Malware Analysis Report

2025-01-18 23:59

Sample ID 241106-xjw7qswekk
Target http://itch.io
Tags
steam discovery persistence phishing privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file http://itch.io was found to be: Likely malicious.

Malicious Activity Summary

steam discovery persistence phishing privilege_escalation

Downloads MZ/PE file

Drops file in Drivers directory

Executes dropped EXE

Event Triggered Execution: Component Object Model Hijacking

Loads dropped DLL

Enumerates connected drives

Detected potential entity reuse from brand STEAM.

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: LoadsDriver

Suspicious behavior: AddClipboardFormatListener

Uses Volume Shadow Copy service COM API

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

NTFS ADS

Enumerates system info in registry

Checks SCSI registry key(s)

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-06 18:53

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-06 18:53

Reported

2024-11-06 18:58

Platform

win10v2004-20241007-en

Max time kernel

288s

Max time network

290s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://itch.io

Signatures

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\DRIVERS\SET7B47.tmp C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET82CA.tmp C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\system32\DRIVERS\SET82CA.tmp C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\VBoxNetLwf.sys C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET64A2.tmp C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\system32\DRIVERS\SET65FA.tmp C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\VBoxUSBMon.sys C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\system32\DRIVERS\SET7B47.tmp C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\system32\DRIVERS\SET64A2.tmp C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\VBoxSup.sys C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET65FA.tmp C:\Windows\System32\MsiExec.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe N/A
N/A N/A C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A

Detected potential entity reuse from brand STEAM.

