵PID:5620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:12⤵PID:5628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:12⤵PID:5636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:12⤵PID:5644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:12⤵PID:5652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7932 /prefetch:12⤵PID:5660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8472 /prefetch:12⤵PID:5232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8532 /prefetch:12⤵PID:5208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8764 /prefetch:12⤵PID:5200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9152 /prefetch:12⤵PID:5204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:12⤵PID:6300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10048 /prefetch:12⤵PID:6444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9448 /prefetch:12⤵PID:6584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10436 /prefetch:12⤵PID:6592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8140 /prefetch:12⤵PID:6664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9240 /prefetch:12⤵PID:6768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8884 /prefetch:12⤵PID:6844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9772 /prefetch:12⤵PID:6976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9064 /prefetch:82⤵PID:7088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9748 /prefetch:12⤵PID:7096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10960 /prefetch:12⤵PID:6196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11056 /prefetch:12⤵PID:6220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11248 /prefetch:12⤵PID:6540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:12⤵PID:7072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11520 /prefetch:12⤵PID:3468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11704 /prefetch:12⤵PID:7200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11544 /prefetch:12⤵PID:7272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10260 /prefetch:12⤵PID:7456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12180 /prefetch:12⤵PID:7572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10824 /prefetch:12⤵PID:7696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12392 /prefetch:12⤵PID:7772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11244 /prefetch:12⤵PID:7844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11984 /prefetch:12⤵PID:8056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12380 /prefetch:12⤵PID:7964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11528 /prefetch:12⤵PID:7956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11508 /prefetch:12⤵PID:5356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11692 /prefetch:12⤵PID:5828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8528 /prefetch:12⤵PID:6904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10008 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4320
-
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\WaveTrial.rar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:6460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=13104 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:7252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12408 /prefetch:12⤵PID:6468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:12⤵PID:2272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=10772 /prefetch:82⤵PID:6784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3124 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10768 /prefetch:12⤵PID:1144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10584 /prefetch:12⤵PID:3200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8928 /prefetch:12⤵PID:7368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9272 /prefetch:12⤵PID:3784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5224 /prefetch:82⤵PID:7528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,6687049563776719116,3126187785664915787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:8120
-
-
C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe"C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:456 -
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe" /silent /install3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:12636 -
C:\Program Files (x86)\Microsoft\Temp\EU8E90.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EU8E90.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"4⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:13056 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:13100
