Analysis Overview
Threat Level: Likely malicious
The file http://itch.io was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Drops file in Drivers directory
Executes dropped EXE
Event Triggered Execution: Component Object Model Hijacking
Loads dropped DLL
Enumerates connected drives
Detected potential entity reuse from brand STEAM.
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: LoadsDriver
Suspicious behavior: AddClipboardFormatListener
Uses Volume Shadow Copy service COM API
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
NTFS ADS
Enumerates system info in registry
Checks SCSI registry key(s)
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-06 18:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-06 18:53
Reported
2024-11-06 18:58
Platform
win10v2004-20241007-en
Max time kernel
288s
Max time network
290s
Command Line
Signatures
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\DRIVERS\SET7B47.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET82CA.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET82CA.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxNetLwf.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET64A2.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET65FA.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxUSBMon.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET7B47.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET64A2.tmp | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\VBoxSup.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET65FA.tmp | C:\Windows\System32\MsiExec.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe | N/A |
Loads dropped DLL
Enumerates connected drives
Detected potential entity reuse from brand STEAM.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_a009d240f9b4a192\ndiscap.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\DRVSTORE | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\VBoxUSB.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\SET80F6.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\SET66B5.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\SET7A5F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_9ab9cf10857f7349\c_netservice.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_7d294c7fa012d315\netpacer.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxUSBMon_3FFAF57859D7F88D95E7F2E24CAA859EAE571CD7\VBoxUSBMon.cat | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\VBoxUSB.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_c5e19aab2305f37f\netvwififlt.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\VBoxNetLwf.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_0dc913ad00b14824\netnb.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\VBoxNetAdp6.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\VBoxNetLwf.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_8a737d38f201aeb1\netbrdg.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\VBoxNetAdp6.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\SET7A5F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_51425bb36ecf3729\vboxnetlwf.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxSup_A787ABFD625D24C81859933DF75DB4CB1D1DB543\VBoxSup.cat | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\SET66B7.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_2faa3f0a43645fa9\VBoxUSB.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_2faa3f0a43645fa9\VBoxUSB.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Roaming\VirtualBox\VBoxSDS.log | C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\netserv.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxUSBMon_3FFAF57859D7F88D95E7F2E24CAA859EAE571CD7\VBoxUSBMon.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\SET7A4E.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\SET80F5.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_51425bb36ecf3729\VBoxNetLwf.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\SET66B5.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\SET66B7.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_3abcb7c1789f91b3\VBoxNetAdp6.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_51425bb36ecf3729\VBoxNetLwf.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\SET7A3D.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\SET7A4E.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_3abcb7c1789f91b3\VBoxNetAdp6.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\SET80F5.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxSup_A787ABFD625D24C81859933DF75DB4CB1D1DB543\VBoxSup.sys | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\SET66B6.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_2faa3f0a43645fa9\VBoxUSB.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_a2bfd066656fe297\netnwifi.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxSup_A787ABFD625D24C81859933DF75DB4CB1D1DB543\VBoxSup.inf | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\VBoxUSB.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_2faa3f0a43645fa9\VBoxUSB.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\SET7A3D.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_3abcb7c1789f91b3\VBoxNetAdp6.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_51425bb36ecf3729\VBoxNetLwf.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\wfpcapture.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\system32\DRVSTORE\VBoxUSBMon_3FFAF57859D7F88D95E7F2E24CAA859EAE571CD7\VBoxUSBMon.inf | C:\Windows\System32\MsiExec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\SET66B6.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\SET80F4.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\SET80F6.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\SET80F4.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\VBoxNetLwf.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\DRVSTORE\VBoxSup_A787ABFD625D24C81859933DF75DB4CB1D1DB543\VBoxSup.inf | C:\Windows\System32\MsiExec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\debian_preseed.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\Qt5WinExtrasVBox.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_fr.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_sk.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\redhat67_ks.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxCAPI.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_cs.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_de.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_el.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxVMM.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_ka.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxManage.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_id.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_en.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_uk.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\rhel4_ks.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\debian_postinstall.sh | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxDbg.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxExtPackHelperApp.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\x86\VBoxRT-x86.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VirtualBox_150px.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_cs.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\fedora_ks.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\platforms\qminimal.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\platforms\qoffscreen.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_th.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxAuthSimple.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_it.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\os2_util.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_it.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\redhat_postinstall.sh | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\License_en_US.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VMMR0.r0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_sl.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_ko.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_zh_CN.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_zh_TW.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\doc\UserManual.pdf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxBugReport.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_ca.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_eu.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_hu.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_ja.