phishing steam

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_a009d240f9b4a192\ndiscap.PNF C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\system32\DRVSTORE C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\VBoxUSB.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa} C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\SET80F6.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\SET66B5.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\SET7A5F.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_9ab9cf10857f7349\c_netservice.PNF C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_7d294c7fa012d315\netpacer.PNF C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\system32\DRVSTORE\VBoxUSBMon_3FFAF57859D7F88D95E7F2E24CAA859EAE571CD7\VBoxUSBMon.cat C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\VBoxUSB.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_c5e19aab2305f37f\netvwififlt.PNF C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\VBoxNetLwf.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_0dc913ad00b14824\netnb.PNF C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\VBoxNetAdp6.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\VBoxNetLwf.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_8a737d38f201aeb1\netbrdg.PNF C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\VBoxNetAdp6.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\SET7A5F.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b} C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_51425bb36ecf3729\vboxnetlwf.PNF C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\system32\DRVSTORE\VBoxSup_A787ABFD625D24C81859933DF75DB4CB1D1DB543\VBoxSup.cat C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\SET66B7.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_2faa3f0a43645fa9\VBoxUSB.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_2faa3f0a43645fa9\VBoxUSB.PNF C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Roaming\VirtualBox\VBoxSDS.log C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\netserv.PNF C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\system32\DRVSTORE\VBoxUSBMon_3FFAF57859D7F88D95E7F2E24CAA859EAE571CD7\VBoxUSBMon.sys C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\SET7A4E.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\SET80F5.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_51425bb36ecf3729\VBoxNetLwf.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\SET66B5.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\SET66B7.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_3abcb7c1789f91b3\VBoxNetAdp6.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_51425bb36ecf3729\VBoxNetLwf.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\SET7A3D.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\SET7A4E.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_3abcb7c1789f91b3\VBoxNetAdp6.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\SET80F5.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\DRVSTORE\VBoxSup_A787ABFD625D24C81859933DF75DB4CB1D1DB543\VBoxSup.sys C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\SET66B6.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_2faa3f0a43645fa9\VBoxUSB.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_a2bfd066656fe297\netnwifi.PNF C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\system32\DRVSTORE\VBoxSup_A787ABFD625D24C81859933DF75DB4CB1D1DB543\VBoxSup.inf C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\VBoxUSB.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_2faa3f0a43645fa9\VBoxUSB.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\SET7A3D.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vboxnetadp6.inf_amd64_3abcb7c1789f91b3\VBoxNetAdp6.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\vboxnetlwf.inf_amd64_51425bb36ecf3729\VBoxNetLwf.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33} C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\wfpcapture.PNF C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\system32\DRVSTORE\VBoxUSBMon_3FFAF57859D7F88D95E7F2E24CAA859EAE571CD7\VBoxUSBMon.inf C:\Windows\System32\MsiExec.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\SET66B6.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\SET80F4.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\SET80F6.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\SET80F4.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\VBoxNetLwf.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\DRVSTORE\VBoxSup_A787ABFD625D24C81859933DF75DB4CB1D1DB543\VBoxSup.inf C:\Windows\System32\MsiExec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\debian_preseed.cfg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\Qt5WinExtrasVBox.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_fr.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\qt_sk.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\redhat67_ks.cfg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VBoxCAPI.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\qt_cs.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\qt_de.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\qt_el.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VBoxVMM.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_ka.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VBoxManage.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyle.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VirtualBox.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\qt_id.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_en.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_uk.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\rhel4_ks.cfg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\debian_postinstall.sh C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VBoxDbg.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VBoxExtPackHelperApp.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\x86\VBoxRT-x86.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VirtualBox_150px.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_cs.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\fedora_ks.cfg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\platforms\qminimal.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\platforms\qoffscreen.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_th.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VBoxAuthSimple.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_it.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\os2_util.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\qt_it.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\redhat_postinstall.sh C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\License_en_US.rtf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VMMR0.r0 C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_sl.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_ko.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_zh_CN.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\qt_zh_TW.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\doc\UserManual.pdf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VBoxBugReport.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_ca.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\qt_eu.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\qt_hu.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\qt_ja.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\qt_ko.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\UnattendedTemplates\ubuntu_preseed.cfg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\UserManual.qhc C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VBoxRes.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\qt_ka.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\VBoxNetNAT.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Oracle\VirtualBox\nls\VirtualBox_da.qm C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI565E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6578.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\{E2684146-FB9D-49EC-959F-C4DBAFE50B6C}\IconVirtualBox C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI80A5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8356.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\Installer\{E2684146-FB9D-49EC-959F-C4DBAFE50B6C}\IconVirtualBox C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5b5235.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI79CD.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\INF\oem5.PNF C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\Installer\MSI84B0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI55FE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5E61.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\oem4.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\INF\oem0.PNF C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5EA0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6400.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem4.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI8075.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\oem2.PNF C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\Installer\e5b5233.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI5541.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI55DE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI561E.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{E2684146-FB9D-49EC-959F-C4DBAFE50B6C} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI58F1.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\oem1.PNF C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\Installer\MSI8460.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5b5233.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6635.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\oem5.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI56CC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5873.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File created C:\Windows\INF\oem3.PNF C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\inf\oem5.inf C:\Windows\system32\DrvInst.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\System32\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\System32\MsiExec.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LowerFilters C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000a47b29fbd6f9c3720000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000a47b29fb0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900a47b29fb000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1da47b29fb000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a47b29fb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters C:\Windows\System32\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\System32\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Windows\System32\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters C:\Windows\System32\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters C:\Windows\System32\MsiExec.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "59" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D947ADF5-4022-DC80-5535-6FB116815604}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AD47AD09-787B-44AB-B343-A082A3F2DFB1}\ProxyStubClsid32 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{3BA329DC-659C-488B-835C-4ECA7AE71C6C}\NumMethods C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B79DE686-EABD-4FA6-960A-F1756C99EA1C}\NumMethods\ = "14" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{806DA61B-6679-422A-B629-51B06B0C6D93}\NumMethods C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{45587218-4289-EF4E-8E6A-E5B07816B631}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A54D9CCA-F23F-11EA-9755-EFD0F1F792D9}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D7569351-1750-46F0-936E-BD127D5BC264}\1.3 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{327E3C00-EE61-462F-AED3-0DFF6CBF9904}\NumMethods C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{A0BAD6DF-D612-47D3-89D4-DB3992533948}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{08889892-1EC6-4883-801D-77F56CFD0103}\TypeLib C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7682D5EB-F00E-44F1-8CA2-99D08B1CD607}\ = "IVirtualBox" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ADF292B0-92C9-4A77-9D35-E058B39FE0B9}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BC68370C-8A02-45F3-A07D-A67AA72756AA}\NumMethods\ = "33" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{3C02F46D-C9D2-4F11-A384-53F0CF917214}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F05D7E60-1BCF-4218-9807-04E036CC70F1}\TypeLib C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{813C99FC-9849-4F47-813E-24A75DC85615} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C984D15F-E191-400B-840E-970F3DAD7296} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{97C78FCD-D4FC-485F-8613-5AF88BFCFCDC}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A85BBA40-1B93-47BB-B125-DEC708C30FC0}\ = "IProgressCreatedEvent" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{A3D2799E-D3AD-4F73-91EF-7D839689F6D6}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{C1844087-EC6B-488D-AFBB-C90F6452A04B}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{97c78fcd-d4fc-485f-8613-5af88bfcfcdc} C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{35CF4B3F-4453-4F3E-C9B8-5686939C80B6} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6414862ED9BFCE9459F94CBDFA5EB0C6\VBoxNetworkAdp = "VBoxNetwork" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A06253A7-DCD2-44E3-8689-9C9C4B6B6234}\ProxyStubClsid32 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{35CF4B3F-4453-4F3E-C9B8-5686939C80B6}\TypeLib C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD3FC71D-26C0-4FE1-BF6F-67F633265BBA}\AppID = "{819B4D85-9CEE-493C-B6FC-64FFE759B3C9}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{232E9151-AE84-4B8E-B0F3-5C20C35CAAC9}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6F302674-C927-11E7-B788-33C248E71FC7}\NumMethods\ = "15" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\progId_VirtualBox.Shell.hdd C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3DB2AB1A-6CF7-42F1-8BF5-E1C0553E0B30}\TypeLib\Version = "1.3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7191CF38-3E8A-11E9-825C-AB7B2CABCE23}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CB6F0F2C-8384-11E9-921D-8B984E28A686}\TypeLib\Version = "1.3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5BBDB7D-8CE7-469F-A4C2-6476F581FF72}\ProxyStubClsid32 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{FA43579A-2272-47C4-A443-9713F19A902F} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B1D978B8-F7B7-4B05-900E-2A9253C00F51}\ProxyStubClsid32\ = "{0BB3B78C-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D37FE88F-0979-486C-BAA1-3ABB144DC82D}\ProxyStubClsid32 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{806DA61B-6679-422A-B629-51B06B0C6D93}\NumMethods\ = "15" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{E062A915-3CF5-4C0A-BC90-9B8D4CC94D89}\NumMethods C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EA05E40C-CB31-423B-B3B7-A5B19300F40C}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{CF11D345-0241-4EA9-AC4C-C69ED3D674E3}\TypeLib C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F692806F-FEBE-4049-B476-1292A8E45B09}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E8D3F27-B45C-48AE-8B36-D35E83D207AA}\NumMethods\ = "24" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DDEF35E-4737-457B-99FC-BC52C851A44F}\NumMethods\ = "15" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{714A3EEF-799A-4489-86CD-FE8E45B2FF8E}\ = "ISessionStateChangedEvent" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B55CF856-1F8B-4692-ABB4-462429FAE5E9}\ = "IDnDModeChangedEvent" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0FE2DA40-5637-472A-9736-72019EABD7DE}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{5155BFD3-7BA7-45A8-B26D-C91AE3754E37}\NumMethods C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5748F794-48DF-438D-85EB-98FFD70D18C9}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6AC83D89-6EE7-4E33-8AE6-B257B2E81BE8}\NumMethods\ = "61" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9128800F-762E-4120-871C-A2014234A607}\NumMethods\ = "23" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxSDS.1\ = "VirtualBoxSDS Class" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6414862ED9BFCE9459F94CBDFA5EB0C6\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{01510F40-C196-4D26-B8DB-4C8C389F1F82}\ = "IVirtualSystemDescription" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0CA2ADBA-8F30-401B-A8CD-FE31DBE839C0}\NumMethods\ = "12" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{83795A4C-FCE1-11EA-8A17-636028AE0BE2}\NumMethods\ = "14" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A0BAD6DF-D612-47D3-89D4-DB3992533948}\ProxyStubClsid32 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{46735DE7-F4C4-4020-A185-0D2881BCFA8B}\TypeLib\ = "{D7569351-1750-46F0-936E-BD127D5BC264}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{D134C6B6-4479-430D-BB73-68A452BA3E67} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6414862ED9BFCE9459F94CBDFA5EB0C6 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{08889892-1EC6-4883-801D-77F56CFD0103}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{DFA7E4F5-B4A4-44CE-85A8-127AC5EB59DC}\NumMethods C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{74AB5FFE-8726-4435-AA7E-876D705BCBA5}\LocalServer32 C:\Windows\system32\msiexec.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 552317.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Oracle\VirtualBox\VirtualBox.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3820 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 1132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://itch.io