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:13140 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:13160
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:13188
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:13236
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEZDOUY3QkMtMzA2Ni00MTkyLUIyN0MtM0U2NTZCMkJCMUM4fSIgdXNlcmlkPSJ7RTg1RUIxNDItNTU3Qy00MjkwLTg2QTEtOEM5QzA4M0E4MjUyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDOThFQjY1My02REZCLTQyRjUtODVDRi1GRUU4ODZFOEEwRDd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODUuMTciIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MzczMTkwODI3IiBpbnN0YWxsX3RpbWVfbXM9IjUzNiIvPjwvYXBwPjwvcmVxdWVzdD45⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:13272
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{8FC9F7BC-3066-4192-B27C-3E656B2BB1C8}" /silent5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:13308
-
-
-
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe" --app -channel production3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:5448
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4968
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3328
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4404
-
C:\Users\Admin\Downloads\WaveTrial\Wave.exe"C:\Users\Admin\Downloads\WaveTrial\Wave.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5396
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:4612 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEZDOUY3QkMtMzA2Ni00MTkyLUIyN0MtM0U2NTZCMkJCMUM4fSIgdXNlcmlkPSJ7RTg1RUIxNDItNTU3Qy00MjkwLTg2QTEtOEM5QzA4M0E4MjUyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxQkQzMUU1QS04RTM0LTQ5NjMtQUFGOS04RUQzRkY2MTNGODN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MzgxMzcwOTI4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:7656
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{48A2DA12-8AB2-4640-B4AB-A6E345D72F13}\MicrosoftEdge_X64_123.0.2420.81.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{48A2DA12-8AB2-4640-B4AB-A6E345D72F13}\MicrosoftEdge_X64_123.0.2420.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Executes dropped EXE
PID:5584 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{48A2DA12-8AB2-4640-B4AB-A6E345D72F13}\EDGEMITMP_5F035.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{48A2DA12-8AB2-4640-B4AB-A6E345D72F13}\EDGEMITMP_5F035.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{48A2DA12-8AB2-4640-B4AB-A6E345D72F13}\MicrosoftEdge_X64_123.0.2420.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5460 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{48A2DA12-8AB2-4640-B4AB-A6E345D72F13}\EDGEMITMP_5F035.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{48A2DA12-8AB2-4640-B4AB-A6E345D72F13}\EDGEMITMP_5F035.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.106 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{48A2DA12-8AB2-4640-B4AB-A6E345D72F13}\EDGEMITMP_5F035.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.81 --initial-client-data=0x230,0x234,0x238,0x20c,0x23c,0x7ff63579baf8,0x7ff63579bb04,0x7ff63579bb104⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5648
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEZDOUY3QkMtMzA2Ni00MTkyLUIyN0MtM0U2NTZCMkJCMUM4fSIgdXNlcmlkPSJ7RTg1RUIxNDItNTU3Qy00MjkwLTg2QTEtOEM5QzA4M0E4MjUyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszNjdGM0Y1MC04QjhFLTRFODItODBGNi0xOEMwMzUyNEJFMzZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyMy4wLjI0MjAuODEiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjczOTg5MjExOTgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3Mzk5MDUwOTAyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzc3MzU4MTMzMyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvN2EwYTBiZDYtYjljOS00YzU2LTk2NDktZTllOWMyMmZiZTQzP1AxPTE3MTMyNjgzNTkmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9VHhKMSUyZmh6TGd1a3pNNEpLYlJEYmREbGtTQlpMUmMxSkRwNHViTk5zbXhGNlF3UTdVcUN0UUY3eTdtMG5mYnVBUHlpQiUyZmZIZkJlbmY5WjV0bTkxQnpnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTcyMDg2NzQ0IiB0b3RhbD0iMTcyMDg2NzQ0IiBkb3dubG9hZF90aW1lX21zPSIzMDgyNiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3NzM2NjA5MDYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3Nzg4NTAwOTg3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MjM4NzExMDA1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMTA1MyIgZG93bmxvYWRfdGltZV9tcz0iMzc0NDQiIGRvd25sb2FkZWQ9IjE3MjA4Njc0NCIgdG90YWw9IjE3MjA4Njc0NCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDUwMjAiLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:7724
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:8788
-