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_ko.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\ubuntu_preseed.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\UserManual.qhc | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxRes.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\qt_ka.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\VBoxNetNAT.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_da.qm | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI565E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6578.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\{E2684146-FB9D-49EC-959F-C4DBAFE50B6C}\IconVirtualBox | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI80A5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8356.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{E2684146-FB9D-49EC-959F-C4DBAFE50B6C}\IconVirtualBox | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5b5235.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI79CD.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\INF\oem5.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI84B0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI55FE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5E61.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\INF\oem0.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5EA0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6400.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8075.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\INF\oem2.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5b5233.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5541.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI55DE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI561E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{E2684146-FB9D-49EC-959F-C4DBAFE50B6C} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI58F1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\INF\oem1.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8460.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5b5233.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6635.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI56CC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5873.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File created | C:\Windows\INF\oem3.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LowerFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000a47b29fbd6f9c3720000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000a47b29fb0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900a47b29fb000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1da47b29fb000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a47b29fb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters | C:\Windows\System32\MsiExec.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "59" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D947ADF5-4022-DC80-5535-6FB116815604}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AD47AD09-787B-44AB-B343-A082A3F2DFB1}\ProxyStubClsid32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{3BA329DC-659C-488B-835C-4ECA7AE71C6C}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B79DE686-EABD-4FA6-960A-F1756C99EA1C}\NumMethods\ = "14" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{806DA61B-6679-422A-B629-51B06B0C6D93}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{45587218-4289-EF4E-8E6A-E5B07816B631}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A54D9CCA-F23F-11EA-9755-EFD0F1F792D9}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D7569351-1750-46F0-936E-BD127D5BC264}\1.3 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{327E3C00-EE61-462F-AED3-0DFF6CBF9904}\NumMethods | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{A0BAD6DF-D612-47D3-89D4-DB3992533948}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{08889892-1EC6-4883-801D-77F56CFD0103}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7682D5EB-F00E-44F1-8CA2-99D08B1CD607}\ = "IVirtualBox" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ADF292B0-92C9-4A77-9D35-E058B39FE0B9}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BC68370C-8A02-45F3-A07D-A67AA72756AA}\NumMethods\ = "33" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F05D7E60-1BCF-4218-9807-04E036CC70F1}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{813C99FC-9849-4F47-813E-24A75DC85615} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C984D15F-E191-400B-840E-970F3DAD7296} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{97C78FCD-D4FC-485F-8613-5AF88BFCFCDC}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A85BBA40-1B93-47BB-B125-DEC708C30FC0}\ = "IProgressCreatedEvent" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{A3D2799E-D3AD-4F73-91EF-7D839689F6D6}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{C1844087-EC6B-488D-AFBB-C90F6452A04B}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{97c78fcd-d4fc-485f-8613-5af88bfcfcdc} | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{35CF4B3F-4453-4F3E-C9B8-5686939C80B6} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6414862ED9BFCE9459F94CBDFA5EB0C6\VBoxNetworkAdp = "VBoxNetwork" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A06253A7-DCD2-44E3-8689-9C9C4B6B6234}\ProxyStubClsid32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{35CF4B3F-4453-4F3E-C9B8-5686939C80B6}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\AppID = "{819B4D85-9CEE-493C-B6FC-64FFE759B3C9}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{232E9151-AE84-4B8E-B0F3-5C20C35CAAC9}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6F302674-C927-11E7-B788-33C248E71FC7}\NumMethods\ = "15" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\progId_VirtualBox.Shell.hdd | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3DB2AB1A-6CF7-42F1-8BF5-E1C0553E0B30}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7191CF38-3E8A-11E9-825C-AB7B2CABCE23}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CB6F0F2C-8384-11E9-921D-8B984E28A686}\TypeLib\Version = "1.3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5BBDB7D-8CE7-469F-A4C2-6476F581FF72}\ProxyStubClsid32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{FA43579A-2272-47C4-A443-9713F19A902F} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B1D978B8-F7B7-4B05-900E-2A9253C00F51}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D37FE88F-0979-486C-BAA1-3ABB144DC82D}\ProxyStubClsid32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{806DA61B-6679-422A-B629-51B06B0C6D93}\NumMethods\ = "15" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{E062A915-3CF5-4C0A-BC90-9B8D4CC94D89}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EA05E40C-CB31-423B-B3B7-A5B19300F40C}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{CF11D345-0241-4EA9-AC4C-C69ED3D674E3}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F692806F-FEBE-4049-B476-1292A8E45B09}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E8D3F27-B45C-48AE-8B36-D35E83D207AA}\NumMethods\ = "24" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DDEF35E-4737-457B-99FC-BC52C851A44F}\NumMethods\ = "15" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{714A3EEF-799A-4489-86CD-FE8E45B2FF8E}\ = "ISessionStateChangedEvent" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B55CF856-1F8B-4692-ABB4-462429FAE5E9}\ = "IDnDModeChangedEvent" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0FE2DA40-5637-472A-9736-72019EABD7DE}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{5155BFD3-7BA7-45A8-B26D-C91AE3754E37}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5748F794-48DF-438D-85EB-98FFD70D18C9}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6AC83D89-6EE7-4E33-8AE6-B257B2E81BE8}\NumMethods\ = "61" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9128800F-762E-4120-871C-A2014234A607}\NumMethods\ = "23" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxSDS.1\ = "VirtualBoxSDS Class" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6414862ED9BFCE9459F94CBDFA5EB0C6\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{01510F40-C196-4D26-B8DB-4C8C389F1F82}\ = "IVirtualSystemDescription" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0CA2ADBA-8F30-401B-A8CD-FE31DBE839C0}\NumMethods\ = "12" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{83795A4C-FCE1-11EA-8A17-636028AE0BE2}\NumMethods\ = "14" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A0BAD6DF-D612-47D3-89D4-DB3992533948}\ProxyStubClsid32 | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{46735DE7-F4C4-4020-A185-0D2881BCFA8B}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{D134C6B6-4479-430D-BB73-68A452BA3E67} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6414862ED9BFCE9459F94CBDFA5EB0C6 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{08889892-1EC6-4883-801D-77F56CFD0103}\ProxyStubClsid32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{DFA7E4F5-B4A4-44CE-85A8-127AC5EB59DC}\NumMethods | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{74AB5FFE-8726-4435-AA7E-876D705BCBA5}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 552317.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\Oracle\VirtualBox\VirtualBox.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://itch.io
