Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://telegra.ph/I...

windows11-21h2-x64

6

Analysis

  • max time kernel
    235s
  • max time network
    239s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21/04/2024, 01:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://telegra.ph/IDA-PRO-77-CRACK-01-03

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 12 IoCs
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 38 IoCs
  • NTFS ADS 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 51 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://telegra.ph/IDA-PRO-77-CRACK-01-03
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2420
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe71ba3cb8,0x7ffe71ba3cc8,0x7ffe71ba3cd8
      2⤵
        PID:4964
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
        2⤵
          PID:3500
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4588
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
          2⤵
            PID:3140
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
            2⤵
              PID:3904
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
              2⤵
                PID:2100
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:1460
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
                2⤵
                  PID:4780
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4988
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
                  2⤵
                    PID:4740
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
                    2⤵
                      PID:4508
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
                      2⤵
                        PID:2560
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                        2⤵
                          PID:5108
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
                          2⤵
                            PID:1764
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
                            2⤵
                              PID:2060
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
                              2⤵
                                PID:1164
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
                                2⤵
                                  PID:5104
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2488 /prefetch:1
                                  2⤵
                                    PID:2464
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
                                    2⤵
                                      PID:1148
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
                                      2⤵
                                        PID:2680
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2776 /prefetch:1
                                        2⤵
                                          PID:3068
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
                                          2⤵
                                            PID:5020
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
                                            2⤵
                                              PID:2888
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
                                              2⤵
                                                PID:1112
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
                                                2⤵
                                                  PID:2368
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
                                                  2⤵
                                                    PID:912
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
                                                    2⤵
                                                      PID:1464
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
                                                      2⤵
                                                        PID:3560
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6988 /prefetch:8
                                                        2⤵
                                                          PID:3792
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
                                                          2⤵
                                                            PID:4128
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
                                                            2⤵
                                                              PID:4956
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
                                                              2⤵
                                                                PID:1136
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
                                                                2⤵
                                                                  PID:4316
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
                                                                  2⤵
                                                                    PID:1708
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
                                                                    2⤵
                                                                      PID:828
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
                                                                      2⤵
                                                                        PID:2920
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
                                                                        2⤵
                                                                          PID:3164
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
                                                                          2⤵
                                                                          • NTFS ADS
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:1948
                                                                        • C:\Windows\System32\msiexec.exe
                                                                          "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\7z2401.msi"
                                                                          2⤵
                                                                          • Enumerates connected drives
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          • Suspicious use of FindShellTrayWindow
                                                                          PID:4496
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7112 /prefetch:2
                                                                          2⤵
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:3904
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
                                                                          2⤵
                                                                            PID:1408
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
                                                                            2⤵
                                                                              PID:3620
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1052 /prefetch:1
                                                                              2⤵
                                                                                PID:3400
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
                                                                                2⤵
                                                                                  PID:2032
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9593948723743051104,2470078118314032808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
                                                                                  2⤵
                                                                                    PID:3332
                                                                                  • C:\Windows\System32\msiexec.exe
                                                                                    "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\7z2401.msi"
                                                                                    2⤵
                                                                                    • Enumerates connected drives
                                                                                    • Suspicious use of FindShellTrayWindow
                                                                                    PID:2156
                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                  1⤵
                                                                                    PID:240
                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                    1⤵
                                                                                      PID:2620
                                                                                    • C:\Windows\system32\AUDIODG.EXE
                                                                                      C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D0
                                                                                      1⤵
                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                      PID:652
                                                                                    • C:\Windows\system32\msiexec.exe
                                                                                      C:\Windows\system32\msiexec.exe /V
                                                                                      1⤵
                                                                                      • Enumerates connected drives
                                                                                      • Drops file in Program Files directory
                                                                                      • Drops file in Windows directory
                                                                                      • Modifies data under HKEY_USERS
                                                                                      • Modifies registry class
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                      PID:2324
                                                                                      • C:\Windows\system32\srtasks.exe
                                                                                        C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
                                                                                        2⤵
                                                                                          PID:3220
                                                                                      • C:\Windows\system32\vssvc.exe
                                                                                        C:\Windows\system32\vssvc.exe
                                                                                        1⤵
                                                                                        • Checks SCSI registry key(s)
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        PID:4456

                                                                                      Network

                                                                                      MITRE ATT&CK Enterprise v15

                                                                                      Replay Monitor

                                                                                      Loading Replay Monitor...