C:\Users\Admin\Downloads\WaveTrial\Wave.exe"C:\Users\Admin\Downloads\WaveTrial\Wave.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2644 -
C:\Users\Admin\Downloads\WaveTrial\CefSharp.BrowserSubprocess.exe"C:\Users\Admin\Downloads\WaveTrial\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\Downloads\WaveTrial\debug.log" --field-trial-handle=2028,i,16056247233291861037,3038573767245795551,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=2008 /prefetch:2 --host-process-id=26442⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:6572
-
-
C:\Users\Admin\Downloads\WaveTrial\dist\node.exe"C:\Users\Admin\Downloads\WaveTrial\dist\node.exe" server2⤵
- Checks computer location settings
- Executes dropped EXE
PID:7272 -
C:\Users\Admin\Downloads\WaveTrial\dist\shared\bin\wave-luau.exeC:\Users\Admin\Downloads\WaveTrial\dist\shared\bin\wave-luau.exe lsp --definitions=C:\Users\Admin\Downloads\WaveTrial\dist\shared\bin\globalTypes.d.luau --definitions=C:\Users\Admin\Downloads\WaveTrial\dist\shared\bin\wave.d.luau --docs=C:\Users\Admin\Downloads\WaveTrial\dist\shared\bin\en-us.json3⤵
- Executes dropped EXE
PID:1216
-
-
-
C:\Users\Admin\Downloads\WaveTrial\CefSharp.BrowserSubprocess.exe"C:\Users\Admin\Downloads\WaveTrial\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\Downloads\WaveTrial\debug.log" --field-trial-handle=2744,i,16056247233291861037,3038573767245795551,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=2740 /prefetch:3 --host-process-id=26442⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:7276
-
-
C:\Users\Admin\Downloads\WaveTrial\CefSharp.BrowserSubprocess.exe"C:\Users\Admin\Downloads\WaveTrial\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\Downloads\WaveTrial\debug.log" --field-trial-handle=3924,i,16056247233291861037,3038573767245795551,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=3920 /prefetch:8 --host-process-id=26442⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:10636
-
-
C:\Users\Admin\Downloads\WaveTrial\CefSharp.BrowserSubprocess.exe"C:\Users\Admin\Downloads\WaveTrial\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\Downloads\WaveTrial\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3996,i,16056247233291861037,3038573767245795551,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=3992 --host-process-id=2644 /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:10668
-
-
C:\Users\Admin\Downloads\WaveTrial\CefSharp.BrowserSubprocess.exe"C:\Users\Admin\Downloads\WaveTrial\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\Downloads\WaveTrial\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=4008,i,16056247233291861037,3038573767245795551,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=4000 --host-process-id=2644 /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:10684
-
-
C:\Users\Admin\Downloads\WaveTrial\CefSharp.BrowserSubprocess.exe"C:\Users\Admin\Downloads\WaveTrial\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\Downloads\WaveTrial\debug.log" --field-trial-handle=5008,i,16056247233291861037,3038573767245795551,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=4580 /prefetch:8 --host-process-id=26442⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6304
-
-
C:\Users\Admin\Downloads\WaveTrial\Injector.exe"C:\Users\Admin\Downloads\WaveTrial\Injector.exe" 118762⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: MapViewOfSection
PID:8232
-
-
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
PID:11676 -
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe" --app -channel production2⤵
- Executes dropped EXE
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of UnmapMainImage
PID:11876
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.8MB
MD5149e6b831dee17cc2122c64124654b5a
SHA1c4f67f0781345cfc6fdfc5670dcbecf3848afee2
SHA2563095052d066346ec2b48726ef87623f3e5e93400c6dd8b1e45a628fc0d72cf40
SHA512679966f6a48ccf9cac63c36a8f6823ed1476198b08d29368db94584b2be2ba4cb1278f4f6510a520933fd09bb83594ab544c94be4c0b05f1d8ee99443fc49085
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\123.0.2420.81\MicrosoftEdge_X64_123.0.2420.81.exe
Filesize164.1MB
MD5cf5144a59c3b26558c05a5226c4b53fe
SHA1bcf541fbd1bf0168a2d63ead5b06d8918b89b296
SHA2563a848782e612b4fd77d4910acb1a6f91b1eea3336065d4643486ff17e24970ea
SHA5122d46fdc92c09257cfafc9bdd659413d7925f405d7b78a6d9a44e353984d9fd70b7c3e9b87475eeee80f984377fdbb884055f4a4f10b7972746811326bfeb9a34
-
Filesize
201KB
MD54dc57ab56e37cd05e81f0d8aaafc5179
SHA1494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA25687c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b
-
Filesize
280B
MD56a596bdb9717ebbe03f9fa5b4432977c