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce88c46f8,0x7ffce88c4708,0x7ffce88c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5496 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6604 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffce88c46f8,0x7ffce88c4708,0x7ffce88c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1924 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3312 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x464 0x474
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce88c46f8,0x7ffce88c4708,0x7ffce88c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6616 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7044 /prefetch:8
C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe
"C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding B36DE04F8B476D7D8BC77B5B144DBCA7 C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 70B5CB0596C9B6DE448BA89488240102
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 44B8AC5F3F44157B9E0362224627E8F8
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding AF2773DF4E21E98EBD2911196274D43F E Global\MSI0000
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.inf" "9" "48f6bcb47" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files\Oracle\VirtualBox\drivers\USB\device"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 7A6ED3137EEBADC5720B5CAA8DC8B436 M Global\MSI0000
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf" "9" "473b17b7b" "0000000000000158" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf" "9" "431e52bcb" "0000000000000168" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf"
C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
"C:\Program Files\Oracle\VirtualBox\VirtualBox.exe"
C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
"C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe" -Embedding
C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe
"C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa387c055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | itch.io | udp |
| US | 45.79.115.66:80 | itch.io | tcp |
| US | 45.79.115.66:80 | itch.io | tcp |
| US | 45.79.115.66:443 | itch.io | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.115.79.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.itch.io | udp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 8.8.8.8:53 | 99.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img.itch.zone | udp |
| GB | 2.19.117.28:443 | img.itch.zone | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 28.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 45.79.115.66:443 | itch.io | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 45.79.115.66:443 | itch.io | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 2oo2.itch.io | udp |
| US | 45.79.115.66:443 | 2oo2.itch.io | tcp |
| US | 45.79.115.66:443 | 2oo2.itch.io | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| US | 45.79.115.66:443 | 2oo2.itch.io | tcp |
| US | 45.79.115.66:443 | 2oo2.itch.io | tcp |
| US | 45.79.115.66:443 | 2oo2.itch.io | tcp |
| GB | 142.250.180.22:443 | i.ytimg.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.225:443 | yt3.ggpht.com | tcp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| FR | 52.222.149.91:443 | js.stripe.com | tcp |
| US | 8.8.8.8:53 | 91.149.222.52.in-addr.arpa | udp |
| US | 45.79.115.66:443 | 2oo2.itch.io | tcp |
| US | 8.8.8.8:53 | itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com | udp |
| US | 162.159.140.238:443 | itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.213.1:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.140.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.200.2:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.169.217.172.in-addr.arpa | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ads.eu.criteo.com | udp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | rtb.nl3.eu.criteo.com | udp |
| NL | 178.250.1.10:443 | rtb.nl3.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cat.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | csm.eu.criteo.net | udp |
| US | 8.8.8.8:53 | staticassets-creator-design.criteo.net | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.22:443 | staticassets-creator-design.criteo.net | tcp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| NL | 178.250.1.6:443 | cat.nl3.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.1.250.178.in-addr.arpa | udp |
| GB | 142.250.200.2:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 105.209.201.84.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.201.118:443 | i.ytimg.com | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 118.201.58.216.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 45.79.115.66:443 | 2oo2.itch.io | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| US | 45.79.115.66:443 | 2oo2.itch.io | tcp |
| US | 45.79.115.66:443 | 2oo2.itch.io | tcp |
| GB | 142.250.200.2:443 | ep1.adtrafficquality.google | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | rtb.fr3.eu.criteo.com | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| FR | 178.250.7.12:443 | rtb.fr3.eu.criteo.com | tcp |
| NL | 178.250.1.6:443 | cat.nl3.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | imageproxy.eu.criteo.net | udp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 12.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.1.250.178.in-addr.arpa | udp |
| GB | 142.250.200.2:443 | ep1.adtrafficquality.google | udp |
| GB | 92.123.128.179:443 | www.bing.com | tcp |
| GB | 92.123.128.179:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 179.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.158:443 | th.bing.com | tcp |
| GB | 92.123.128.170:443 | r.bing.com | tcp |
| GB | 92.123.128.170:443 | r.bing.com | tcp |
| GB | 92.123.128.158:443 | th.bing.com | tcp |
| GB | 92.123.128.170:443 | r.bing.com | udp |
| GB | 92.123.128.170:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | 158.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.140:443 | login.microsoftonline.com | tcp |
| GB | 92.123.128.158:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | tse4.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse4.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse4.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 2.19.117.22:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.22:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.22:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.22:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.22:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.22:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 216.21.192.23.in-addr.arpa | udp |
| GB | 2.19.117.22:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.22:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | shared.akamai.steamstatic.com | udp |
| GB | 2.19.117.29:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 2.19.117.13:443 | shared.akamai.steamstatic.com | tcp |
| GB | 2.19.117.13:443 | shared.akamai.steamstatic.com | tcp |
| GB | 2.19.117.13:443 | shared.akamai.steamstatic.com | tcp |
| GB | 2.19.117.13:443 | shared.akamai.steamstatic.com | tcp |
| GB | 2.19.117.13:443 | shared.akamai.steamstatic.com | tcp |
| GB | 2.19.117.13:443 | shared.akamai.steamstatic.com | tcp |
| GB | 2.19.117.22:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.22:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.22:443 | store.akamai.steamstatic.com | tcp |
| GB | 2.19.117.22:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 22.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | video.akamai.steamstatic.com | udp |
| GB | 2.19.117.35:443 | video.akamai.steamstatic.com | tcp |
| GB | 2.19.117.35:443 | video.akamai.steamstatic.com | tcp |
| N/A | 127.0.0.1:27060 | tcp | |
| US | 8.8.8.8:53 | 35.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.124.170.33:443 | api.steampowered.com | tcp |
| GB | 104.124.170.33:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | avatars.akamai.steamstatic.com | udp |