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce88c46f8,0x7ffce88c4708,0x7ffce88c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5496 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6604 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,12314553580889619333,2875449537654458374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6840 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffce88c46f8,0x7ffce88c4708,0x7ffce88c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1924 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3312 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x464 0x474

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8619381254268267372,1879190871432820029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce88c46f8,0x7ffce88c4708,0x7ffce88c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6164 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6616 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,1978857355390274093,8196536875865932400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7044 /prefetch:8

C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe

"C:\Users\Admin\Downloads\VirtualBox-7.0.22-165102-Win.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding B36DE04F8B476D7D8BC77B5B144DBCA7 C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 70B5CB0596C9B6DE448BA89488240102

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 44B8AC5F3F44157B9E0362224627E8F8

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding AF2773DF4E21E98EBD2911196274D43F E Global\MSI0000

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\USB\device\VBoxUSB.inf" "9" "48f6bcb47" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files\Oracle\VirtualBox\drivers\USB\device"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 7A6ED3137EEBADC5720B5CAA8DC8B436 M Global\MSI0000

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf" "9" "473b17b7b" "0000000000000158" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf" "9" "431e52bcb" "0000000000000168" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf"

C:\Program Files\Oracle\VirtualBox\VirtualBox.exe

"C:\Program Files\Oracle\VirtualBox\VirtualBox.exe"