SHA1ed198ee6ec178332c70f8154bb2307519bb05a9f
SHA2562207b567a1bd0072f509de34aad8def8bc0913ee364fdff266f708e7c9c2d5b6
SHA5123f331df9f9fa82eb0f7d1b43564b9e7ed68a81c46f80120966f386b9a958ce47599d37ef0c4efcabd9301d30b30a7a756c127a36f2e9b5a0547d9ab255580193
-
Filesize
473B
MD5f6719687bed7403612eaed0b191eb4a9
SHA1dd03919750e45507743bd089a659e8efcefa7af1
SHA256afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59
SHA512dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56
-
Filesize
1001B
MD52648d437c53db54b3ebd00e64852687e
SHA166cfe157f4c8e17bfda15325abfef40ec6d49608
SHA25668a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806
SHA51286d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828
-
Filesize
105KB
MD5d4379da2ca7a4b0fc0c04134cc5a0cbd
SHA1aeef61c0178bf3defde7f6c35d2ce53f3d1d6dd2
SHA2566020faeded9672a54e8c204963288b987f667006247a93359c8f133420a72027
SHA512530f46c553f2642b2769b3474cb9b12b522f2031c3c312111273c8ff72513986a782efa3ed6de541a342cfc387827a5b9400690e7de6c35271bb1d3c3ba5d9c5
-
Filesize
120B
MD5636492f4af87f25c20bd34a731007d86
SHA122a5c237a739ab0df4ff87c9e3d79dbe0c89b56a
SHA25622a1e85723295eeb854345be57f7d6fb56f02b232a95d69405bf9d9e67a0fa0d
SHA512cd2e3a738f535eb1a119bd4c319555899bcd4ce1049d7f8591a1a68c26844f33c1bd1e171706533b5c36263ade5e275b55d40f5710e0210e010925969182cd0c
-
Filesize
6KB
MD59404c52d6f311da02d65d4320bfebb59
SHA10b5b5c2e7c631894953d5828fec06bdf6adba55f
SHA256c9775e361392877d1d521d0450a5368ee92d37dc542bc5e514373c9d5003f317
SHA51222aa1acbcdcf56f571170d9c32fd0d025c50936387203a7827dbb925f352d2bc082a8a79db61c2d1f1795ad979e93367c80205d9141b73d806ae08fa089837c4
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaApp\graphic\shimmer_lightTheme.png
Filesize20KB
MD54f8f43c5d5c2895640ed4fdca39737d5
SHA1fb46095bdfcab74d61e1171632c25f783ef495fa
SHA256fc57f32c26087eef61b37850d60934eda1100ca8773f08e487191a74766053d1
SHA5127aebc0f79b2b23a76fb41df8bab4411813ffb1abc5e2797810679c0eaa690e7af7561b8473405694bd967470be337417fa42e30f0318acbf171d8f31620a31aa
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaApp\graphic\[email protected]
Filesize71KB
MD53fec0191b36b9d9448a73ff1a937a1f7
SHA1bee7d28204245e3088689ac08da18b43eae531ba
SHA2561a03e6f6a0de045aa588544c392d671c040b82a5598b4246af04f5a74910dc89
SHA512a8ab2bc2d937963af36d3255c6ea09cae6ab1599996450004bb18e8b8bdfbdde728821ac1662d8a0466680679011d8f366577b143766838fe91edf08a40353ce
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaDiscussions\buttonFill.png
Filesize247B
MD581ce54dfd6605840a1bd2f9b0b3f807d
SHA14a3a4c05b9c14c305a8bb06c768abc4958ba2f1c
SHA2560a6a5cafb4dee0d8c1d182ddec9f68ca0471d7fc820cf8dc2d68f27a35cd3386
SHA51257069c8ac03dd0fdfd97e2844c19138800ff6f7d508c26e5bc400b30fe78baa0991cc39f0f86fa10cd5d12b6b11b0b09c1a770e5cb2fdca157c2c8986a09e5ff
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\PlatformContent\pc\textures\corrodedmetal\normaldetail.dds
Filesize176B
MD5f527b5859d7ca6c080ba954f3013883f
SHA13d00b598b1fb762ae0921bcc49ca189f05f417d2
SHA256ff11c95774ee0405666fa313f1e53ebb46b1352bfff3456ac2b2caccdab07b4d
SHA512e908a29c4316a15f5c16a005c69b402e0525b80e0c3284d6f19074ab8b05d62d079ecf43974b223a68d7c56cbf1789df69ab260553de1aab0edfbdad5e6d654d
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\configs\DateTimeLocaleConfigs\zh-hans.json
Filesize2KB
MD5fb6605abd624d1923aef5f2122b5ae58
SHA16e98c0a31fa39c781df33628b55568e095be7d71
SHA2567b993133d329c46c0c437d985eead54432944d7b46db6ad6ea755505b8629d00
SHA51297a14eda2010033265b379aa5553359293baf4988a4cdde8a40b0315e318a7b30feee7f5e14c68131e85610c00585d0c67e636999e3af9b5b2209e1a27a82223
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\configs\DateTimeLocaleConfigs\zh-tw.json
Filesize2KB
MD5702c9879f2289959ceaa91d3045f28aa
SHA1775072f139acc8eafb219af355f60b2f57094276
SHA256a92a6988175f9c1d073e4b54bf6a31f9b5d3652eebdf6a351fb5e12bda76cbd5
SHA512815a6bef134c0db7a5926f0cf4b3f7702d71b0b2f13eca9539cd2fc5a61eea81b1884e4c4bc0b3398880589bff809ac8d5df833e7e4aeda4a1244e9a875d1e97
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\Cursors\KeyboardMouse\IBeamCursor.png
Filesize292B
MD5464c4983fa06ad6cf235ec6793de5f83
SHA18afeb666c8aee7290ab587a2bfb29fc3551669e8
SHA25699fd7f104948c6ab002d1ec69ffd6c896c91f9accc499588df0980b4346ecbed
SHA512f805f5f38535fe487b899486c8de6cf630114964e2c3ebc2af7152a82c6f6faef681b4d936a1867b5dff6566b688b5c01105074443cc2086b3fe71f7e6e404b1
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\StudioToolbox\Clear.png
Filesize538B
MD5fa8eaf9266c707e151bb20281b3c0988
SHA13ca097ad4cd097745d33d386cc2d626ece8cb969
SHA2568cf08bf7e50fea7b38f59f162ed956346c55a714ed8a9a8b0a1ada7e18480bc2