| GB | 2.19.117.16:443 | avatars.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 33.170.124.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.117.19.2.in-addr.arpa | udp |
| GB | 2.19.117.22:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.124.170.33:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| GB | 104.124.170.33:443 | help.steampowered.com | tcp |
| GB | 92.123.128.162:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 162.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.181:443 | th.bing.com | udp |
| GB | 92.123.128.144:443 | r.bing.com | udp |
| GB | 92.123.128.144:443 | r.bing.com | udp |
| GB | 92.123.128.181:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 181.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.128.123.92.in-addr.arpa | udp |
| NL | 40.126.32.140:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | www.oracle.com | udp |
| GB | 2.19.169.119:443 | www.oracle.com | tcp |
| GB | 2.19.169.119:443 | www.oracle.com | tcp |
| US | 8.8.8.8:53 | 119.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d.oracleinfinity.io | udp |
| US | 8.8.8.8:53 | www.oracleimg.com | udp |
| GB | 92.123.128.157:443 | d.oracleinfinity.io | tcp |
| GB | 2.19.169.119:443 | www.oracleimg.com | tcp |
| FR | 18.155.129.49:443 | tms.oracle.com | tcp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| US | 8.8.8.8:53 | consent.truste.com | udp |
| GB | 2.19.168.132:443 | s.go-mpulse.net | tcp |
| FR | 3.165.113.128:443 | consent.truste.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| US | 8.8.8.8:53 | tags.tiqcdn.com | udp |
| FR | 3.164.163.127:80 | crt.rootg2.amazontrust.com | tcp |
| FR | 3.162.38.111:443 | tags.tiqcdn.com | tcp |
| US | 8.8.8.8:53 | 157.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.168.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.113.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.trustarc.com | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| FR | 52.222.201.16:443 | consent.trustarc.com | tcp |
| FR | 52.222.201.16:443 | consent.trustarc.com | tcp |
| FR | 52.222.201.16:443 | consent.trustarc.com | tcp |
| GB | 23.39.224.128:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | consent-pref.trustarc.com | udp |
| FR | 18.244.28.5:443 | consent-pref.trustarc.com | tcp |
| US | 8.8.8.8:53 | consent-st.trustarc.com | udp |
| FR | 52.222.201.58:443 | consent-st.trustarc.com | tcp |
| US | 8.8.8.8:53 | rldr2laccouxozzlxqdq-f-7fa25ea58-clientnsv4-s.akamaihd.net | udp |
| US | 8.8.8.8:53 | 684dd331.akstat.io | udp |
| US | 8.8.8.8:53 | 16.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.224.39.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.virtualbox.org | udp |
| GB | 2.23.220.107:443 | download.virtualbox.org | tcp |
| GB | 2.23.220.107:443 | download.virtualbox.org | tcp |
| US | 8.8.8.8:53 | 107.220.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.197.219.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csc3-2010-crl.verisign.com | udp |
| SE | 192.229.221.95:80 | csc3-2010-crl.verisign.com | tcp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d.e.0.c.1.1.d.b.a.1.2.0.9.3.c.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa | udp |
| N/A | 255.255.255.255:67 | udp | |
| US | 8.8.8.8:53 | 255.56.168.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.56.168.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7de1bbdc1f9cf1a58ae1de4951ce8cb9 |
| SHA1 | 010da169e15457c25bd80ef02d76a940c1210301 |
| SHA256 | 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e |
| SHA512 | e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c |
\??\pipe\LOCAL\crashpad_3820_SXKAEORNZTBKTUBT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 85ba073d7015b6ce7da19235a275f6da |
| SHA1 | a23c8c2125e45a0788bac14423ae1f3eab92cf00 |
| SHA256 | 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617 |
| SHA512 | eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ea5a5472240bf962c45202321ef9ec7b |
| SHA1 | 3ce6adab161f9e4e7cb54ba375ef5d85cfe3e32a |
| SHA256 | 9a60b9d3a4fcb6d179f553e9ba0e2de585be41f0fa6ad5219823eee7e7393463 |
| SHA512 | bc5f9a3bf63e33a01fbc428d4e6fe96dfd898451a9df2959603c98642c6434bca2e3ce7cbf279b427b7fdb7c794664966a536242887bd93e4632cfda40d96b9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9fffbbc25e3d00dad5d914370c654a05 |
| SHA1 | 99eddd816f7dc796d53002e3894ad1c60b8bd0bf |
| SHA256 | ac75ab4a55cf00fbbe7276ebdffdf5af3d0094ec444abcf22535abadeba691c0 |
| SHA512 | 5795ff49681cc3ec98c135c6daa56fe788b28e119d32d6fb50e887307ac0624c5174a5dc3fdd9e3f0b736b9164d86327f3403550d78d9e72082160b969747f7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9e3644081cc2cf0681200e747a6dcd87 |
| SHA1 | 1a41e8c06100f0ec1bbd8618517785fdd84bd576 |
| SHA256 | e82a58ece350997e54afce6a2f10464b5535713db218c599b120631e59b497a2 |
| SHA512 | dde155ac750ff451d8f5928c0b3df11b74210b5ed9a0b599db3cbb0b4d88a162f552ab5f34bf6a9d0c72923d4d0e31094ca037327e91e177dfd20839155c33d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a19a0da9cc10c85c7ae652d8b9d6e26d |
| SHA1 | c4048baaf7131d97792abcd90a7984a7cbbd0657 |
| SHA256 | faab585f7b805bba0b33e28b05d54af5073d5e6cb9e48642fe8ae8a2fb628c86 |
| SHA512 | e4de096531e3570725a4ab670f34df6c6cbf9a39e4d8833e8859cfbc3751a228024f52d176e43ab433627ae6aac0854d171f82ffb062373ae64e397571d61900 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 0a3df30807bae7f9de015567cfe2f2e2 |
| SHA1 | bcb8eb78d3cec79e1bcdac12db2e4f5bd017ec8c |
| SHA256 | 11c9fef98e44bc6c25f03654fb96cdd3f8ab3b2246845eb47066b42b5c80a093 |
| SHA512 | 725eee8875f341a23c8164ed4cd1ffc23b5afb2e6a64517edbc423b4d03e9afd16e1ca4304b1cf597037f83db52650281a6a0a67438b539e13d771171d806747 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3cf21f7b09806b45227f0c07db50be0c |
| SHA1 | 2234a9e1cbe671ce56b222b4a2165ebd8ec3fd15 |
| SHA256 | e8031d2d8460317f93cdf2f751cc50403b30f73e6dc9c35e09fac79e89f6481e |
| SHA512 | 3475016bf22a9d342dbf89505dd2cb7c2edabcb381b4914d28d9331caaabdcc50407e024788a9d91fdc9b6c738a46157ecd4e9c9039ca10928f3345c3b7a7274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 4cdd99ad4e6e3e5dce7d575a0206b72c |
| SHA1 | 721a89e90c9f7a9d42c10617bf62ca8cd1334b84 |
| SHA256 | 392dee3d530e16a3487f39a0c9c6f11e9b2bbb002a283bf0b689f9873ef880df |
| SHA512 | 146b1c15773c620aadf9d2cb18ae9b3f30f61e66df4cfec3e6aa8a2ede1ebc87966c042dbd4a746b2d405c694b973067d903234e75e123aebc955c2da1aff4f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580f6c.TMP
| MD5 | 4cabe8b3cb34476468bd91c187d2e3e5 |
| SHA1 | e8e51c2b5a895950420481f51fe9cd20e6a11c48 |
| SHA256 | 94b4b97634d0b7d4f95ebe84364e8f8c2a555ed02153b08fee7ff41eeaca12be |
| SHA512 | d08d9f12f592cc3cef0b43355c7c086e3a39834c7a8d19685400ee3717448081e70f4337e30fda79d340e448ee5e68c6f9bf6d7d18d8eea2f6ec7e5ce236cf28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0ae2d732dfacbe2b434815ce95fe7598 |
| SHA1 | 18e71c393bdeee47012fa4a9aa4bb2ad176911e7 |
| SHA256 | 356ce6d5604ce933d511fc435749828045cb7eb92b7783953aa7a8dd614f8df5 |
| SHA512 | ea9c51a3838e7f2d037cafb6d97f1015a408e110f557cee55fc479ae81f06a202e69b8a84b64b053cfc47fa4c1526048f87b1c0942c55a05aa6737641a300e20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f5638684baa5c6419e82fa1f0cf08e77 |
| SHA1 | 97b5706a910d4db6523459d803f2357ed87ca0b5 |
| SHA256 | b7b1a4f07719b926e5da78ac2c54682988a91b152a7731fe3135d47365356290 |
| SHA512 | 642bb056b3b1d4d22542b24dc4ee271924fbc642e2bcd7e003f9a969f58c76b12e60e4075398202094dddaafb7d5f2ca6bfdc542fecc7b3d8ecb7307d9483b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4effd5fc70d736a32e7ea18c33aa76bb |
| SHA1 | f612c4414a1e08ac27f352ccc08dc80ac3cfc84c |
| SHA256 | b2de75b48dd25246cc17e67bb7267791a6cba1276eeeef2b3a6817c96114409a |
| SHA512 | 18ac1a4bfe19509e9b90a8537b5314362a526591d577eea85965811449ffee5854af6b8c75b747d5a9aea661ee418661dc4083ce2f2cf431fdea45c63d4b9a99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | de4143d0cf855798a8f5a0aa42bd5bde |
| SHA1 | 4a9a634ff4aec203f29cd1f99733ca5fc8e942fa |
| SHA256 | 8b85e8d5216c4cccd9cc30f57cfdea059a4e29eb0bc122a234cfc12f430d493f |
| SHA512 | 1597aacb3de3d9e20c2dd46a1ec300435fa6d5be7929ded6c5d96bca485f17a926f75169480083394d1b2f17d5c466f0c35e30055ba77299d17dbacc28006cf2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 57bd64886bd6e73f33419ff4f783cd32 |
| SHA1 | afe855dcb2d9b720203f45a9b9a7391389afe775 |
| SHA256 | 0437f71d824b7d136b76e75f29b9aeae4880e846e1a332bfd5f52fd20ddc54e3 |
| SHA512 | c6a0ec1f441d675f9059e873c49cec8219040a32e17d92e463221d28ea4092bd3a8562f1df5f42304ac3baf7b034d7284e0684ef43117463836be2598bc19815 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5c90c3772501bf9a517e6da0eacc311a |
| SHA1 | a8f01d3c44e3571ef79cb3e61f9fbf93c43a681e |
| SHA256 | aeffc314a8a6dc8211c8056d2f917bf0f5c84d3a7af2093e0a37c049de85ec23 |