C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe

"C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe" -Embedding

C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe

"C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa387c055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 itch.io udp
US 45.79.115.66:80 itch.io tcp
US 45.79.115.66:80 itch.io tcp
US 45.79.115.66:443 itch.io tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 66.115.79.45.in-addr.arpa udp
US 8.8.8.8:53 static.itch.io udp
US 172.67.69.99:443 static.itch.io tcp
US 172.67.69.99:443 static.itch.io tcp
US 172.67.69.99:443 static.itch.io tcp
US 8.8.8.8:53 99.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 img.itch.zone udp
GB 2.19.117.28:443 img.itch.zone tcp
US 172.67.69.99:443 static.itch.io tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
US 8.8.8.8:53 28.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 22.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 45.79.115.66:443 itch.io tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 45.79.115.66:443 itch.io tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 2oo2.itch.io udp
US 45.79.115.66:443 2oo2.itch.io tcp
US 45.79.115.66:443 2oo2.itch.io tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com tcp
US 45.79.115.66:443 2oo2.itch.io tcp
US 45.79.115.66:443 2oo2.itch.io tcp
US 45.79.115.66:443 2oo2.itch.io tcp
GB 142.250.180.22:443 i.ytimg.com udp
GB 142.250.178.14:443 www.youtube.com udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.179.230:443 static.doubleclick.net tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 142.250.187.225:443 yt3.ggpht.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 js.stripe.com udp
FR 52.222.149.91:443 js.stripe.com tcp
US 8.8.8.8:53 91.149.222.52.in-addr.arpa udp
US 45.79.115.66:443 2oo2.itch.io tcp
US 8.8.8.8:53 itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com udp
US 162.159.140.238:443 itchio-mirror.cb031a832f44726753d6267436f3b414.r2.cloudflarestorage.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.140.159.162.in-addr.arpa udp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 142.250.200.2:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.169.217.172.in-addr.arpa udp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 ads.eu.criteo.com udp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
US 8.8.8.8:53 rtb.nl3.eu.criteo.com udp
NL 178.250.1.10:443 rtb.nl3.eu.criteo.com tcp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cat.nl3.eu.criteo.com udp
US 8.8.8.8:53 csm.eu.criteo.net udp
US 8.8.8.8:53 staticassets-creator-design.criteo.net udp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.22:443 staticassets-creator-design.criteo.net tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 17.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 10.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 22.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 6.1.250.178.in-addr.arpa udp
GB 142.250.200.2:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.201.118:443 i.ytimg.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 118.201.58.216.in-addr.arpa udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
GB 172.217.16.238:443 play.google.com udp
US 45.79.115.66:443 2oo2.itch.io tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com udp
US 45.79.115.66:443 2oo2.itch.io tcp
US 45.79.115.66:443 2oo2.itch.io tcp
GB 142.250.200.2:443 ep1.adtrafficquality.google udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 rtb.fr3.eu.criteo.com udp
NL 178.250.1.3:443 static.criteo.net tcp
FR 178.250.7.12:443 rtb.fr3.eu.criteo.com tcp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
US 8.8.8.8:53 imageproxy.eu.criteo.net udp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 12.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 15.1.250.178.in-addr.arpa udp
GB 142.250.200.2:443 ep1.adtrafficquality.google udp
GB 92.123.128.179:443 www.bing.com tcp
GB 92.123.128.179:443 www.bing.com udp
US 8.8.8.8:53 179.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.158:443 th.bing.com tcp
GB 92.123.128.170:443 r.bing.com tcp
GB 92.123.128.170:443 r.bing.com tcp
GB 92.123.128.158:443 th.bing.com tcp
GB 92.123.128.170:443 r.bing.com udp
GB 92.123.128.170:443 r.bing.com udp
US 8.8.8.8:53 158.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 170.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.140:443 login.microsoftonline.com tcp
GB 92.123.128.158:443 th.bing.com udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 tse4.mm.bing.net udp
US 150.171.27.10:443 tse4.mm.bing.net tcp
US 150.171.27.10:443 tse4.mm.bing.net tcp
US 8.8.8.8:53 66.112.168.52.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 23.192.21.216:443 store.steampowered.com tcp
US 23.192.21.216:443 store.steampowered.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 2.19.117.22:443 store.akamai.steamstatic.com tcp
GB 2.19.117.22:443 store.akamai.steamstatic.com tcp
GB 2.19.117.22:443 store.akamai.steamstatic.com tcp
GB 2.19.117.22:443 store.akamai.steamstatic.com tcp
GB 2.19.117.22:443 store.akamai.steamstatic.com tcp
GB 2.19.117.22:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 216.21.192.23.in-addr.arpa udp
GB 2.19.117.22:443 store.akamai.steamstatic.com tcp
GB 2.19.117.22:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
US 8.8.8.8:53 shared.akamai.steamstatic.com udp
GB 2.19.117.29:443 cdn.akamai.steamstatic.com tcp
GB 2.19.117.13:443 shared.akamai.steamstatic.com tcp
GB 2.19.117.13:443 shared.akamai.steamstatic.com tcp
GB 2.19.117.13:443 shared.akamai.steamstatic.com tcp
GB 2.19.117.13:443 shared.akamai.steamstatic.com tcp
GB 2.19.117.13:443 shared.akamai.steamstatic.com tcp
GB 2.19.117.13:443 shared.akamai.steamstatic.com tcp
GB 2.19.117.22:443 store.akamai.steamstatic.com tcp
GB 2.19.117.22:443 store.akamai.steamstatic.com tcp
GB 2.19.117.22:443 store.akamai.steamstatic.com tcp
GB 2.19.117.22:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 22.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 29.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 13.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 video.akamai.steamstatic.com udp
GB 2.19.117.35:443 video.akamai.steamstatic.com tcp
GB 2.19.117.35:443 video.akamai.steamstatic.com tcp
N/A 127.0.0.1:27060 tcp
US 8.8.8.8:53 35.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 api.steampowered.com udp
GB 104.124.170.33:443 api.steampowered.com tcp
GB 104.124.170.33:443 api.steampowered.com tcp
US 8.8.8.8:53 avatars.akamai.steamstatic.com udp
GB 2.19.117.16:443 avatars.akamai.steamstatic.com tcp
US 8.8.8.8:53 33.170.124.104.in-addr.arpa udp
US 8.8.8.8:53 16.117.19.2.in-addr.arpa udp
GB 2.19.117.22:443 store.akamai.steamstatic.com tcp
GB 104.124.170.33:443 api.steampowered.com tcp
US 8.8.8.8:53 help.steampowered.com udp
GB 104.124.170.33:443 help.steampowered.com tcp
GB 92.123.128.162:443 www.bing.com udp
US 8.8.8.8:53 162.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.181:443 th.bing.com udp
GB 92.123.128.144:443 r.bing.com udp
GB 92.123.128.144:443 r.bing.com udp
GB 92.123.128.181:443 th.bing.com udp
US 8.8.8.8:53 181.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 144.128.123.92.in-addr.arpa udp
NL 40.126.32.140:443 login.microsoftonline.com tcp
US 8.8.8.8:53 www.oracle.com udp
GB 2.19.169.119:443 www.oracle.com tcp
GB 2.19.169.119:443 www.oracle.com tcp
US 8.8.8.8:53 119.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 d.oracleinfinity.io udp
US 8.8.8.8:53 www.oracleimg.com udp
GB 92.123.128.157:443 d.oracleinfinity.io tcp
GB 2.19.169.119:443 www.oracleimg.com tcp
FR 18.155.129.49:443 tms.oracle.com tcp
US 8.8.8.8:53 s.go-mpulse.net udp
US 8.8.8.8:53 consent.truste.com udp
GB 2.19.168.132:443 s.go-mpulse.net tcp
FR 3.165.113.128:443 consent.truste.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 8.8.8.8:53 tags.tiqcdn.com udp
FR 3.164.163.127:80 crt.rootg2.amazontrust.com tcp
FR 3.162.38.111:443 tags.tiqcdn.com tcp
US 8.8.8.8:53 157.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 49.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 132.168.19.2.in-addr.arpa udp
US 8.8.8.8:53 128.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 127.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 50.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 111.38.162.3.in-addr.arpa udp
US 8.8.8.8:53 consent.trustarc.com udp
US 8.8.8.8:53 c.go-mpulse.net udp
FR 52.222.201.16:443 consent.trustarc.com tcp
FR 52.222.201.16:443 consent.trustarc.com tcp
FR 52.222.201.16:443 consent.trustarc.com tcp
GB 23.39.224.128:443 c.go-mpulse.net tcp
US 8.8.8.8:53 consent-pref.trustarc.com udp
FR 18.244.28.5:443 consent-pref.trustarc.com tcp
US 8.8.8.8:53 consent-st.trustarc.com udp
FR 52.222.201.58:443 consent-st.trustarc.com tcp
US 8.8.8.8:53 rldr2laccouxozzlxqdq-f-7fa25ea58-clientnsv4-s.akamaihd.net udp
US 8.8.8.8:53 684dd331.akstat.io udp
US 8.8.8.8:53 16.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 128.224.39.23.in-addr.arpa udp
US 8.8.8.8:53 5.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 58.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 download.virtualbox.org udp
GB 2.23.220.107:443 download.virtualbox.org tcp
GB 2.23.220.107:443 download.virtualbox.org tcp
US 8.8.8.8:53 107.220.23.2.in-addr.arpa udp
US 8.8.8.8:53 246.197.219.23.in-addr.arpa udp
US 8.8.8.8:53 csc3-2010-crl.verisign.com udp
SE 192.229.221.95:80 csc3-2010-crl.verisign.com tcp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 d.e.0.c.1.1.d.b.a.1.2.0.9.3.c.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa udp
N/A 255.255.255.255:67 udp
US 8.8.8.8:53 255.56.168.192.in-addr.arpa udp
US 8.8.8.8:53 1.56.168.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1 010da169e15457c25bd80ef02d76a940c1210301
SHA256 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512 e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