SHA512e29274300eab297c6de895bb39170f73f0a4ffa2a8c3732caeeeac16e2c25fb58bb401fdd5823cc62d9c413ec6c43d7c46861d7e14d52f8d9d8ff632e29f167c
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\StudioUIEditor\valueBoxRoundedRectangle.png
Filesize130B
MD5521fb651c83453bf42d7432896040e5e
SHA18fdbf2cc2617b5b58aaa91b94b0bf755d951cad9
SHA256630303ec4701779eaf86cc9fbf744b625becda53badc7271cbb6ddc56e638d70
SHA5128fa0a50e52a3c7c53735c7dd7af275ebc9c1843f55bb30ebe0587a85955a8da94ff993822d233f7ed118b1070a7d67718b55ba4a597dc49ed2bf2a3836c696f6
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\TerrainTools\checkbox_square.png
Filesize985B
MD52cb16991a26dc803f43963bdc7571e3f
SHA112ad66a51b60eeaed199bc521800f7c763a3bc7b
SHA256c7bae6d856f3bd9f00c122522eb3534d0d198a9473b6a379a5c3458181870646
SHA5124c9467e5e2d83b778d0fb8b6fd97964f8d8126f07bfd50c5d68c256703f291ceaed56be057e8e2c591b2d2c49f6b7e099a2b7088d0bf5bdd901433459663b1f8
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\XboxController\Thumbstick1.png
Filesize641B
MD52cbe38df9a03133ddf11a940c09b49cd
SHA16fb5c191ed8ce9495c66b90aaf53662bfe199846
SHA2560835a661199a7d8df7249e8ae925987184efcc4fb85d9efac3cc2c1495020517
SHA512dcef5baccef9fff632456fe7bc3c4f4a403363d9103a8047a55f4bd4c413d0c5f751a2e37385fe9eba7a420dbdb77ca2ff883d47fcdd35af222191cc5bd5c7a9
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\XboxController\[email protected]
Filesize1KB
MD5e8c88cf5c5ef7ae5ddee2d0e8376b32f
SHA177f2a5b11436d247d1acc3bac8edffc99c496839
SHA2569607af14604a8e8eb1dec45d3eeca01fed33140c0ccc3e6ef8ca4a1f6219b5dd
SHA51232f5a1e907705346a56fbddfe0d8841d05415ff7abe28ae9281ba46fedf8270b982be0090b72e2e32de0ce36e21934f80eaf508fd010f7ab132d39f5305fb68f
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\XboxController\[email protected]
Filesize1KB
MD5499333dae156bb4c9e9309a4842be4c8
SHA1d18c4c36bdb297208589dc93715560acaf761c3a
SHA256d35a74469f1436f114c27c730a5ec0793073bcf098db37f10158d562a3174591
SHA51291c64173d2cdabc045c70e0538d45e1022cc74ec04989565b85f0f26fe3e788b700a0956a07a8c91d34c06fc1b7fad43bbdbb41b0c6f15b9881c3e46def8103e
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\XboxController\Thumbstick2.png
Filesize738B
MD5a402aacac8be906bcc07d50669d32061
SHA19d75c1afbe9fc482983978cae4c553aa32625640
SHA25662a313b6cc9ffe7dd86bc9c4fcd7b8e8d1f14a15cdf41a53fb69af4ae3416102
SHA512d11567bcaad8bbd9e2b9f497c3215102c7e7546caf425e93791502d3d2b3f78dec13609796fcd6e1e7f5c7d794bac074d00a74001e7fe943d63463b483877546
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\XboxController\[email protected]
Filesize1KB
MD583e9b7823c0a5c4c67a603a734233dec
SHA12eaf04ad636bf71afdf73b004d17d366ac6d333e
SHA2563b5e06eb1a89975def847101f700f0caa60fe0198f53e51974ef1608c6e1e067
SHA512e8abb39a1ec340ac5c7d63137f607cd09eae0e885e4f73b84d8adad1b8f574155b92fbf2c9d3013f64ebbb6d55ead5419e7546b0f70dcde976d49e7440743b0f
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\XboxController\[email protected]
Filesize1KB
MD555b64987636b9740ab1de7debd1f0b2f
SHA196f67222ce7d7748ec968e95a2f6495860f9d9c9
SHA256f4a6bb3347ee3e603ea0b2f009bfa802103bc434ae3ff1db1f2043fa8cace8fc
SHA51273a88a278747de3fefbaabb3ff90c1c0750c8d6c17746787f17061f4eff933620407336bf9b755f4222b0943b07d8c4d01de1815d42ea65e78e0daa7072591e9
-
Filesize
738B
MD58d0ef5149272058a3e68435d2563f32d
SHA1efbb7662d3833e82876be826a694800d6ef6986d
SHA256bf9df031df0eaa94eea8764dd5dd005e7fe97b2efe84dbe6db684c7d67d56f18
SHA5125c69ca2ab11dfd1201ecd3b005973576c663e7cd1100f04754a2869cb578d7cc5a23e6e0478d92e718723341b36533d6bc898ac4699add5e8e3fd55c0a09e45f
-
Filesize
850B
MD5a85c55667f2036763303bceead52cc9c
SHA1f368aa8009b6b192d3b5f2449701e99107625b2a
SHA256ff063434edfb8180408e44d61ff67b39270763bcf5595592a376a0c4f93f1c46
SHA512b053c22496d8050f2972d92607b74a8b4f2c082677ac9282b50d0021186f1f88abd159de11f3780867d22da8e6bd998b12c524bd3ebf906b8519a75f7d3bd05a
-
Filesize
529B
MD53de4542b122dfb2fc5ddbcdec65b1e6a
SHA1bd78fcbe461e06d63b039a7aba45da45b7489aab
SHA25697d0bd44a08ff5a5d76ac87c263fedb115af3fde4d55ac721c2b8312905e68d9
SHA5124ebbe421713a1bcbe9583974717ba08ef7b47a7e664055b6fec440e0a93192527aea0a50b1243cbc8c76bf5411e095c62e1846587d9fee6ca34afdb7edcf8918
-
Filesize
152B
MD547b2c6613360b818825d076d14c051f7
SHA17df7304568313a06540f490bf3305cb89bc03e5c
SHA25647a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac
SHA51208d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac
-
Filesize
152B
MD5e0811105475d528ab174dfdb69f935f3
SHA1dd9689f0f70a07b4e6fb29607e42d2d5faf1f516
SHA256c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c
SHA5128374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852
-
Filesize
72KB
MD547f8e503b36983d33b24d9f13ea01900