| SHA512 | 77424c92f7fa2edf45459e6ae17b55bed3a0214daa635fc83c205f6bbf19186ee70745c9ae0113db3d1ff3c6b1d3ec211149f122028bf4cfb59513039b2d931d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 797ca93ee50499e96df9082856582f42 |
| SHA1 | 7cd0453cfb16a37d56431db1c106446db84e0608 |
| SHA256 | 6ce17836a4eb395b86887743783f5955caed2a2855036481e7e16330e74ee80b |
| SHA512 | d9033d6e99484f9ab8f2f86aa0542c4a3285af9a9f499f2d11456c1476c5dbde7b67b39ef3c0dd0bcf951d90252e31ffc237d03f4c017e9ead4427ee9b420089 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b7eab6b537f312d4ab49b97b31519663 |
| SHA1 | 272e224105f85b38bf2fd46412ae940472d4e443 |
| SHA256 | 1a4a9b3d7761c291bdd90f035c5cf180a483347300fcef8e7f7d6d4f55af9ebe |
| SHA512 | 9331887ea89a8d0f38880848704dc0c14d638dfa138a84339edacc97a5744f99b84b4ac847d89226767f9d06dfabe085ad86e3aa322a7a933db0432106a58b13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 73c72d57b22677ffc04bac1aa2324494 |
| SHA1 | 5aeb359f2ec9c03a7287cb82969982241ec062aa |
| SHA256 | a59e20e67a4bf2b80713e6a1e0c98567972bdf2dea83ed666949dd1c888f2c51 |
| SHA512 | 652ee91f9711fabc632c1efdf677b5c70b0e7ffc686918fd0d48018184f19b8835d363e235498d466dd9ac5227c63d8ad8303bd78d482de943bb4b7138e8fd0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ad4c807e44b77baea80acf18d6ba05f0 |
| SHA1 | 2c67fde054d47c0548aea4cf386523136c3b7b87 |
| SHA256 | 44214fcbfeae99b585ad199442c14ed52745bd08806f3ea554d281be8d4a96bd |
| SHA512 | 50a151f95ce870294facdc0b00ea89e984c5f50c397831b2ed514cb12aaa5704dad942d1fa80ea58c9e2ce44d642ce4ab9e4c01eafe2d13e345d2e3ba8f72a10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 26f12434fdc8232b6372ae393f1ad26c |
| SHA1 | e1fd81c739e1174de8aef6548344c83c1a6f984e |
| SHA256 | 9823f62f8240e9911e429452a4c1afad251f2576165ce8f7636fd28ca6e92cc2 |
| SHA512 | 1b493b32a61aba40c9d1f42ccf17ee127dd0767da1d3039d9b19220beb40d3ef19c1a37861c6e7bbc07be6bcecdca6b20e00026baabaa7ebf0d3a564c1c6f217 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000078
| MD5 | 790c81db9bf945fc2a3a3912c2a5b6ae |
| SHA1 | bcaeed70f5e969e369dd2303df53da089a81bb8b |
| SHA256 | 5dd15e15b2c3f3537c06e593e5700225dd28f13678e9649866c7d3c477efaba4 |
| SHA512 | 7693db525ca06118bc1907e9962ba691f1973bf5639986cb303c03894440dfb9252a2e9633d5bfff58905f8b0fd9dd63d75b48991412ccc4f0277127a08365d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2bedf1fe99621a3f_0
| MD5 | 16d9faeaf1eca3fcf8a31b1105b99bc9 |
| SHA1 | 3f3e76a51125941570bbe60c039e82de06c6a1c0 |
| SHA256 | 1a828b94875eeb278ac343336be4f17978faceedf78583f69ddef5921a748f70 |
| SHA512 | 9415a1832fa1ca11aacc27306399a6ab02e8747c028f6daa888bf7b1e850eb7048ac07d87c41b9481bc82058e0da53b8a07b9efc52b30dc9c6abd8b0e7ff560a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007c
| MD5 | 258e004ecafda290f6007fbfcbefeac5 |
| SHA1 | ceb03d36597c7f77e68b4c85dc659678cebce4ac |
| SHA256 | 745bbee63267b68f0c10253ab0cb56e8e706ce1ad401e37ec0f198f0772211e8 |
| SHA512 | 4af726fdc5a36e2f0a6b9ae30f54399e69051527a2a9732cd19115f08a5bb3db0d6473abcce2015bebcf2b3cc7e34585adc339a9b16de5d2f7abbbbac4aa9990 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df13cfb31cb0046d_0
| MD5 | 934fb0e80b39bd27134a8b6970611bc7 |
| SHA1 | f8a025fc66e9854d105e6ba0eb2ef4755daafb05 |
| SHA256 | e8612b6f7ed43fa2e194b4060f88e41db4d987786c43d60ea02906ff6b587b68 |
| SHA512 | 9e6fcfdf25bfdbeb45b1f978d635d858cf7dd7865bb7570ff2d3596e02ccff7c64752a6ab91e6b4608355e078c1eb3196d2511b5e40c816b7fdc55e344141231 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | 7e48922a3608c08d1800136aed377b77 |
| SHA1 | 28718024ccbecac8a590560ed4f6f8554813a9fe |
| SHA256 | 22404004ea3ed6b0cd2b986c00789b9806f47111c25fbc2ca6c9428cb17ea518 |
| SHA512 | e2a69bed07aef406710115a1c4729b947378b92ba5e4475024f270a5d542c0db862be52841583cab499d5786b99504208cade0ce15d20c29c849882644788334 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071
| MD5 | 3f8e48f141d27915a0e20f64f80bd4ac |
| SHA1 | c9b35b9da4361ac8f2743ed451c955dc7c29958f |
| SHA256 | 37247d0c5913f541b20baba97af10738e130502b0a89a1f25ea0d2a9d70d709c |
| SHA512 | 5ac57c17b520ec0baffbf7e63231230d84f7a9f6019a83a59f31b3820966b0de37bbf0bb4eb76acb96c0d9d79f9eba807398c938b67d4c52ff09396039cc5e78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 11f21f37ea00a6e828301feca3e5bce1 |
| SHA1 | 71892d8f1ddad58b4495a25f89d24a5ee9d56528 |
| SHA256 | 95aca6e80aba51a89a3ea52eb470ab6cbcf594f458528f1e5f949d79ae84221d |
| SHA512 | 836d61924c7c1392ad40590d9edca0f48634bd79b07c2b3ad64e64dc938735a53a34a472ad07715dfc029da4f9d8fbb9fdff26007df38ddd97048fcfe8979243 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 270c32af8b4c7aa1b8c05b1c7d286010 |
| SHA1 | 5ff86caedf3ec2d4598a40fab04aabc65cb53d4c |
| SHA256 | 2ddb175912f001e9acd70703a53fd4c5e83c9999930210bec1f79dc9179b42e0 |
| SHA512 | c837b42997427a3de6d3f21c15c06b82769531fdbeb25ca1fc850fe86157940d8d5537cc8bf1c1d8e923fefe08a1b22bfdb25cb95533070888b4534bd0f11240 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3e2771c3f0b3334db30b92be0f2e9321 |
| SHA1 | 2b01f9508d39674d369f90f09817702aecfe6460 |
| SHA256 | 9f6b4b7976b784b3d33942694eba7bad56fc6ddbedb698a6b5919958266f6785 |
| SHA512 | f4449649dabfb296aead4d80d661765e118457af35120972e7e0dbdf31bc57be17513bb6f6fd4d33e45549cac8980315b2228f6a1ce2a1294f5aac7ac15e4f18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 932cf135baf196748e1876a84a29d34f |
| SHA1 | 826826a740550ea18d5bde134ef24049c1719ce6 |
| SHA256 | f985e598e8d117838ba52d4ae6abb264b6eb02f047bc230dd0095aeefaa3636f |
| SHA512 | 509a42c0404bf791f63863ab3e2152cf855fd8221bbd443b5e3deaefc7616631187c4210c51787917431c0037a2de2417f53ae5c617993876d8dc6f0cd990ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e150f2c06d5aa21a2fd7fde4d4255928 |
| SHA1 | 47bbf7aa933067ef5ff5cc45551fdf2bc380d36a |
| SHA256 | 714968416d91eb52d0493f26bfc2c816cf67b78318cab45a89214e93da50413e |
| SHA512 | 2bffe5f05700f5bbaba432b49b0baa8a65b4a9e5550e9d71ddbfdcd9a9bee3b79a94241812e109b854ce82610b10db2fc9a618e66126f7e2311fca32a2ca2c02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3c662dfd03b8124354b8ea1d80706cea |
| SHA1 | d54ed1776ee7b2ac688e332a8bc7230f14d23fa2 |
| SHA256 | 6c430c20b0bce7df95cf4fd387b22dfa968ae9e56310ed2d4189659d09f93905 |
| SHA512 | b224029d036ed94ea7ca78afa09f949bd647984a270b5b5c6d5ef120ab14e094973149352f3ba4fda26b30b4234d6c218cb85b0ba3030059ee0bd20c1d735244 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8f887774e821ac53e8d89a620216c286 |
| SHA1 | 6e37082447f5bff0574da5ed59ecd2cbdbfbf1c0 |
| SHA256 | 60c5fece0d6ef7c2af676a818cb229dd822f1094eddec009e00c6da9c463790e |
| SHA512 | e39b1f679f2077d6adcea1917632af683738afadf13325a5bda58f855104fc38587c4dd2c6a6318426e8f5265d81b7adbcf7c5d999a89da20549b4155f75879c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | d1019a2470dde10c92474309dd3234f0 |
| SHA1 | 56ea69aa777212ef7f23bc9e5bb1ad5b5576cc70 |
| SHA256 | eb89a4a8eddf9d844f05ace75e0ce5af0422eb5dba78239b3b0e9df9a8486067 |
| SHA512 | 320ec8ea873992e3e341c87678618b5139f97bd15306f44acc95d90cf8a578de04d19c28128cd4b939f7fbe815f98699cb7ed2e6989a0f6f7a3c723f936441be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 6e16ec700deb19770229ebf969c28786 |
| SHA1 | b698d93cfe07a2da4d848bd5d98fe57be255cf7a |
| SHA256 | f8d200239e09fe4e3dbbb781d158a6eff32ae3479da8858cb8f5db9a4ae39df9 |
| SHA512 | 9e432d7edfeedff9fdff52c68ef266f303f0cd17087076d15724c261085c0df0a57a624d57c9d7cc6ca94bfbcc437bb4b193dfa613122b977c21e3f11a6912df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | ed978fce37a58329befac59cc0e31cb3 |
| SHA1 | 8d90d31efee908c2e7062c3a57d102ed88b6ae63 |
| SHA256 | 8ff2d08cfbf6581162481b336898cfd04b3ac781054664bb917efaa1582bf313 |
| SHA512 | 4dc115fbdc9a86c79924030b17e2f8a8b2e4c311dc768564096a7f20929bc22c918a715c039ad7a448b0d201b939b232adccf276a435f21fd00b729a0b88a18d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 724b060f10d7bacc9b792735d9ee1b82 |
| SHA1 | 2a441d57390beb2ef6f8300990e0b576df3cfdf7 |
| SHA256 | 591ec50b49b1033dabd566c3387c7ff8a128bb455e8b505e8428659e846049f2 |
| SHA512 | 7b5f3a54fd59c6bfe71772473b25b33c777061283dc012b9236d672a0afef633b0c1766a40e9ff907a65bfd2feff6daba6b88abe49a1906157a910e3a2697987 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 2e4bf9a7be00ffc0037e54a3d7dfd505 |
| SHA1 | acc4d4c4bc31f8bcce57f442343f8e74ede48dd5 |
| SHA256 | c533c5dda141f3e93cf72554dae0277eda50b3145fe4616c477dfe3e71e0a6b9 |
| SHA512 | daef6983daf80b0b37002198c0ec5de05fc548e0a439f1f9e66ede3b36e20fdfe0f3a5a163fff89c72126e921a1aecb37bc968c976f8df5ff2d18de06e22a86d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13375392827558324
| MD5 | 0a9fe459e46f0775601c77004efaf626 |
| SHA1 | 52f10f888dd0b8be36a90e82c9bf0a1e10bd5f47 |
| SHA256 | b555f9c57389c419a93fac3ee4795c9cd8ac42876c6a45596ebe503dadfbf517 |