\??\pipe\LOCAL\crashpad_3820_SXKAEORNZTBKTUBT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 85ba073d7015b6ce7da19235a275f6da
SHA1 a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA256 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512 eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ea5a5472240bf962c45202321ef9ec7b
SHA1 3ce6adab161f9e4e7cb54ba375ef5d85cfe3e32a
SHA256 9a60b9d3a4fcb6d179f553e9ba0e2de585be41f0fa6ad5219823eee7e7393463
SHA512 bc5f9a3bf63e33a01fbc428d4e6fe96dfd898451a9df2959603c98642c6434bca2e3ce7cbf279b427b7fdb7c794664966a536242887bd93e4632cfda40d96b9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9fffbbc25e3d00dad5d914370c654a05
SHA1 99eddd816f7dc796d53002e3894ad1c60b8bd0bf
SHA256 ac75ab4a55cf00fbbe7276ebdffdf5af3d0094ec444abcf22535abadeba691c0
SHA512 5795ff49681cc3ec98c135c6daa56fe788b28e119d32d6fb50e887307ac0624c5174a5dc3fdd9e3f0b736b9164d86327f3403550d78d9e72082160b969747f7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9e3644081cc2cf0681200e747a6dcd87
SHA1 1a41e8c06100f0ec1bbd8618517785fdd84bd576
SHA256 e82a58ece350997e54afce6a2f10464b5535713db218c599b120631e59b497a2
SHA512 dde155ac750ff451d8f5928c0b3df11b74210b5ed9a0b599db3cbb0b4d88a162f552ab5f34bf6a9d0c72923d4d0e31094ca037327e91e177dfd20839155c33d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a19a0da9cc10c85c7ae652d8b9d6e26d
SHA1 c4048baaf7131d97792abcd90a7984a7cbbd0657
SHA256 faab585f7b805bba0b33e28b05d54af5073d5e6cb9e48642fe8ae8a2fb628c86
SHA512 e4de096531e3570725a4ab670f34df6c6cbf9a39e4d8833e8859cfbc3751a228024f52d176e43ab433627ae6aac0854d171f82ffb062373ae64e397571d61900

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 0a3df30807bae7f9de015567cfe2f2e2
SHA1 bcb8eb78d3cec79e1bcdac12db2e4f5bd017ec8c
SHA256 11c9fef98e44bc6c25f03654fb96cdd3f8ab3b2246845eb47066b42b5c80a093
SHA512 725eee8875f341a23c8164ed4cd1ffc23b5afb2e6a64517edbc423b4d03e9afd16e1ca4304b1cf597037f83db52650281a6a0a67438b539e13d771171d806747

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3cf21f7b09806b45227f0c07db50be0c
SHA1 2234a9e1cbe671ce56b222b4a2165ebd8ec3fd15
SHA256 e8031d2d8460317f93cdf2f751cc50403b30f73e6dc9c35e09fac79e89f6481e
SHA512 3475016bf22a9d342dbf89505dd2cb7c2edabcb381b4914d28d9331caaabdcc50407e024788a9d91fdc9b6c738a46157ecd4e9c9039ca10928f3345c3b7a7274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 4cdd99ad4e6e3e5dce7d575a0206b72c
SHA1 721a89e90c9f7a9d42c10617bf62ca8cd1334b84
SHA256 392dee3d530e16a3487f39a0c9c6f11e9b2bbb002a283bf0b689f9873ef880df
SHA512 146b1c15773c620aadf9d2cb18ae9b3f30f61e66df4cfec3e6aa8a2ede1ebc87966c042dbd4a746b2d405c694b973067d903234e75e123aebc955c2da1aff4f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580f6c.TMP

MD5 4cabe8b3cb34476468bd91c187d2e3e5
SHA1 e8e51c2b5a895950420481f51fe9cd20e6a11c48
SHA256 94b4b97634d0b7d4f95ebe84364e8f8c2a555ed02153b08fee7ff41eeaca12be
SHA512 d08d9f12f592cc3cef0b43355c7c086e3a39834c7a8d19685400ee3717448081e70f4337e30fda79d340e448ee5e68c6f9bf6d7d18d8eea2f6ec7e5ce236cf28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0ae2d732dfacbe2b434815ce95fe7598
SHA1 18e71c393bdeee47012fa4a9aa4bb2ad176911e7
SHA256 356ce6d5604ce933d511fc435749828045cb7eb92b7783953aa7a8dd614f8df5
SHA512 ea9c51a3838e7f2d037cafb6d97f1015a408e110f557cee55fc479ae81f06a202e69b8a84b64b053cfc47fa4c1526048f87b1c0942c55a05aa6737641a300e20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f5638684baa5c6419e82fa1f0cf08e77
SHA1 97b5706a910d4db6523459d803f2357ed87ca0b5
SHA256 b7b1a4f07719b926e5da78ac2c54682988a91b152a7731fe3135d47365356290
SHA512 642bb056b3b1d4d22542b24dc4ee271924fbc642e2bcd7e003f9a969f58c76b12e60e4075398202094dddaafb7d5f2ca6bfdc542fecc7b3d8ecb7307d9483b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4effd5fc70d736a32e7ea18c33aa76bb
SHA1 f612c4414a1e08ac27f352ccc08dc80ac3cfc84c
SHA256 b2de75b48dd25246cc17e67bb7267791a6cba1276eeeef2b3a6817c96114409a
SHA512 18ac1a4bfe19509e9b90a8537b5314362a526591d577eea85965811449ffee5854af6b8c75b747d5a9aea661ee418661dc4083ce2f2cf431fdea45c63d4b9a99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 de4143d0cf855798a8f5a0aa42bd5bde
SHA1 4a9a634ff4aec203f29cd1f99733ca5fc8e942fa
SHA256 8b85e8d5216c4cccd9cc30f57cfdea059a4e29eb0bc122a234cfc12f430d493f
SHA512 1597aacb3de3d9e20c2dd46a1ec300435fa6d5be7929ded6c5d96bca485f17a926f75169480083394d1b2f17d5c466f0c35e30055ba77299d17dbacc28006cf2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 57bd64886bd6e73f33419ff4f783cd32
SHA1 afe855dcb2d9b720203f45a9b9a7391389afe775
SHA256 0437f71d824b7d136b76e75f29b9aeae4880e846e1a332bfd5f52fd20ddc54e3
SHA512 c6a0ec1f441d675f9059e873c49cec8219040a32e17d92e463221d28ea4092bd3a8562f1df5f42304ac3baf7b034d7284e0684ef43117463836be2598bc19815

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5c90c3772501bf9a517e6da0eacc311a
SHA1 a8f01d3c44e3571ef79cb3e61f9fbf93c43a681e
SHA256 aeffc314a8a6dc8211c8056d2f917bf0f5c84d3a7af2093e0a37c049de85ec23
SHA512 77424c92f7fa2edf45459e6ae17b55bed3a0214daa635fc83c205f6bbf19186ee70745c9ae0113db3d1ff3c6b1d3ec211149f122028bf4cfb59513039b2d931d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 797ca93ee50499e96df9082856582f42
SHA1 7cd0453cfb16a37d56431db1c106446db84e0608
SHA256 6ce17836a4eb395b86887743783f5955caed2a2855036481e7e16330e74ee80b
SHA512 d9033d6e99484f9ab8f2f86aa0542c4a3285af9a9f499f2d11456c1476c5dbde7b67b39ef3c0dd0bcf951d90252e31ffc237d03f4c017e9ead4427ee9b420089