SHA13e871fc02c62e2c7e00c1d6fbdd45d82967595eb
SHA256d8122145edd4f6055d63655631eeefcd28ef64ccc45b7d0f626a72e0194e7d19
SHA512e776370d96b2418b7d4f1ad8341f230cb9e39618b47daf8b2e5dd2ecdf47ad21ca5164a73bc971ffa7e4b5ff38305f4903ec5f8389288eb7ee6c540a14af2241
-
Filesize
65KB
MD568b24c33a1084c384158245ee07e703f
SHA11f40cdfc988534806606faf81344ba79a1528ed9
SHA256f95947735f1ba1e43b46a1ddc7229b71d37aee7821495f87f1f2d25563d47fcc
SHA5121af1c596736b46a538a06285196d05054c062f29335080d136d325dc305d2d65d266517386d8d54a37de94036c878d9ababa76d9a5f5e8d8d07236d5ac0bb9ed
-
Filesize
38KB
MD52b7ec9fe5044c75348bc52964bf50b78
SHA1039e784c53ba423877c5c845ffb044abbf4c110e
SHA25671c9403962b1f930169325d2c812125a0088d2a695609486bb6f31185e84ff97
SHA51292cb64599e198177093bda32e1c962fdccaa049d9875292b97c6b014d0d0afde750dcef27151751dda3f8639df41bed611bce7816c04d4e581b17b132d169016
-
Filesize
19KB
MD5d426c43c6cc7a7743d76db59c58610b8
SHA1a7c12e4dd37ff6845d6dd4a44186ec2a0a9f3c7c
SHA256c4b8cdbb769d3093115c63894cb191f91fd40cfae265a140ea300e09578081c8
SHA5128fc77be70db2bcb89172fd5251367534eacfbaba60313c551a1837ca57a0ab3d4ca15ac9e6cb48dd9fd1c31b7084a92eb2c301f30e9857e21b5b64bac72415b7
-
Filesize
62KB
MD5a1049ef0608a6ddb0ab75cb79ea8fe19
SHA1cb4693e21215e7d9a59bebc2c8b56b9d127dc137
SHA256bd762e8d2cc3fdb113012bdb3d340aef64af2a1b91d1a787bc3de8198cc11346
SHA512e52517ff69a27f3d34a20c67b3b3d5cd86b8228287ed3b924e97a8f893f0aab09ecb1f19c2ea4dfd54cac507b4ec99e8f0ea23638d0384d4337b30294db619e1
-
Filesize
31KB
MD544c814efc5001b046870408993412f9b
SHA14eef0368867c99e6f174fcd3c9eac2b8034e612c
SHA256c4f2c55404dedc4a65520e0007f50105d5d6927219c45da46d964633bf42a4d2
SHA512f45bcc13a09bd311fbf8bacabce9bdd9927e73b90075ea6bf500f3ebd0636368d65761d2ae2d9c295266f2393e6b67c4007efef1add09cb44cac5d34cbfb3e81
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD569943752863f657db194acafbf30ccd1
SHA13170138bab598816fb70089805ea320b74585133
SHA2569ff19ccc1a216d4b127ea4b9c5ca50cc780deaf46b1336b72c6b47234ea2ed97
SHA5127ed8450d78159a2732a51d16909bd23de66a9e29473c18470dfd4cb09534574c2f2ac9ab6888b1d2049fb0bea2d1a842dce85433f24063a836c51efec3c22d93
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD57f6d7d6106238479b9f3750b98d480ae
SHA102409e89eeaeef6e16aadb2cd26ae5fd6c4dbbd7
SHA2561f2534f936f3108a68ed1c9b6656ea57c896a348d2eb91b941ac992a2a383c4d
SHA512fd24801e43bee792ff498d46048c988d0897bf071aef332db888d9ff22cb68218fce1690ec8d933b22a5a9d1eb9e7a54140fec22c2bbb5093b724dd09983a101
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5ccc0bde364a167681217cb088d50821b
SHA107dac2f663f33851d7d41fbe0a44e0d69dbd2eb9
SHA256371f1cffa60f95a78c19a38a48f836474e42c4f1ff687f5bd239f38be71e2489
SHA512c18ac86db9d89dc82c6e66a9127760ed1b68c2c9e993451f3dbff0793cf557ba0345f0a41aab8332995f955c402814deca984137f2248167df44af92078aeb82
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD5b90b6bb7f11f5216b6f3cacf0a3b7a68
SHA14eeb301cb0270338636c091569be19fdfd806a1e
SHA2565554f4e83f4860e72f630f4eae14b62510b47bf73270a0cf076593e21449f310
SHA5122aa840eda30a7f590b81171e438c2a78c5350633f0a679781397325a80ec719f43ee26c0fd02396ce8211d211a769f3ede7444185d2065711aeac9ed26e8d1cc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD553eb98dca25964e140959a84ba12c033
SHA18f5fc7cd14d15efe68d30735c90cf8476b33779b
SHA256b7e84c5affcef5d799ca490dfa8d8f6b165cdb4dcff0d914face12e299addacb
SHA512a6b1755c35331b3d56201d0827e142cbf4b15a59f7da49d85f0930da9a3b015c51e6250e9b943636ee7b06efa9115e60058fe73561f3c342768e5f5e78065ff6
-
Filesize
15KB
MD5a9f5d91e0bc32b4f664dfbeb8e5e9c68
SHA152b19f3d83cffffedfd9f2d5cfc241273f220372
SHA256632218d83a594d3fac1017812e0e4d292be4e6029218fc3357e572f409479649
SHA512bf1fe7a7ab8b1d6aff3efe4721386645e2097c9e11caa8f0a5a18ff3cce5dbae36473232bd19cb1ca89c8e572669d9a1684032382ed50bd2f4f43aabf11ed7aa
-
Filesize
15KB
MD5c398b85e3c44be065b9e68c1d3b51602
SHA17cefca400111b926511aa48f44d57f162289124b
SHA256222df9dccf6279a9ae7698dd107af666820ee18e086f383efc7660cd1a3aed86
SHA5121f5c79e4bfa4102934a6a21ad5fa22b62416f14d5c3de02e3580906192fcdf0c6b7736becd8a1d7f65ad97ffb70665d9dc36a34f078a786909f105fbb381d321
-
Filesize
6KB
MD57538246fde456fad55ce97adc751155c
SHA1ec7bb9c25f741a86a603083f526e0d4f715e9ed9
SHA2563b82c537715974e31903ddab86ad35355b44d402f329a521cc7e85e96f9626cd
SHA512e513d985aa1c0c233c864cc8aa4a5ebeb527f20ff8c43955b1b411c7ac618527199050d2fe9e7631d08d42475ade8b8d94abecac070f7a14294b7c2ec717a3e8
-
Filesize
6KB
MD58eae124ed536ec4bfa9ff2292cbeb9c6
SHA1a80dedcf2326e85d41dd674051290f6be5d74c6b
SHA256841acf7947b751f2c3c6159be7d978728c658c30a3fc20ec21448c042c804e53
SHA5120bd2924d0c4685a86bafcbbd60f322cc576070503260d6c75719a4dfa5d06b00a843fe3e05a9a30a95177d49f32aa0090c8f7594c4dd123100230b247110581e