| SHA512 | 639432e8b597cf9b52032a2fe5656f40376da94cb948614a5c9730b734e70cd52860fe023c4f77031741abcceadae65ad8c9af4de53b5ea8a20d96ef77cf9b37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | f5d15a85a9d46b7371f4d266b7469054 |
| SHA1 | 97a619ad5c3da345bde075988b89469f15b5fac3 |
| SHA256 | 656328cdd26af6a5321a0da157fde3ae1bdb842b3f61842880bd036b894861b6 |
| SHA512 | 707ed109b92e575eacf920070aae31d37557d54ea854c964cb2def410940b4471a174b34c3221d59b2fb927900266ee56404f39d2f76a7103b7888959de0444d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 2148c3aaecd8d8c65ff52ae084ba8a6c |
| SHA1 | b6c70e1fbef1eef251732ac58d30946d9f114b74 |
| SHA256 | ce6e0348cd01662b8b2b1387fd3d7e1abca63c64decf5b59cf6dd55f2f332eb8 |
| SHA512 | ac5012975b1fcad677aa2d8226f3d644f34249778868c81ecf1c5336ed44a9c9db5856429e17584706929e150a7e426d11538619168bef0b64b9155a3024b316 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
| MD5 | eea0c1d8a643c24a6f7e37865874ae09 |
| SHA1 | 13039e11cfad1f3732982c1cd2f1e87e8a578bb0 |
| SHA256 | e6a9b65e3e8c739c726e0c46ef1a6d6f895fbaf8b44df3245a9b6de158609e0e |
| SHA512 | 49c195757d4187e6a051df250f5feb6b9bfc8a681d9d29b16a34cc6b9e16736e8f7bea69efb74e1d964e71df41d8e05b555a5fd3833c3f4f49c33cb8b56c97cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 766974f3fd2c7d5ea433ab8f9de7db47 |
| SHA1 | da556e96bd29c8731b7d6e6e7b8b8665a4270b2c |
| SHA256 | e38e2f49da3745bea49962413e90e98da3801bc9f25c359b1829280f68ed608d |
| SHA512 | 200e23160202bcdace5bc57a0320bfbde8d116b89fc134aadb9380da1965cbdfd357d35258037875cdd9bb627b96a5d70e4d9a00f50e28856332af129e0380eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 180773d026dff4b290521136532befbe |
| SHA1 | 4aedb0ad4c5350ab8ce94d892b06e1345d2894ba |
| SHA256 | 8234254721d34de2f276bfb79d64a2ecfa911f8735b18876a8ce532e0f75223a |
| SHA512 | 762a51a06a67d200873510918e47384628f3afe75d4147b13f7c6e0909ea5d9bf1c7f35226da69a041395281cda7aa23cf69019ea886ddf6f2b84c8e4eda1078 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 066aa6ba91a9dcc8fa4e39a98863a3e3 |
| SHA1 | 66cbdfb0a5b97d1d65342195e4100b555bfb094f |
| SHA256 | 12e2135323ad6dbef911fbf833fe08738930a7799f0d1d0ffda6d2d6776a7227 |
| SHA512 | f3d545dbcf232b2e40920850b846ffc12532cd91bb025b48e8f979228276a0d6185aee1a5a4cb0814d484bd3a0010753154fafaf87c9a5a86a000c7978bee864 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 67a1a1e28b9a7c300a37192b39dcadb8 |
| SHA1 | c461fe6504ed4cc2c5407019fb5ecf14c9c6e6ab |
| SHA256 | 46b71e387ce2b515f5641779d8ca48b6edf03978d0dbaf1d5fba3111fb2c91a2 |
| SHA512 | 157205eb939fcd0e17f9030982a22c6eea1bd50e31e667663f478bcff9cfc5d8d3fb4249924442591a46c00fa88cc3072b4d409414ca119fe8af8440cfbc8713 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 320d437905117e7b768bcd4290492b57 |
| SHA1 | 9b31c167de2d1ec763e9089677e89f3e0432cacc |
| SHA256 | 807464d955bd44ea6b3af16d02257da07298c755215e34bd58299484a816a866 |
| SHA512 | d12924fe6f103196781db5b8bc359aa61dbe652fd723131ed72f36abd79da3533526e40b2459d31c6387457299180463f2e102cfcc579266d6c8278d1b0eb795 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | c9b41e1cf39725894199bb54d1668506 |
| SHA1 | 40964347bcf490247073a837c6578aa7c0bb56d0 |
| SHA256 | 0535519e2c01ea274d7a3eddacdb015a8f764837d9e922c5f611f1e8380864eb |
| SHA512 | 4ccd220cf8793ba00eeb98a0bf5b2c49eca074356de741951a69b6bcca165c735253e62d35b49969d9a907138ad61a718ba7d6e1fe3a482238d7f3c83f1d707d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 17183216d6e335687d6a0ad45188dbd9 |
| SHA1 | 83733a59f44b94d340d72f95cde1709060780147 |
| SHA256 | ab9748298671c673bae438e5a56e8bedbd1717a9f4cdf30be1858c4fe8b04869 |
| SHA512 | c013851730ba6c6de0c867bf86a0bcb6fffc382de64ad5d7416e8a103fdb8e029c2e74a3c52ccf3b4fc78d209e5582208277cb2661ac20e3a73d202824dee8c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 67e956b72662e5de89378a67ecb2ebe5 |
| SHA1 | 1cc4dabed4079c5100607f064059c0b6d52cca89 |
| SHA256 | f9bf2e42f41eb4bddaa83c6d37330e282e95d239721e675bfabb6862c7358f6f |
| SHA512 | 93c6133ef3358837030858e3a275562354a0c23adc3f9fb2144dccf5dd6e76bf98fe5d20c6e4fb4830fbf2a08f7224ab16c0c759a26551a342aadb99886f010b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 5f0b4800348ce44b0fc148674667b363 |
| SHA1 | 4a4b73a2404602c22761bc649bda001880fa9538 |
| SHA256 | f2125b26d0851df0bccf36ad082012e4daa23959d6549e1319299c37c5cd7e60 |
| SHA512 | 0f4f85511f501fe68e0b58bd1716fa980e8ded2e46fa14768dafc730abe391367176ea8fcac8f51697c33c515f9c97a82f8484244be3351a9e2878e9f8451e56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | 677ebb7771a77db04bd3a533db5a9151 |
| SHA1 | 1d269f5c0d6b59bd8ca1cd9ed293d57f2199a75f |
| SHA256 | cefe1fc9c57add027870dedcf498c63cbf480bf0bb800817b449db3ea2563ccf |
| SHA512 | 6e6746d7a2d5b5717207b1bfa1b5d019323e2eca73aaf2c75a05a4453317b6e8b56e123e6d721b623a546a7741981c3527219bcdc068fdea5788c978674805eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | e953639b66c6127424227b336ffa8dc0 |
| SHA1 | 645b0484bd8b3270125b1c5e4adc08464d680477 |
| SHA256 | 87420a5ad2aeb7d96b29605ed1564e4f8137bc99284cbee582f3416549bd15f7 |
| SHA512 | 9958cb9dd0d405c506a1110d13443b39897cf908fc081a5764d91df21bd793b2dbc8d4d3b711689ba33549e8db79dfcce7f6c9df0969b198efe1d07fc6b97a13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1488cf7f43831ee577f6df9bfbed02a4 |
| SHA1 | d6ab53fe4516177d9951d58f25dc929a9efd4eea |
| SHA256 | a08faf301cb13b9360a6337b2d44881b76d3eebf0aa433103af0e902c7b3688d |
| SHA512 | b8a0ebc77a80384216554bbd33c4bf63a3851dd04bf2155d058a6a1f3e945971e92e78239af2392c6d722cdf36adc963dd6053d3f849bd03f8f6bf1cf18d5404 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eef089ab2a920b2cf57252ad77f5b403 |
| SHA1 | 76cb6b0c6e7d46c433874c0127ba3c2cca9a284e |
| SHA256 | b0f175a4a642e98e299983d13f0ed6584ff89d525da8abf7bd2fb84a8b545636 |
| SHA512 | 16efa872f6ac90710680cd6992b42d0b1245657ec6706cab99ed55e701f20e533107d6bb094764be613fc9ffd7e1e2a97f07344ff4ff841508111114dc80c900 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | e16ba8fb718132a7f724f711f205e862 |
| SHA1 | cef4f87901be5c871b52841947e13445c70dc2c4 |
| SHA256 | 96c0d9c146018d93a26a5b1d6149b57b96a32b9ed1196e0b76f33d2271c12149 |
| SHA512 | c9c0c980105750db83a418e6537bdc77de8151d81a6a59a20d709ec14815d9a1c488ef614c569d6fd0d744c549b571d6156a23663a1283aef12b60a0094a40bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0bb9da59b5d8724d6ae27c80ab4e5905 |
| SHA1 | 6611f2a92ef89cd7c2a0158033414bb2d47a4ae2 |
| SHA256 | c48a16ad0a0d4dfc3a945b0a18cbf727f27d5c7c755eb3478f93d7c991e7da5d |
| SHA512 | 17ade18737ab55d8a4938e1af9ba595ba7948c995b311a6ec163e25ceb1c1fe5cb73ee5d9838f801fde5c84030c72f52887873e45f58a87db74ef312eceabe14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5e2518fd27606da7450396cd98723a7c |
| SHA1 | c020c3c58589b1368d17d47665bb69fb0ee62181 |
| SHA256 | f2b11a40fb2d6749da61865ec116a3b6e52e6fb5899c5d5984870d6c522d758d |
| SHA512 | fc084501f5b203e094516e55de1d0153b5aef7a41a350eb8c49cd836426df7f3cae3272f8e2a81867d2f8ddd79dcafcd9ae586380e8ca172a8f853c1efed38ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 64e78e513bfba21a1bb3e04e557d047d |
| SHA1 | 018bd7266e1b615e298b8fb13501758968ffc938 |
| SHA256 | 23209edf3c077d22b24f5564a1e3f2e5cee4a46f5e11cd08975bcf43161b360a |
| SHA512 | aaf73908975c6f047c7968d2dd15c301dbfe683fdf059e63e9896b4c2fbb9ebc6a4f326031511271f970f1cafbb9fdfaf3bc81b11420a35d1f2471c7d6c87b7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0320bfbeb7ef66291014060435b763f8 |
| SHA1 | 7366b8f68954314217ce2c77cdebd9000b639830 |
| SHA256 | 59c5d50680aa833580ec7d9c9996f476046cd05d44831d23d82754b6e3016b78 |
| SHA512 | 90726edd9612ae2dc055d6aac4e58c812ba9519ef886de569e0537b0a1b1999da219470bf6382f033ce1c0d16d701a6f1428a94604e74ce7a88df3934269329e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d13bb1b466d83d9d79532ddab4c0b7bd |
| SHA1 | d6b3cc285de07f7413cf720bcf3db7bdeac915d0 |
| SHA256 | 0a8a587a93331582240013614b5e1492a32e4a5f65e55dee16be566b94e62bc5 |
| SHA512 | 72a2bd86f6270955b454f3babe67afd850a372afd470a0b22b92c7c218c133068075c1784b68ed14dd762809e76663790f32df900b81fe13ce7047e0a57faf9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ee3b69b0c5f1285c00aab695191500ca |
| SHA1 | 04e5c561e16b871357360808e98e158471f0d4dd |
| SHA256 | 143ddfbb0175e5b006188eccda42145f87bf0300fd3fa8b56634aa5366b28710 |
| SHA512 | 6c231c7d69fea63743258b9087d82a79ab0eab8015b44b4ba12a3cbac82190d4a2f95073a8add6d5d7b29004df5496897eafc3b5f0d344e630c2337b578fc56e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0ada9bdafb9446c489d4d42c1a0f208a |
| SHA1 | bac38df9c1e94fa3834780ade9e116f07ddff57c |
| SHA256 | 0559ebb9094242a2d56916687e960856dbac94f97108257e2a9a63bad81f6ed5 |