                                                                                      Downloads

                                                                                      • C:\Config.Msi\e59501b.rbs
                                                                                        Filesize

                                                                                        20KB

                                                                                        MD5

                                                                                        27b42ab4697acf9e3c602abb021266ef

                                                                                        SHA1

                                                                                        7145d81a12e33661da4f2b8fbef7eeaa3df4081b

                                                                                        SHA256

                                                                                        efd766cc9c220dd6e618b541cebf7653198d8031cc148ce754e29cbb499fdac9

                                                                                        SHA512

                                                                                        ca6657753abcbb32942d58904c9a99e4ee5a466348d5e1cbb79473cd10ccae0bcaa42a8eecbae9fb9aa881e6db97e07052f16c70c5b111bc31a576b15811626d

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\50bf511e-1ab5-459e-8a9e-4fb1d77f263f.tmp
                                                                                        Filesize

                                                                                        11KB

                                                                                        MD5

                                                                                        de13025500b6ef9207df52cd24c80551

                                                                                        SHA1

                                                                                        b056f0d363478f474bc0306e2be867e8cd0817e4

                                                                                        SHA256

                                                                                        ccaa1bd2d31eb6b6ad3e53caef634f6ebeb6213335eefe5da8f314968ad2b4da

                                                                                        SHA512

                                                                                        1a2723be8fe5abc170255f1519a0c57cc0440c3b535972d9341d0acae3dff3ba75ba1c6740e653d0a94181d0629ecedc3293dc6d10cc3889568301c76ed1d3e9

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                        Filesize

                                                                                        152B

                                                                                        MD5

                                                                                        0fcda4fac8ec713700f95299a89bc126

                                                                                        SHA1

                                                                                        576a818957f882dc0b892a29da15c4bb71b93455

                                                                                        SHA256

                                                                                        f7a257742d3a6e6edd16ac8c4c4696d4bdf653041868329461444a0973e71430

                                                                                        SHA512

                                                                                        ab350ca508c412ff860f82d25ac7492afb3baf4a2827249ebc7ec9632ee444f8f0716389f0623afc0756f395cf00d7a90a0f89b360acdf72b1befe34eecb5986

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                        Filesize

                                                                                        152B

                                                                                        MD5

                                                                                        21986fa2280bae3957498a58adf62fc2

                                                                                        SHA1

                                                                                        d01ad69975b7dc46eba6806783450f987fa2b48d

                                                                                        SHA256

                                                                                        c91d76b0f27ccea28c4f5f872dee6a98f2d37424ef0b5f188af8c6757090cbb5

                                                                                        SHA512

                                                                                        ae9ba1abe7def7f6924d486a58427f04a02af7dd82aa3a36c1ed527a23ec7897f00b0e30f22529e9599ae2db88e8abc7ba8013b426885aa3c961ee74678455f1

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                        Filesize

                                                                                        768B

                                                                                        MD5

                                                                                        54616b02b0f8d135a868d7d3c236935a

                                                                                        SHA1

                                                                                        6b6484d6c5dbf48d1641458c1828dfa8a312d0ba

                                                                                        SHA256

                                                                                        fdb9f3640a1e059c27a33bd7f71b1329088c1d8a3a5470c9c29b1f3084f557fe

                                                                                        SHA512

                                                                                        4e37e57ac5e1050df6b78d6565aa3e9dc92f51806d77fed7889ed1719f8415311a3793e6bbded8a8eead7510e02b860a4dd2acf2005a937425d8fd1c4e8aff7a

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                        Filesize

                                                                                        111B

                                                                                        MD5

                                                                                        807419ca9a4734feaf8d8563a003b048

                                                                                        SHA1

                                                                                        a723c7d60a65886ffa068711f1e900ccc85922a6

                                                                                        SHA256

                                                                                        aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                                                                                        SHA512

                                                                                        f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        b6afb63d947e8914bb1b1d0fcfcbb636

                                                                                        SHA1

                                                                                        b4173ece8d085e1e89b1bf95976f50a42f558efe

                                                                                        SHA256

                                                                                        0a0a34f3cbec1be43e47e37b945d96562f0b23310e76515e3612d5ee4c316519

                                                                                        SHA512

                                                                                        45f7090ecf9027d88fa3396ba13e6b8eb36bc9c90b1cf77e84f62ff8e0bc24c409a248280cd9f577428ccb65d9f9984610222a1a8479a34e5f14efb685f61cf6

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        bf6eea5c21c7f6918e24e42ea65d6544

                                                                                        SHA1

                                                                                        fd2f87d784d775ef47d094a6861b0f127686a0f2

                                                                                        SHA256

                                                                                        1b0a36d2d31f8a2febebcdb1ff15a0cc8e2a8b6879de5c3dd2d2a27a56301c2b

                                                                                        SHA512

                                                                                        d9bd28b1f6e09a7ad1e19f75c2a7a168294facd9346ee2827c6d78e88ac55927180a19143c75cbcf7fc02f8411ebff803f335fa953db2af09afe9c66272a17fe

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        ba08c9a0622031b22c0578f57e6fa8ed