-
Filesize
9KB
MD5492cb0352c780d522589da93b16d5c2a
SHA11b96432b1f0ce2cb114648c37bb9dcbc0547c6d6
SHA256df50d1bb4b56298ae7f8045090ea452bca6ff5e489f5413ebd8b2f980fd2048a
SHA512a3b91354a8af5d8b04f27bc1fdeb91ec8b29273caccf31be3623652361cad4db5eddf794248447d6cf2ad2f78051ca02d443a806ac6d4b7c758aeb60d5d66079
-
Filesize
16KB
MD5f5a2a6c341b00b81521f73698ddda6a8
SHA1acfd92c3b0a0c76ae9cc6540743242770ae19e7b
SHA256364f48109fb4cb84be09ea0491372ca22efd9f9ea5e53e8e294e709f3c8cf77f
SHA512746cabd8f1bc3915334548cc0261557e570ea3338d4eed864c50a86657c8d8eba30c02e7500f2d02327164add76c6226fc62d5dca9c7d868e8809075cfa066cf
-
Filesize
20KB
MD584cfa3e0cfdb51769651c4c118ed1e8e
SHA19c1b44f55904c8e47260a2012e468be4a8b2806c
SHA25638f63ab004decee8792afd7fb8878c8d83c610c623920bdd40cfd8a0ce29e5c8
SHA512ca4d14bc381180b5677906e688eee9ab4bb72c4173882e7334e7a8e6ae990699ab59d601d8769809c116fbee77d9515218e6f4e3845a21de48e5c733c0c3fc52
-
Filesize
20KB
MD52dbcf78b5e8244d25e5d08e8df5152c7
SHA1457e8bdc544ef5717819e30d1813b2d290871e61
SHA25653fb91ba6db6343a7a0ff4897feea7b03424a9f8425f46887ce29bd14f0dd8fc
SHA51265ab203b36e87c71313eb0e16dc9d3120838f0fad93c11d197c3b349cb01e1f0d0b5f0ebb3f6ac25cf541bdcb1070a17f2fc74750f1a6c81db83d9eea5faa741
-
Filesize
19KB
MD573255fec68f4de65253b70980acdd5a4
SHA19442de8ad9c4a678bf00de905cbb278dd94f038d
SHA256fd52684fc02d35866baec898baad02cafff08b1621e8c3815223ab604ffeccc1
SHA512acd9529e27ed097a561aaac7cf5ec55e09ced454519c6dfb63a0aa13e95d1e3131b66cc93ce7f55177eff84f43010bb38e8e9decd75f256e730823c2a0579ff6
-
Filesize
20KB
MD5a6607057db9fb680e40792f3ca0464db
SHA1312e4b27bd352d2b82adac4b5d2abf3fc8bb6c7a
SHA256dd0cebe14bebeca197d34ca64b9695eabd95479c15fa5d7cc465504eefae04e5
SHA512c57c0a2232c0295dfd13702e739858b4f27e62dc135765dadf1117ca285643419a82b5cefba58652719b7d375f8c5a6d3032061abc212ed45ca3ecb9137e9b7a
-
Filesize
5KB
MD54f2e936a8a5d58679e74f2cdc9a28425
SHA1e9b8afaf3d3dc7c640d44f32cf6b012e96b0a973
SHA256e7bb1901ca98ecbd0f31452d6aec85f5575ceedbe3370cc2113fbecc8c832649
SHA512e0f7d4e50ba1fbd6857200adb339eb8489c31361f82e0b7997835ec756c2be372fde16e69a4a7f9abb0c30527a3499153c14c63028b7ed47259c08b60e129f6f
-
Filesize
7KB
MD53765047dec0dd1f590a1a4b5b58693d5
SHA1c30fd829ed5c9bc74ce9791c1cbfd6b372c43115
SHA2561c37ee9806dc980856c013b80b4cc0647d776b870c990abb135c9032e7d4cfe8
SHA512159cecd4dbc3137beea1a989d21dfcc76574d59223a03596093c11222449d13078ce3bf7ac2772536d132f8ed662b79f7265e86ccdfa49ff940f7cc668b497c8
-
Filesize
7KB
MD588dcb397f6553abd842b4d285d73439b
SHA15cc894bfb5dc788724d999a6e66fc836ae3df4ac
SHA2563f18fc90ba88547d64892d3205aaaefdeb6111ef2d42a0f5aabc7d262f335c42
SHA512792fad99a507f0294a65c6befd4df5a43a48d0739c50ee07cb5c0fa0a8d64178fc4bdb829d88334c4ec90623d424ec0e8bbcee205522e7ad01dd3f8c5dacbb3b
-
Filesize
2KB
MD567e3100d3977ab48412030b54caad9d8
SHA192676c1534a00b4dd105ef2ed57ea408c8e6e5de
SHA2560948b2305e58f909168c37bcecc6a40c17879476ebfb40609b4f01756c039d48
SHA51261270e86c40915856134056f80c4473de55f748db26ffff76d552ecde53ffdc91992559b472f841c026273e21570777b3373a24d718dc37779e318b28fa4135f
-
Filesize
4KB
MD516cda11b7f0de92799ba96d9954eadc7
SHA1694cac831f311ffea943502b0d13c801a1d4fc62
SHA2561c07adc01a0281ce5ea9efd8b93ca9e07be3a72d38e8cbb4947ef376a7b6081e
SHA512624e7230d201cf6491ea13438ef302705fdcacd64beb4a803a64bd9bda7a46a94e43185a49340459fe46d64adabf72d6b4a405a482f5835cfdbe77ae8c45d6ee
-
Filesize
5KB
MD5606d94c13553598bbc7342347f6677bd
SHA148ad52ca502829d9431badd3eef1872f7a0dd555
SHA256e7e5ffb2a3398ff833e27e4ffa74fbb33c49b609da63dce51a601a47e13bd419
SHA512f61d572855d6aeda5faccedebf49c89e1c3e7cad755df190be70fa78a3354d44e400849fafe24db40d8b15532f75c9a302ca0188847e281ab1df5ee0464f82d3
-
Filesize
7KB
MD5c429dc2210ca4beab089191ebe9308e0
SHA1586ff4805a0f370c7ddad53d246a80304993c756
SHA2566bc3634b9c17b0d1f05c727c6ee913815cf0b23a6b2f615ad3e762396329e139
SHA51230e8291a178d4461b45c10c4420c40944c8691abb04cba1aa4bbf73e133eadf9f0091c0f1452bd08feabb4bb4a319530d6f9a5ea7eddf2bea2b62dbfb0e8ce9d
-
Filesize
5KB
MD5c5426e8ea31058622c9fe675c47f1dcf
SHA179c6e3594ca3c570e95adf244c91ce6cb929cde5
SHA2565e3ecf6ddf37f10c832616a20c99a6b3fa4368c7ff5d2fb97999062a7d6d3a4a
SHA512bf64bcc8c9de23a564f61e9bcba1b7076d1807dc9b3684b0db8cfba70f580e9d0f84215cd4f79de60161f52a22969efda902e511a3ba69a578c8e2c80d41eb5e
-
Filesize
7KB
MD56f0a511d833b12734a3d07e7885b84d8
SHA179d58d94620aa5d34a2b7b943b19ec1f1e8041cc
SHA25628039b1c6f4167897c3a9e66f55341369b419d2638f19793e178d418d92276b8
SHA512fae580451e0b4b95d931771f1fb9677e05566aad5f20188630674f20c0994242b35673b92120012f2fba7d6bf13cc1b12b447861004a19facbc4277f844aea76
-
Filesize
7KB