| SHA512 | 7ec1d58e9a519a822daf844fa7baac992551d3629a353ff58e6a8f988515dede051a62894d8ee4fd0154c37262d62401772fb3bcfe7fb3afd058e73821dba869 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0721f269c5b4fef93d28c227d4de3907 |
| SHA1 | def23b7617d5b1a706d3675a4881a978b5fedf3e |
| SHA256 | 0aad0e068502a3658888b188fbb1a5cbef93bb29e8bfc832c93fdf3a0222a0d1 |
| SHA512 | d4eefe346b878970a33e298f81514e097ce509c27e7cdf0609d9df1376ccde9a691a81600f6c710506ab2b9409db23980c06bbd83a6154e8e7b5a9f471b0e8ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 78f96ffeb1b16007b48ed38667eee1ee |
| SHA1 | a6988df3867c719dd677c4c4d4aee2e0695ce656 |
| SHA256 | 46eb95460629ac1192cd53baab530b2ac9179b9bd684478e620d2b85a36e2bb4 |
| SHA512 | 3a1d1d4583040dc198b36a9d7774736142282f962f760042a51e81897a564b8402f6abcabb3c8e14c8bb7ae8b892b3bc0f4c7c07d0833dcb6cec2c91db1ddb96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 9fcd00c04bc59f2ab39d8890979656e9 |
| SHA1 | 66e4ef27f7803a5777189689aa58fc708d2d0ce5 |
| SHA256 | 12e4aeba100b3b19252b0f1aeee2c50d9c0cfbd6ae5487512aa58a5cafa91982 |
| SHA512 | 172e3bd12f95a3922971570dba7d2649c0bd0df8238a902a30df69a9004c542421a6094e8b307435b454e5ee46a0fd15b15d3193b378305d115351f825024723 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2362c9b6-6b96-4162-bae7-45adc240c1da.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 94860ce8beb93aae9c67003bb8e3fd8f |
| SHA1 | d9e9d5d425234d2155bfa4a4a774d56ad972eac6 |
| SHA256 | cd4d2e93d5933fc4106e92d26c64c6078d7643de114b044d570d62af56805627 |
| SHA512 | e6bcc4bb87a9d4b64690b6802af082802f59eccb499c6b31b48ed7c4754a3450f98a7df895b5dc8d7ff476b08352cb3b800377a6053fe3e3246961ee46df9923 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 834cf9ac906d4c23e8d5a029fff5e61f |
| SHA1 | 2046b9c590b3c3e982ca35b8d16241d636e75627 |
| SHA256 | 9cf1c25c46eee67e38d60b65539391d72dedfd5900488b04915af325d46f87b2 |
| SHA512 | 8f7f30b5b045f4aab3377100da49f8840482c81a8845a207d1d7ac8c23e64dfef791b4ede576d7a52a377c1c11711d432f6a03f1a28bd7a026500cbc4777f67b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 589c49f8a8e18ec6998a7a30b4958ebc |
| SHA1 | cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e |
| SHA256 | 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8 |
| SHA512 | e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 024c467f2efe1b5436c3cc7a61ab3075 |
| SHA1 | 37ceb7d235b9f9c03e3f58ec900a4924469044a8 |
| SHA256 | bf1df5963ab834b5ec12ae57d6c1f6dfe38fef68d6c1d1baf2f56ae19cee4df4 |
| SHA512 | 3fd1f338afa6eb50e3bbd84409f45fb96cc0f9c9ae83e14fe96075dad11c6b09c4a66335b4b3c23339411ac468821dd01b2d44b4a00af2644d776f7aaea251d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b8ea4187f1d9e02eb701c596bdacd678 |
| SHA1 | 54abf83767df054f4dad2650d9d346ada1abdf3b |
| SHA256 | ed7c4eeb4e2bf5c9c675a0a74ce30445b032d936100a573fa3db80b1518e7c7b |
| SHA512 | 08cc0fe292db1ae8a76cb0e514b5290996bb4b4ecd5ff26c2b980906e8435595c89a092b55539f92a505a5d2860a4864a56b2c536447118a3d3892125f684a14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ae6fb2542480473c50672e2e2db0d26e |
| SHA1 | ba2385322e0999925e9e67cd18cc471cedd8ceb7 |
| SHA256 | 950a65f6666a68c476a9cf61ec8203b76299c5d2ca6a90c4ddbc1705e1c5870f |
| SHA512 | aa2df8e10933f6c9b2c3a536f5db4642e7e3d3d96bc2c6a1c03f43548ed939895682beb343081884fa6dccd4a5a6994d16c9921451c55c876006dec7fbd58ac6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5c9d05d93fc08a83b64b28531185dc45 |
| SHA1 | ab27bc4a102b508c97febd866b52f63cbde6d0ac |
| SHA256 | 491e37e486dd23de5b18b3878a5ec027848127b9047ccbb86fbea0f965a04aa6 |
| SHA512 | 5c4e8458d6a51bff8973dcefdb8d6f94be63a533fa48ed169e6ef47990d3d8b611f3230bf371b95a884102936695c5ab0c99810fac3ab963f29b3aac16819ba1 |
C:\Users\Admin\AppData\Local\Temp\MSIBD6.tmp
| MD5 | be8c065b21d74f889136049761d8a3f3 |
| SHA1 | d3a03a826102ccd3c23bcbef9d4a9cb5ae66119a |
| SHA256 | c4f80a77217c2dfba6e5c2208c1631ee1c02b2f0d9888dd2368aeaa20af4e793 |
| SHA512 | 7e087b61f3a86f3c562b818b30cde9341b84e45ba89bfc04ae00852614fa3fe54a73f50d2b9bee883958fa8f437272883eeb416746dd9a9385ce44c1004f8596 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 20c630fc6ec61ce3cac4d493ba7095c2 |
| SHA1 | bc62ad083e3916aea9e586a172eb81c311bf467d |
| SHA256 | 6826ccdbbe31b807aed041311471d58ae8ce39b698eeb0166e90fedfb9bb9159 |
| SHA512 | de148a7d270719531c4f81af1d52c4a17539819ccb5e9d67bcf34ebc46fb7767fa26df1b1bc739e6c58835e7fe7e01d8446ceec1f537006b0d8fb94900c49244 |
C:\Windows\System32\DRVSTORE\VBoxSup_A787ABFD625D24C81859933DF75DB4CB1D1DB543\VBoxSup.sys
| MD5 | 3fc301253dad6e9b5aeb9c16b8425900 |
| SHA1 | b97de5c3b246d91ae2d7d811f9fcaf1eed927c4a |
| SHA256 | 30ec978da9660b5b97b7c5f3da8f8b7e0fbd0d71233bf9db2a97942f1cb4da5a |
| SHA512 | 5491bd430b5d3f61340454eed34b948d477575b07e1bf92035dde6d5bd7a0bf70f3e90068ff29d14d5406c08935f56be56c3419989146b53ebeec85a4880626b |
C:\Windows\System32\DRVSTORE\VBoxUSBMon_3FFAF57859D7F88D95E7F2E24CAA859EAE571CD7\VBoxUSBMon.sys
| MD5 | f844ae6bd2b1828097a67baa599f2c87 |
| SHA1 | 5a748018d31f8bae1bd4ae5c8d0b789ff5ea3d57 |
| SHA256 | c7b70d26de2badde1b2733e30041b41dc88a23f85b7f38fbce44f748787803c1 |
| SHA512 | 10925e588ac0af3df3660bdab643c643dbbd192e55f5c5f1b2d7bbe96dd70bdc5264a43bf8217015eb1437f04c21a1b59dd536a4e28f5ded448a5e1385f0cc63 |
C:\Windows\Installer\MSI6635.tmp
| MD5 | 8deb7d2f91c7392925718b3ba0aade22 |
| SHA1 | fc8e9b10c83e16eb0af1b6f10128f5c37b389682 |
| SHA256 | cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4 |
| SHA512 | 37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c |
C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\VBoxUSB.inf
| MD5 | 3e055710fe99d15c831a4e481bfed456 |
| SHA1 | cb320b453695318ad977881b79a1be042629f712 |
| SHA256 | 0751a6450b0241dddeef854f5e020ff27a6e470d49e00cb8a286014a235b3769 |
| SHA512 | 29bf05414a00f6f6304b3d4337e3f5a0a159490d8414b556697ee0af03b0425ead3a14dcff30f2522f795923b7d4e3b44fc3283654bcd0411c1c21bbc1847cee |
C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\VBoxUSB.cat
| MD5 | 1ecc55653b3ba5ba2c2fe372caf5ba42 |
| SHA1 | 7059b0ddd0d35f51e74de2b967d5e418705c4d0d |
| SHA256 | ddf448e0c52ed0d0f85aaeff603669c0b4e232503d311987a5581518b7c333d1 |
| SHA512 | 3fc0e0b60eda19e7a0b93bc57ec9c865bee3d88e2a472a4beaed247cc8bd9e4182e0858c4693a9feadc43ebb4466b5447dcd17c66841daad04f4ea3b75ec8dc5 |
C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\VBoxUSB.sys
| MD5 | 9e90bbd316496fa29989b05b71358ecf |
| SHA1 | 60f917e7c1c9f86a178e4ed8dbb00d8422af7a1e |
| SHA256 | 7eb8952d0ecff00298289971dd7466dd68e6fa0f8c013ac44534dcc287c53d85 |
| SHA512 | 694f473c1a80974771d523ea43436b7b402872831dcd273f72467848b3b67f9098135926cdce9206add539fd32f2e7a19c3216ee337155f68190bda614dc092a |
C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
| MD5 | 444a17ac5b31830666353df862b468cd |
| SHA1 | 9504a68af7bb1db32b81aaa14cd92050dab2920b |
| SHA256 | 3dcb11a7f0a3e7b3e7631b863ffe0b35de96547d2171a128d58678a922186873 |
| SHA512 | be96145077e9f151c6ee0d3a349f532a654dd4e5a7fe3098b606246acc57d016b1e5f92b263e62fabeead4dcf397dd9cb97f0713b564fe54cfa711580d20c115 |
C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\VBoxNetAdp6.inf
| MD5 | 41b7e48a0f5dc49758c40c7307f11903 |
| SHA1 | 97bcfef97ad5dd8bdb7b04824b98cfff9e3d6775 |
| SHA256 | 150a5b91b0c03ca9c0d804115c170bbb94306868c1407a18d7cc7981ebe2a178 |
| SHA512 | e141ceed32a5174747d9c7c0e813fc8e6c79f41769c0e73a00ff1f259603bbdf44df4166b17f3cf004ebb73129ec1ac1b227bdcee70a4068bd5079f8bfbb642b |
C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\VBoxNetAdp6.cat
| MD5 | e85f56e39bff15eb90c843ce6d89edec |
| SHA1 | 22d646525834c2a9eafa99f845c1e17c6d1cf920 |
| SHA256 | 125a51d8b2f3737176db37c01d170eee805063669240a27d1aa71f11bdfcf31e |
| SHA512 | 12b9772ce06911a2a3735c1b639f2bd6e16d93ba15853d26270a6b9596fee7bd0c017efc4e6aa8945b8cac6670a5b19aa1211991d3efb0558c2155d6ef35bc81 |
C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\VBoxNetAdp6.sys
| MD5 | 95f0ba193042eb22e5afe458d1d2df1a |
| SHA1 | a6b013f7ef8b69ade12e325ab9f4e8c02bfcf2f0 |
| SHA256 | 3513b3902150ba67ba9a8bc25203e572f785a25d9a70bd6b384e3b5b7ad8d87a |
| SHA512 | 3a395a5787b196de3c84822342f9f881c416b595f06470cfbb5861e1edd00dcbbc96d15ea9d5b137ed6490f4203db390a1e44b83d0ed75f8504f2fed59901866 |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | 8a4b7168dab6fbc4c80dfe1eeed71f82 |
| SHA1 | 834ff7cb5b6bb790f64a00003e1c389c482a1978 |
| SHA256 | ea07c2e4bdc7077a65d7ae359887c7dd348757782890767f705081316f959700 |
| SHA512 | 2c8a1a3d5de5f3d242ab4884da566f7bbe0048010aaa4839f0c1cb8f16a28cda97c0ade449fdb5515ec0b995ee5198abec68c9245c1ad63216c7adab2dc03698 |
C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\VBoxNetLwf.inf
| MD5 | d01e2328edd5ff970588603b9c0198ed |
| SHA1 | e999593c760ac94189f0b2ad171d99f4922a072c |
| SHA256 | f02b8df318c50cc4f465581c8936c11591f6e8e8084c23ac3c1aeff52c55df1d |