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b7eab6b537f312d4ab49b97b31519663
SHA1 272e224105f85b38bf2fd46412ae940472d4e443
SHA256 1a4a9b3d7761c291bdd90f035c5cf180a483347300fcef8e7f7d6d4f55af9ebe
SHA512 9331887ea89a8d0f38880848704dc0c14d638dfa138a84339edacc97a5744f99b84b4ac847d89226767f9d06dfabe085ad86e3aa322a7a933db0432106a58b13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 73c72d57b22677ffc04bac1aa2324494
SHA1 5aeb359f2ec9c03a7287cb82969982241ec062aa
SHA256 a59e20e67a4bf2b80713e6a1e0c98567972bdf2dea83ed666949dd1c888f2c51
SHA512 652ee91f9711fabc632c1efdf677b5c70b0e7ffc686918fd0d48018184f19b8835d363e235498d466dd9ac5227c63d8ad8303bd78d482de943bb4b7138e8fd0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ad4c807e44b77baea80acf18d6ba05f0
SHA1 2c67fde054d47c0548aea4cf386523136c3b7b87
SHA256 44214fcbfeae99b585ad199442c14ed52745bd08806f3ea554d281be8d4a96bd
SHA512 50a151f95ce870294facdc0b00ea89e984c5f50c397831b2ed514cb12aaa5704dad942d1fa80ea58c9e2ce44d642ce4ab9e4c01eafe2d13e345d2e3ba8f72a10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 26f12434fdc8232b6372ae393f1ad26c
SHA1 e1fd81c739e1174de8aef6548344c83c1a6f984e
SHA256 9823f62f8240e9911e429452a4c1afad251f2576165ce8f7636fd28ca6e92cc2
SHA512 1b493b32a61aba40c9d1f42ccf17ee127dd0767da1d3039d9b19220beb40d3ef19c1a37861c6e7bbc07be6bcecdca6b20e00026baabaa7ebf0d3a564c1c6f217

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000078

MD5 790c81db9bf945fc2a3a3912c2a5b6ae
SHA1 bcaeed70f5e969e369dd2303df53da089a81bb8b
SHA256 5dd15e15b2c3f3537c06e593e5700225dd28f13678e9649866c7d3c477efaba4
SHA512 7693db525ca06118bc1907e9962ba691f1973bf5639986cb303c03894440dfb9252a2e9633d5bfff58905f8b0fd9dd63d75b48991412ccc4f0277127a08365d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2bedf1fe99621a3f_0

MD5 16d9faeaf1eca3fcf8a31b1105b99bc9
SHA1 3f3e76a51125941570bbe60c039e82de06c6a1c0
SHA256 1a828b94875eeb278ac343336be4f17978faceedf78583f69ddef5921a748f70
SHA512 9415a1832fa1ca11aacc27306399a6ab02e8747c028f6daa888bf7b1e850eb7048ac07d87c41b9481bc82058e0da53b8a07b9efc52b30dc9c6abd8b0e7ff560a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007c

MD5 258e004ecafda290f6007fbfcbefeac5
SHA1 ceb03d36597c7f77e68b4c85dc659678cebce4ac
SHA256 745bbee63267b68f0c10253ab0cb56e8e706ce1ad401e37ec0f198f0772211e8
SHA512 4af726fdc5a36e2f0a6b9ae30f54399e69051527a2a9732cd19115f08a5bb3db0d6473abcce2015bebcf2b3cc7e34585adc339a9b16de5d2f7abbbbac4aa9990

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df13cfb31cb0046d_0

MD5 934fb0e80b39bd27134a8b6970611bc7
SHA1 f8a025fc66e9854d105e6ba0eb2ef4755daafb05
SHA256 e8612b6f7ed43fa2e194b4060f88e41db4d987786c43d60ea02906ff6b587b68
SHA512 9e6fcfdf25bfdbeb45b1f978d635d858cf7dd7865bb7570ff2d3596e02ccff7c64752a6ab91e6b4608355e078c1eb3196d2511b5e40c816b7fdc55e344141231

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 7e48922a3608c08d1800136aed377b77
SHA1 28718024ccbecac8a590560ed4f6f8554813a9fe
SHA256 22404004ea3ed6b0cd2b986c00789b9806f47111c25fbc2ca6c9428cb17ea518
SHA512 e2a69bed07aef406710115a1c4729b947378b92ba5e4475024f270a5d542c0db862be52841583cab499d5786b99504208cade0ce15d20c29c849882644788334

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071

MD5 3f8e48f141d27915a0e20f64f80bd4ac
SHA1 c9b35b9da4361ac8f2743ed451c955dc7c29958f
SHA256 37247d0c5913f541b20baba97af10738e130502b0a89a1f25ea0d2a9d70d709c
SHA512 5ac57c17b520ec0baffbf7e63231230d84f7a9f6019a83a59f31b3820966b0de37bbf0bb4eb76acb96c0d9d79f9eba807398c938b67d4c52ff09396039cc5e78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 11f21f37ea00a6e828301feca3e5bce1
SHA1 71892d8f1ddad58b4495a25f89d24a5ee9d56528
SHA256 95aca6e80aba51a89a3ea52eb470ab6cbcf594f458528f1e5f949d79ae84221d
SHA512 836d61924c7c1392ad40590d9edca0f48634bd79b07c2b3ad64e64dc938735a53a34a472ad07715dfc029da4f9d8fbb9fdff26007df38ddd97048fcfe8979243

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 270c32af8b4c7aa1b8c05b1c7d286010
SHA1 5ff86caedf3ec2d4598a40fab04aabc65cb53d4c
SHA256 2ddb175912f001e9acd70703a53fd4c5e83c9999930210bec1f79dc9179b42e0
SHA512 c837b42997427a3de6d3f21c15c06b82769531fdbeb25ca1fc850fe86157940d8d5537cc8bf1c1d8e923fefe08a1b22bfdb25cb95533070888b4534bd0f11240