MD513987f5d1e0178033220e75a08009fa4
SHA150d7ec7402c0e6fd5c2154c104d26f38886e7c7a
SHA25662c3c8f0a041dffca976e4ce5916ff8083b2c1ca41e96105177a61a575fd0527
SHA512723e89438e78283aa82420c276fc57746735532fc857c1e69bd0a7f6cf600ea1aa32fbe8a299e5b006b629d436be4a1dafd23a5c1702573be192f6d43dc8f875
-
Filesize
5KB
MD5d4f6f7f89e03a77fdb44a75a7be94e50
SHA13e22e5fd68fb8d50a485551dfd808fc354fa3582
SHA25602cd6f9dafa20ab8ef41b24e3d4b74cd007eabbc4f6d02d54030f9995f8ed6e0
SHA5120857d4db097658c00048f4ef2da64844102ebf3546401db7f3c5ffb537a5678e2e216053e2a4db251e5828e28f4efbea37553472421789e6f3cf186f5bb2de06
-
Filesize
536B
MD58e692daa802adde9adfe2cc14007ae41
SHA104953a8849f2198dcc302dcf9af854cb0627ee76
SHA2561e2f2adc6209b08cd8c5211cde380de1acd6b04b8c229f00a972a90112edad35
SHA5122a2281cbcd852da3ede1eb870aed0de2ede04a9eca4aff2d498803497b5690741b2c88c5c9c6fcedf7749d3265b83f3d93709f272ecc9dcc924ecde84248506a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dd102711-7ee8-4f3f-b51c-3326dc1bd08a.tmp
Filesize5KB
MD533f603e541458226d74403ca18ec3b84
SHA12e20567267a8d7b274f0879a0dc52555a4a14803
SHA25627497c5ae9e4a31fe501e5eff59e4268f50883b7795b5ac2fc0e9a410b936e8a
SHA512c3387ec6fd1004d74583b94b6c3e380979d00ea38e19cb83d78102c0b5e5ff471be061921f69af360aca9ada11f4835bd1f6eda859dcd58339a63ae35e3733d9
-
Filesize
12KB
MD5d2235f0caa0c492bc5ce8ea68845cdb5
SHA128ddb8f24ea08d1ccbce7cd551e47e0b309c434d
SHA256641f9a1d2988b0fdfcee43c404d47f5ad0b619e414b5aae853e658bdaed1dbb6
SHA512cdb74097f9edbc9e59f2689af78438d13eed5aca5086ccd26f4251a92552907bdf4e990b81dbf985548d43bef79803aa89fa575f366983887527ac78d1410fd1
-
Filesize
11KB
MD5ef486eb93e899ab572f540b01b6c3248
SHA15648a71780bc45885078e018de7203e9f001867b
SHA256f400f5a5d69bf39d42e37c1a5a3c9dfd6adf38b2e7c0ea8e9648c4b57d93e871
SHA512d9c78b6ba37bce89026d74983d05eb15017c955fc82b7c74f08d0dfe881193e2c7a08a2579475c0edadd54147b1328f1aaaeb6e40166791392ac8912e694f18d
-
Filesize
12KB
MD52aa212806e6c6108aec0c352a08b13bf
SHA18f36cf555824b983b20a9142637cce5fd2ddf57e
SHA2569f2f00b401443513df67a1d310e4c09941d141c5a0c1afb70fd3406a8cbb6f71
SHA5124770da058521517984ebcbc3a19c7a64d2a40725201031d5b7c4f15089b07153ccef846cd9fd71877bf89405171169f7cb4c4efb878ad640ef1ff1e54ff6ee7c
-
Filesize
7.6MB
MD5dbb820772caf0003967ef0f269fbdeb1
SHA131992bd4977a7dfeba67537a2da6c9ca64bc304c
SHA256b2ac1e407ed3ecd7c7faa6de929a68fb51145662cf793c40b69eb59295bba6bc
SHA512e8ac879c7198dffb78bc6ee4ad49b5de40a5a7dbbda53d427d0a034941487d13c8bb2b8d590a1fcdd81cd6abb8f21fdfcd52924eb00c45a42ee06c1e4b3d590f
-
Filesize
156.4MB
MD50159c8632597db4afc30105f24cdd3ea
SHA15e80272c6ff0d820cdb0a4f98f7fbf0d558f5957
SHA2560ff0224edb6a27b5c23adc7fb759864bb3c645f2cf2f38d0a0290c1fa691fdd2
SHA512587e4dc7ae21036f3aaec3e99955670ef0c457fab23db79b71f0963acc79a1f2eca61b2233b6770672a139b0f8a9ae98ad65bed2431aac476fe7d4e293e666fe
-
Filesize
897KB
MD516f8a4945f5bdd5c1c6c73541e1ebec3
SHA14342762c43f54c4caafaae40f933599a9bb93cb5
SHA256636f8f865f23f2d47b73f3c16622e10b46437bbf7c89b0a2f70bae6129ab046a
SHA51204115c425c3015ee4355cde2a6e5e28ec24745ea77761a40c0986b54dc14bc67cb142986988d79df87e75ea54d21ded9384842e01cf0714b84f7378e6a13400d
-
Filesize
114KB
MD536946182df277e84a313c3811adac855
SHA1bcd21305861e22878271e37604b7b033ec347eb3
SHA2568507a4662220eca49d7d511183be801cd394f13dc0e9898c55361020fe9a4720
SHA51280b1e947b1940dccfe5be8a1ba1e8c1d9eacb122d73724a21233164f5b318fa57c249256f621f0f9c1e6a9e4c902eec58827bb899e20f2990f4ade1d685f1abd
-
Filesize
7.0MB
MD5a8bd4a6b2f1d00928e61870a5688c13d
SHA1e17646d5279534f2e3eb0e0cfc8b6c536bc0c095
SHA2562c51f67e236cf95e2d51df4178699da09869ab077924cff0b3df1c512878ef2f
SHA5126b5175beea4071668c87b16af3177bbb2cbaff6b28909dc1e09ad5b16b449c62d6adc372a0094de627fe9835f0c474d16708c3f698355ba1664bf321fa19f5fb
-
Filesize
4KB
MD5ae882f91fe4dc052fabd06774b2d30aa
SHA192cbe5c66373ea3682116fab8068534920d281d7
SHA25650bd62b7fa97cb9564c4b418034138f30af993f84988b085e2b16d39aa74d79f
SHA5123fe7174259817beae8101e2ab7be068b9030bccff00a1f5aee13cfab3585037fdb1f9b470feea212351f85ec96f31da63289e4574d69e4ef413fce3fda3c6c78
-
Filesize
302B
MD5801b80146dc98d71f1e858ecb80a0ffb
SHA1e81e181133354fd8c83a58230e71887dbe406219
SHA2566aca09ff0ab2488bd827b04d268f0be01427c4bd42b8e457bf1b67b2d968b388
SHA51272dbeea7f9200824e91d08d859b758a897803bc0d8aabf00e8de43bb743c38c2fff30a59402c0a905e5cff6a9a9d4da339b3280a1405770e2757beaf0e716f0c
-
Filesize
3.4MB
MD5a19bf5e804004e0397a4547f9a8568fe
SHA1daad35851be0986f1a99f5563976309c2f7fc800
SHA25666909b895c0b86eb1edaf95c0d728939a4986f01bf5112023bf52a6afc021155
SHA5122e98dedf48e2f16543ef28cdfad832f77a6250f6e71cadd2245e58aa4872a91934f390ad8552a1c59b035ead123904b95c31a1fb3d7ba3dbf49968b018755c5a