                                                                                        SHA1

                                                                                        238a9f107120a8bca41dbc0bd825d09473fb7f8c

                                                                                        SHA256

                                                                                        03d71eb6ad87a0deb3b36b8f03f403cfbad7afba5a0cfdc05aa7f097d589c202

                                                                                        SHA512

                                                                                        17efd983f021b7ae7c59f0a1932b3ac2f4d8b645a31cda26bfba8eca9a1aec7ead8f1bb006758ef0f3cffdcfd33c103443cec72f90f0f9de5fe837163909a806

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        8KB

                                                                                        MD5

                                                                                        54b5183c601ba69d35a767cb563f0e7f

                                                                                        SHA1

                                                                                        dcb5c2b2c13f8f80ae8663cdb7d37bd92d58efa1

                                                                                        SHA256

                                                                                        9ead8bde9bd168a203f7884504d1349db210a9817d1ad9cf8d0e8875f0e994c9

                                                                                        SHA512

                                                                                        8bf0ad2301690d53e07da25c2732f3fcb785be777bd857ecdc6b94cf35accec6d63b8d087deab782ce55946bee0f003068e8c38b35faaa10042043b6fad83389

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        7KB

                                                                                        MD5

                                                                                        5a2ae27970770f5e3676f37983ea59d9

                                                                                        SHA1

                                                                                        4a5b39b47b9b408d178d041d80645ea435891690

                                                                                        SHA256

                                                                                        1eb60e4aed2aa3180a085a796c8f58b0297c76d4676b014bb53ea78baed3ef48

                                                                                        SHA512

                                                                                        391619d4f6704178b57762cfdbb17d489140cdbc19d0d04b270c8c5ffb2faff5ed5c40e85834d6522e6a4d8dda37661b1b9cd1cd331b3b89a35041f5f1d18ced

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        852b5f5be7836a168455417fef2ba562

                                                                                        SHA1

                                                                                        d0028f9053683f7f73c6b4384f5225d44e9f1b84

                                                                                        SHA256

                                                                                        c8b5a9c1b122f51ce37e229910579a39886b8058abc6f6b90bcf2b66771bf4ca

                                                                                        SHA512

                                                                                        d768f718ea7b5abc053e3d3cda74489cb6726dd43b680220d1e18578f48c92009b7ac79e0fae8164f1aaee1c73781e34175a99eb7172237b297ce975f1445721

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        7KB

                                                                                        MD5

                                                                                        eadb6e054d59d921625bf96371d72355

                                                                                        SHA1

                                                                                        0faa6b5a051f25300dec91692b6e821d3c8dc9a4

                                                                                        SHA256

                                                                                        f00a406df63ca0e54d88cae9c094c8a851256886050afb52f5c3f6b46b30e3a8

                                                                                        SHA512

                                                                                        e201c2d1bf950ed09e4968ec062b4ef0b0c0c18ae07891d6fc633617d1246ee15a29357c5ae55d677cd244c752546e15d78feaf0abe4be8a09cd6845dd540718

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        d9be1c3165e0f0827245c0f3cb296374

                                                                                        SHA1

                                                                                        4f45a9c20b30f79b5a9a10a5ff4eb81f813d3db1

                                                                                        SHA256

                                                                                        ce3f8fbd2806ce6e53ef338f6877484d8dc463cac003bcd6f812ad5937e4be81

                                                                                        SHA512

                                                                                        caa0b7b6f908f1ae27dc78db5abf8922ad3e869c0753f752d7608a3c0ed333b801bc7d2a08c1ad9b04e470b5151ac4c0c44fa629a4c7b19252e633650f0df904

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        3f0e7276ca5ee4d9dd17b16258ded554

                                                                                        SHA1

                                                                                        71e973d5d08fe2ea5c3fc7bfe5a215aece60fc76

                                                                                        SHA256

                                                                                        97a95024d3c70ce36a11c98cb21ef0b382a490d76a2288e06d07a91e44938873

                                                                                        SHA512

                                                                                        5e451ab12acb4955958e1296a6ab11b4756080dfd99c9d505650d7b7f5a97f835eac7c88534dcd04a24adc20c2075c775d0f2d7180c8b0d4f998c169a7e6257f

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f81b.TMP
                                                                                        Filesize

                                                                                        539B

                                                                                        MD5

                                                                                        90cbcba9ff0a747f1f306f656b570cbd

                                                                                        SHA1

                                                                                        138d1638c38903ffcb04037b5d73b9190373bf05

                                                                                        SHA256

                                                                                        53f2c475c7665db05d5f2cd7afb9ad260185e06635a104aaafa842ffedc3ab03

                                                                                        SHA512

                                                                                        3e71db312a1b29c04f0d3b22e7432ea1097eac535ee9559a6aecfcb042aaac78dfeb10fc2c3259beeb0d2a2325801798715c7d9d0d6fcc12e7faf3ae80b32c0a