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3e2771c3f0b3334db30b92be0f2e9321
SHA1 2b01f9508d39674d369f90f09817702aecfe6460
SHA256 9f6b4b7976b784b3d33942694eba7bad56fc6ddbedb698a6b5919958266f6785
SHA512 f4449649dabfb296aead4d80d661765e118457af35120972e7e0dbdf31bc57be17513bb6f6fd4d33e45549cac8980315b2228f6a1ce2a1294f5aac7ac15e4f18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 932cf135baf196748e1876a84a29d34f
SHA1 826826a740550ea18d5bde134ef24049c1719ce6
SHA256 f985e598e8d117838ba52d4ae6abb264b6eb02f047bc230dd0095aeefaa3636f
SHA512 509a42c0404bf791f63863ab3e2152cf855fd8221bbd443b5e3deaefc7616631187c4210c51787917431c0037a2de2417f53ae5c617993876d8dc6f0cd990ad9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e150f2c06d5aa21a2fd7fde4d4255928
SHA1 47bbf7aa933067ef5ff5cc45551fdf2bc380d36a
SHA256 714968416d91eb52d0493f26bfc2c816cf67b78318cab45a89214e93da50413e
SHA512 2bffe5f05700f5bbaba432b49b0baa8a65b4a9e5550e9d71ddbfdcd9a9bee3b79a94241812e109b854ce82610b10db2fc9a618e66126f7e2311fca32a2ca2c02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3c662dfd03b8124354b8ea1d80706cea
SHA1 d54ed1776ee7b2ac688e332a8bc7230f14d23fa2
SHA256 6c430c20b0bce7df95cf4fd387b22dfa968ae9e56310ed2d4189659d09f93905
SHA512 b224029d036ed94ea7ca78afa09f949bd647984a270b5b5c6d5ef120ab14e094973149352f3ba4fda26b30b4234d6c218cb85b0ba3030059ee0bd20c1d735244

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8f887774e821ac53e8d89a620216c286
SHA1 6e37082447f5bff0574da5ed59ecd2cbdbfbf1c0
SHA256 60c5fece0d6ef7c2af676a818cb229dd822f1094eddec009e00c6da9c463790e
SHA512 e39b1f679f2077d6adcea1917632af683738afadf13325a5bda58f855104fc38587c4dd2c6a6318426e8f5265d81b7adbcf7c5d999a89da20549b4155f75879c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 d1019a2470dde10c92474309dd3234f0
SHA1 56ea69aa777212ef7f23bc9e5bb1ad5b5576cc70
SHA256 eb89a4a8eddf9d844f05ace75e0ce5af0422eb5dba78239b3b0e9df9a8486067
SHA512 320ec8ea873992e3e341c87678618b5139f97bd15306f44acc95d90cf8a578de04d19c28128cd4b939f7fbe815f98699cb7ed2e6989a0f6f7a3c723f936441be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 6e16ec700deb19770229ebf969c28786
SHA1 b698d93cfe07a2da4d848bd5d98fe57be255cf7a
SHA256 f8d200239e09fe4e3dbbb781d158a6eff32ae3479da8858cb8f5db9a4ae39df9
SHA512 9e432d7edfeedff9fdff52c68ef266f303f0cd17087076d15724c261085c0df0a57a624d57c9d7cc6ca94bfbcc437bb4b193dfa613122b977c21e3f11a6912df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 ed978fce37a58329befac59cc0e31cb3
SHA1 8d90d31efee908c2e7062c3a57d102ed88b6ae63
SHA256 8ff2d08cfbf6581162481b336898cfd04b3ac781054664bb917efaa1582bf313
SHA512 4dc115fbdc9a86c79924030b17e2f8a8b2e4c311dc768564096a7f20929bc22c918a715c039ad7a448b0d201b939b232adccf276a435f21fd00b729a0b88a18d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 724b060f10d7bacc9b792735d9ee1b82
SHA1 2a441d57390beb2ef6f8300990e0b576df3cfdf7
SHA256 591ec50b49b1033dabd566c3387c7ff8a128bb455e8b505e8428659e846049f2
SHA512 7b5f3a54fd59c6bfe71772473b25b33c777061283dc012b9236d672a0afef633b0c1766a40e9ff907a65bfd2feff6daba6b88abe49a1906157a910e3a2697987

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 2e4bf9a7be00ffc0037e54a3d7dfd505
SHA1 acc4d4c4bc31f8bcce57f442343f8e74ede48dd5
SHA256 c533c5dda141f3e93cf72554dae0277eda50b3145fe4616c477dfe3e71e0a6b9
SHA512 daef6983daf80b0b37002198c0ec5de05fc548e0a439f1f9e66ede3b36e20fdfe0f3a5a163fff89c72126e921a1aecb37bc968c976f8df5ff2d18de06e22a86d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13375392827558324

MD5 0a9fe459e46f0775601c77004efaf626
SHA1 52f10f888dd0b8be36a90e82c9bf0a1e10bd5f47
SHA256 b555f9c57389c419a93fac3ee4795c9cd8ac42876c6a45596ebe503dadfbf517
SHA512 639432e8b597cf9b52032a2fe5656f40376da94cb948614a5c9730b734e70cd52860fe023c4f77031741abcceadae65ad8c9af4de53b5ea8a20d96ef77cf9b37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 f5d15a85a9d46b7371f4d266b7469054
SHA1 97a619ad5c3da345bde075988b89469f15b5fac3
SHA256 656328cdd26af6a5321a0da157fde3ae1bdb842b3f61842880bd036b894861b6
SHA512 707ed109b92e575eacf920070aae31d37557d54ea854c964cb2def410940b4471a174b34c3221d59b2fb927900266ee56404f39d2f76a7103b7888959de0444d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 2148c3aaecd8d8c65ff52ae084ba8a6c
SHA1 b6c70e1fbef1eef251732ac58d30946d9f114b74
SHA256 ce6e0348cd01662b8b2b1387fd3d7e1abca63c64decf5b59cf6dd55f2f332eb8
SHA512 ac5012975b1fcad677aa2d8226f3d644f34249778868c81ecf1c5336ed44a9c9db5856429e17584706929e150a7e426d11538619168bef0b64b9155a3024b316