| SHA512 | 9d5993e27c52adecb563b64b99b2ec511977a7491c1e3c314fd9dca5152d7f8fba7aef8e3b60eaa1810c35237e13554d70c259f81094c0cbf470f959c4330b9b |
C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\VBoxNetLwf.cat
| MD5 | ed86a6e61d2f4678c88868dd73ca33cf |
| SHA1 | 31a61d0216b4e4a0a2b87744838868c1673402e6 |
| SHA256 | 988482c43a2eac4fd63c9be31d6dd21b5346d5b0adf260afcfe9516dcf243bfe |
| SHA512 | 359477ad3d0f98c4ea99f3236ad10f4b6ceb19bd59df1d5b394a195d5f67de71f24f7ef19a33733998a403b266696703fb16b21f9e206bcd56b30b1b99851434 |
C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\VBoxNetLwf.sys
| MD5 | 76d8ff9f293bdd5a5c53a50940356538 |
| SHA1 | b30eb13f79967f01ebe1f502dec29817bfd629ed |
| SHA256 | c7e49444f83849ca1c67444ab1339e0fe355dc68cdfd3e1688006d9a46c01c56 |
| SHA512 | 3ad4f4f7a9256af92acb70dfc5135bc26394b2a96f35ba08d30009ba781d3e624b85253e9f4f72c6401a83e03a3ae1071ad377c3ae655be1ae11b5df8c7bdeb7 |
C:\Config.Msi\e5b5234.rbs
| MD5 | 340e6b69eec9793ed175b73ea5852e1e |
| SHA1 | 9a55ba5fa1156889da4c81bc2d1de04397fd1527 |
| SHA256 | 8d46e5ec009c9046519f66ddd12ea7384a87b8dbdead3e88e59a02e0c634d823 |
| SHA512 | 230690e554ec5adda59358f5b6fd282bf67e6771487385ff09cc2c7ea94223e84e28c96d728a70775057829d5a81d698ee56a2046b18f394fd9331f5d2664b44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 87e6f72f92f0fde81f0075b523c4ba25 |
| SHA1 | 157c1ee6c1fcdd36edfe5e4bd657ab57da8dbd1e |
| SHA256 | e8762bbcff1ab3f632991f2861c1e103df07a14ac207a2d9529388629b626781 |
| SHA512 | 15f90361212ce988241863c1a831812adda25b8cef4c8604ebd8dd700b098bb7928b4aed165827c4b6f22522ecf6d767ad28f4eaf61a9ee40d00416bc3c4a984 |
memory/3104-2300-0x00007FF717E50000-0x00007FF7180D4000-memory.dmp
memory/3104-2301-0x00007FFCD35E0000-0x00007FFCD3B21000-memory.dmp
memory/3104-2302-0x00007FFCCE970000-0x00007FFCD054E000-memory.dmp
C:\Users\Admin\.VirtualBox\VirtualBox.xml
| MD5 | d9d28bd2ef7192fb0efb99607d7a0807 |
| SHA1 | 7fb6f32f1c0f227118613dd7779e1bf0a6e2ce4a |
| SHA256 | dad710b076d96b3de34a58363a3241935bfe205b7240ce57f9d85bf2058e6dd5 |
| SHA512 | e058987d5fd8ea6cd3c3081c7ac45ce1e3719c4a38b46390133b19539fad35a0d8ad699023a3d934d18e3356cb6def62bd197b5a32ad496b620469c55d9efb13 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-06 18:53
Reported
2024-11-06 18:58
Platform
win10ltsc2021-20241023-en
Max time kernel
242s
Max time network
276s
Command Line
Signatures
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\be52ecba-19de-4ca3-95e2-7d6d25d2a005.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241106185351.pma | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://itch.io
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff903a346f8,0x7ff903a34708,0x7ff903a34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff644815460,0x7ff644815470,0x7ff644815480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | itch.io | udp |
| US | 45.79.115.66:80 | itch.io | tcp |
| US | 45.79.115.66:80 | itch.io | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.115.79.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 45.79.115.66:443 | itch.io | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 73.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | static.itch.io | udp |
| GB | 172.165.61.93:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 104.26.9.198:443 | static.itch.io | tcp |
| US | 104.26.9.198:443 | static.itch.io | tcp |
| US | 104.26.9.198:443 | static.itch.io | tcp |
| US | 8.8.8.8:53 | img.itch.zone | udp |
| GB | 2.19.117.28:443 | img.itch.zone | tcp |
| US | 104.26.9.198:443 | static.itch.io | tcp |
| GB | 2.19.117.28:443 | img.itch.zone | tcp |
| GB | 2.19.117.28:443 | img.itch.zone | tcp |
| GB | 2.19.117.28:443 | img.itch.zone | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.9.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 45.79.115.66:443 | itch.io | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 28.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.109.69.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 78bc0ec5146f28b496567487b9233baf |
| SHA1 | 4b1794d6cbe18501a7745d9559aa91d0cb2a19c1 |
| SHA256 | f5e3afb09ca12cd22dd69c753ea12e85e9bf369df29e2b23e0149e16f946f109 |
| SHA512 | 0561cbabde95e6b949f46deda7389fbe52c87bedeb520b88764f1020d42aa2c06adee63a7d416aad2b85dc332e6b6d2d045185c65ec8c2c60beac1f072ca184a |
\??\pipe\LOCAL\crashpad_2032_MURVCPUIXECJSDPC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a134f1844e0964bb17172c44ded4030f |
| SHA1 | 853de9d2c79d58138933a0b8cf76738e4b951d7e |
| SHA256 | 50f5a3aaba6fcbddddec498e157e3341f432998c698b96a4181f1c0239176589 |
| SHA512 | c124952f29503922dce11cf04c863966ac31f4445304c1412d584761f90f7964f3a150e32d95c1927442d4fa73549c67757a26d50a9995e14b96787df28f18b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a394868a-b801-4ed8-be05-3ae19c692c1f.tmp
| MD5 | df60a8491a1139cf8d583c51a0122a0b |
| SHA1 | 8dfe060b5da81702a4ce4e302382e92a7f3b908c |
| SHA256 | a679f8576757538100989be1948cfa6ff8f18ea2c27237e3e0c9c63536626c31 |
| SHA512 | 6300a58321e91301fa9d5663011cbcc44fedb1aabf2decf2defdc1a43f62891fb723f2b838e500866c513bd7433ab55f4698976837b5d7f399c90d53e8632bec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 9010fe212d7da97a4e9cf63a903ee7a4 |
| SHA1 | 8f124a736d045eea3c50a9597d18c9af8b128e28 |
| SHA256 | c2956b77f9af9f4d79e0198d8a7e0a5b6f880b4d597dfeee25a3f56c05d11834 |
| SHA512 | f763ab3261592107fb19b7d6134c7f4d02e921258b1c72f1e0c69a95ee8ed9cc20498259a279cca9648bbd213a5234b965a9196865d465e1f975ee9242e36326 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 5b1f94087dd3cc156fe156f6272f7f03 |
| SHA1 | b220bf41f7a5d6caa5489dd3c35407c90bd4ae62 |
| SHA256 | 71c0b8c37a47ec2cabd6c588a78126399f498da8addb9071ed5258743501ad77 |
| SHA512 | a1545a4e938fddc2b8a9c6387b579e00a29a1b1817fc186acffbac7f130ff2d07eeef81176df81f727a0d6b29ab90595207363f283a78b9839838e346b48c9cb |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | a327a7ba8227f36016b1657f6761183f |
| SHA1 | c0b28715ea43898e546e27d792e0d016c8255c0b |
| SHA256 | d90cd37329ce4ce9e642f85b954d170f561005901f765ebd01e4664dee3adc25 |
| SHA512 | d0e5f9e155558a38ddf959dc22892e9ad0432b6cfefa7c24bad538ce185b47a8bf43eb2fd76c8a06fd0c1de2adcbfacacb1d66f5ea38f5cb29a831df58a8a82b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 91a059dc9cd580d40aa73c76376c0870 |
| SHA1 | 2a9f64f4504ba2567744d22ecc315891d25c20d5 |
| SHA256 | d44a988e76fee10b4fed0c56d19828c69fa09c3a7ebbf1731edafbb8382ce313 |
| SHA512 | af4778de2c76be3ced53c8873b35bce91d69c67cf3d0b260cb29792c04a095872c05fca5e0781163f98f9721e21aa1418800c6ced8bcbf4a7b15b16c586414c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb8ec331e5a002bed95b2f628e82bd4b |
| SHA1 | 22a5379fea8dfbf6e3e35a9632c6b2422575f154 |
| SHA256 | dac660ad0d9afd09baf36512e21ec696155cb0e17d5bddd56cc4c8c5b254c710 |
| SHA512 | 436e6e3eb5a0366db56edfe1ec0b2273962669a3ed7c2c8ea7d2f97442637b9a83bc7fb9f3f198643049da7e40cea1e2abeada916b977de2e9617944d12f1ebc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 21320325bdfc20c6f4e4d136228fc9c5 |
| SHA1 | 7e96950811d7ddbc1daeb7341ddb9768980bf2b5 |
| SHA256 | 5e7ac2b978206a07d8b1841a2bd89eae4b466bcd8a0df3a62ae2ca0439b8bd5e |
| SHA512 | ee78316d5b8edffdc83e3431bdbd28ae05a481d2a445ddf3b7c58bf0f01c6c42aead46a4d91e7fc75519a5ca8a7e2bab78749d88476c7a2fa0a25e8b3592bd43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ea1db5be497599171ae2d4b2e5473d58 |
| SHA1 | 5bec91520b57727ee3e5d6f4dd5c1050a2d2a283 |
| SHA256 | 9186723e4836a1c850fdde8bd582eae0d441931e50044e3cb1f09c9ff6fc86e6 |
| SHA512 | b773ba738d264257befdce695f0e2597feb8aee081a7970ca2d8b0e60ec85014f8ebb747cecaf607950b033f860609e52f9aa9b2fa9e0c497081ffacbf2ab45a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dbf794b766490d6e5c00ab95f767f7f3 |
| SHA1 | 30df6b23f6bd61be801ed7f341050512d35c5888 |
| SHA256 | 33dfc8bb252d57c4095c2dae316abc702339ba2daa5022b1ac18c7256dc23339 |
| SHA512 | ec2de7503aa3d33f1bc173b08844cbf7b40c502b2aafe0ffac0144c508fb1e99c374d91381ae12546df76ac8d5ff17efc4a561f9cf52fee84c89deec688a8256 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e2d5d01b37a7567d574102664521808b |
| SHA1 | 54afc158490ac831ccf253044047cb82eefe2772 |
| SHA256 | 7b7947ec7eaa59621a7b1c73ecf2c7b03eb71ca92d9d0f30b475a1468d0ee8c4 |
| SHA512 | b94f302ffbd433524d8950e0660ec0172193f64701fa66a5d63f81708f4c198990a5fcd72a85e691a2efaa5b0111ef4d6a820cea7f3cd6780f6db79b6ef5c337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 873e1d29c8ea6248a96397609b11a3eb |
| SHA1 | f952aa412239ef837575ba7e726b4973b6bc26a9 |
| SHA256 | 7c3345261d65ee9218069725307b9b0de3a4c4183884aaef10ca22567507d725 |
| SHA512 | 97705631552ef7ac7e2bc8a980036666c8325a9cd14d23542fb0403b39cdd05a8a6179a9566e67117103ec4d90074b7022aedf1a2efda4ffe4ebe37bd8dd3286 |