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                        Filesize

                                                                                        16B

                                                                                        MD5

                                                                                        6752a1d65b201c13b62ea44016eb221f

                                                                                        SHA1

                                                                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                        SHA256

                                                                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                        SHA512

                                                                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                        Filesize

                                                                                        12KB

                                                                                        MD5

                                                                                        3b78f1fb4e5b46d471a5ac8c8a35b04e

                                                                                        SHA1

                                                                                        1de1d612295ec1378e39e35871a1382efd9fb35f

                                                                                        SHA256

                                                                                        0cdb5bb416b4414c043deb6b677e32d22f1defe2389fc8798100888968b1335a

                                                                                        SHA512

                                                                                        0ac866c68015894036e11c3de70036d4194dbfca63678b6dfc4a65133c84fb3eff22504108e6eb4e548c82997319afe18bb4d886c37ae59a8699713092c55018

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                        Filesize

                                                                                        12KB

                                                                                        MD5

                                                                                        146f2b529d4a3adb79905262bec715e8

                                                                                        SHA1

                                                                                        ae374bb74167c4161537161428ce9193964015d0

                                                                                        SHA256

                                                                                        4f3842d78dd6a1ee3b41464af6921c990ce0268c59ad66292a904769db45510a

                                                                                        SHA512

                                                                                        5aa295c4b64658611a224bb066a994b17b17b067c65965d3c4e8880b9877456cc85b5fea8f32a56f9c13c9d5d4c29180373a19b5078e9cb31e0265c62343cb6c

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                        Filesize

                                                                                        12KB

                                                                                        MD5

                                                                                        4bb52e3d27cfbbb415840e19e70f066d

                                                                                        SHA1

                                                                                        4a4a4f9da0e76acf6cd8ecfaf41fbf5af0a8cb45

                                                                                        SHA256

                                                                                        df48a4f2ef7fdf478fdd19e17aee318b8971c789129764901f4d3c731717aa9f

                                                                                        SHA512

                                                                                        bd466d6dcd9c03b820c5bf51c2561179eea874cd82ddfcfac3f229164077b65d059c13ec9185625d2ae0425af9910a1ab2217f9de5aa77832aaec736fe592694

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Downloads\7z2401.msi:Zone.Identifier
                                                                                        Filesize

                                                                                        26B

                                                                                        MD5

                                                                                        fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                        SHA1

                                                                                        d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                        SHA256

                                                                                        eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                        SHA512

                                                                                        aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 393012.crdownload
                                                                                        Filesize

                                                                                        1.4MB

                                                                                        MD5

                                                                                        a141303fe3fd74208c1c8a1121a7f67d

                                                                                        SHA1

                                                                                        b55c286e80a9e128fbf615da63169162c08aef94

                                                                                        SHA256

                                                                                        1c3c3560906974161f25f5f81de4620787b55ca76002ac3c4fc846d57a06df99

                                                                                        SHA512

                                                                                        2323c292bfa7ea712d39a4d33cdd19563dd073fee6c684d02e7e931abe72af92f85e5bf8bff7c647e4fcdc522b148e9b8d1dd43a9d37c73c0ae86d5efb1885c8

                                                                                        Download Submit

                                                                                      • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
                                                                                        Filesize

                                                                                        12.8MB

                                                                                        MD5

                                                                                        27b31740075e70ab6b5492e7aaeee3a8

                                                                                        SHA1

                                                                                        1a6a0f6afb9e7ed54d4b892d0485b5a958b6cddf

                                                                                        SHA256

                                                                                        564902ddacaa5c3aea3aead8dd01f4f46f099527f9009f8739a9c98aa7d0223c

                                                                                        SHA512

                                                                                        486b0de8fb6139a9368fe7e9bc3525255ad96f056ae9a23c241dae059f7f82604e13fec130cd5657d0e376008a1d9d17bcacab5f4062af1859af7ee013ff7877

                                                                                        Download Submit

                                                                                      • \??\Volume{049c4f63-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{1a1da1ef-bfbb-43e6-906c-9018f8b5350d}_OnDiskSnapshotProp
                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        81ebe1fb60411fd7fd1eb77e1daa8cf5

                                                                                        SHA1

                                                                                        1fae8c2b85dec0bd1f98af83e3cf78bba297bb17

                                                                                        SHA256

                                                                                        f0b96605abf2b8d638c4de1ce6a03e40212f936fdaa47b69f222dcb365674c4a

                                                                                        SHA512

                                                                                        b7b80841576228957cf1778ba757de8ad3eb5370a75e89ed0a65be85ecf24530967aeafd2435938e351f6c7861787141f7d20a2502f5934abb6a920517e91395

                                                                                        Download Submit