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

MD5 eea0c1d8a643c24a6f7e37865874ae09
SHA1 13039e11cfad1f3732982c1cd2f1e87e8a578bb0
SHA256 e6a9b65e3e8c739c726e0c46ef1a6d6f895fbaf8b44df3245a9b6de158609e0e
SHA512 49c195757d4187e6a051df250f5feb6b9bfc8a681d9d29b16a34cc6b9e16736e8f7bea69efb74e1d964e71df41d8e05b555a5fd3833c3f4f49c33cb8b56c97cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 766974f3fd2c7d5ea433ab8f9de7db47
SHA1 da556e96bd29c8731b7d6e6e7b8b8665a4270b2c
SHA256 e38e2f49da3745bea49962413e90e98da3801bc9f25c359b1829280f68ed608d
SHA512 200e23160202bcdace5bc57a0320bfbde8d116b89fc134aadb9380da1965cbdfd357d35258037875cdd9bb627b96a5d70e4d9a00f50e28856332af129e0380eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 180773d026dff4b290521136532befbe
SHA1 4aedb0ad4c5350ab8ce94d892b06e1345d2894ba
SHA256 8234254721d34de2f276bfb79d64a2ecfa911f8735b18876a8ce532e0f75223a
SHA512 762a51a06a67d200873510918e47384628f3afe75d4147b13f7c6e0909ea5d9bf1c7f35226da69a041395281cda7aa23cf69019ea886ddf6f2b84c8e4eda1078

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 066aa6ba91a9dcc8fa4e39a98863a3e3
SHA1 66cbdfb0a5b97d1d65342195e4100b555bfb094f
SHA256 12e2135323ad6dbef911fbf833fe08738930a7799f0d1d0ffda6d2d6776a7227
SHA512 f3d545dbcf232b2e40920850b846ffc12532cd91bb025b48e8f979228276a0d6185aee1a5a4cb0814d484bd3a0010753154fafaf87c9a5a86a000c7978bee864

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 67a1a1e28b9a7c300a37192b39dcadb8
SHA1 c461fe6504ed4cc2c5407019fb5ecf14c9c6e6ab
SHA256 46b71e387ce2b515f5641779d8ca48b6edf03978d0dbaf1d5fba3111fb2c91a2
SHA512 157205eb939fcd0e17f9030982a22c6eea1bd50e31e667663f478bcff9cfc5d8d3fb4249924442591a46c00fa88cc3072b4d409414ca119fe8af8440cfbc8713

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 320d437905117e7b768bcd4290492b57
SHA1 9b31c167de2d1ec763e9089677e89f3e0432cacc
SHA256 807464d955bd44ea6b3af16d02257da07298c755215e34bd58299484a816a866
SHA512 d12924fe6f103196781db5b8bc359aa61dbe652fd723131ed72f36abd79da3533526e40b2459d31c6387457299180463f2e102cfcc579266d6c8278d1b0eb795

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 c9b41e1cf39725894199bb54d1668506
SHA1 40964347bcf490247073a837c6578aa7c0bb56d0
SHA256 0535519e2c01ea274d7a3eddacdb015a8f764837d9e922c5f611f1e8380864eb
SHA512 4ccd220cf8793ba00eeb98a0bf5b2c49eca074356de741951a69b6bcca165c735253e62d35b49969d9a907138ad61a718ba7d6e1fe3a482238d7f3c83f1d707d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 17183216d6e335687d6a0ad45188dbd9
SHA1 83733a59f44b94d340d72f95cde1709060780147
SHA256 ab9748298671c673bae438e5a56e8bedbd1717a9f4cdf30be1858c4fe8b04869
SHA512 c013851730ba6c6de0c867bf86a0bcb6fffc382de64ad5d7416e8a103fdb8e029c2e74a3c52ccf3b4fc78d209e5582208277cb2661ac20e3a73d202824dee8c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 67e956b72662e5de89378a67ecb2ebe5
SHA1 1cc4dabed4079c5100607f064059c0b6d52cca89
SHA256 f9bf2e42f41eb4bddaa83c6d37330e282e95d239721e675bfabb6862c7358f6f
SHA512 93c6133ef3358837030858e3a275562354a0c23adc3f9fb2144dccf5dd6e76bf98fe5d20c6e4fb4830fbf2a08f7224ab16c0c759a26551a342aadb99886f010b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 5f0b4800348ce44b0fc148674667b363
SHA1 4a4b73a2404602c22761bc649bda001880fa9538
SHA256 f2125b26d0851df0bccf36ad082012e4daa23959d6549e1319299c37c5cd7e60
SHA512 0f4f85511f501fe68e0b58bd1716fa980e8ded2e46fa14768dafc730abe391367176ea8fcac8f51697c33c515f9c97a82f8484244be3351a9e2878e9f8451e56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 677ebb7771a77db04bd3a533db5a9151
SHA1 1d269f5c0d6b59bd8ca1cd9ed293d57f2199a75f
SHA256 cefe1fc9c57add027870dedcf498c63cbf480bf0bb800817b449db3ea2563ccf
SHA512 6e6746d7a2d5b5717207b1bfa1b5d019323e2eca73aaf2c75a05a4453317b6e8b56e123e6d721b623a546a7741981c3527219bcdc068fdea5788c978674805eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 e953639b66c6127424227b336ffa8dc0
SHA1 645b0484bd8b3270125b1c5e4adc08464d680477
SHA256 87420a5ad2aeb7d96b29605ed1564e4f8137bc99284cbee582f3416549bd15f7
SHA512 9958cb9dd0d405c506a1110d13443b39897cf908fc081a5764d91df21bd793b2dbc8d4d3b711689ba33549e8db79dfcce7f6c9df0969b198efe1d07fc6b97a13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1488cf7f43831ee577f6df9bfbed02a4
SHA1 d6ab53fe4516177d9951d58f25dc929a9efd4eea
SHA256 a08faf301cb13b9360a6337b2d44881b76d3eebf0aa433103af0e902c7b3688d
SHA512 b8a0ebc77a80384216554bbd33c4bf63a3851dd04bf2155d058a6a1f3e945971e92e78239af2392c6d722cdf36adc963dd6053d3f849bd03f8f6bf1cf18d5404

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eef089ab2a920b2cf57252ad77f5b403
SHA1 76cb6b0c6e7d46c433874c0127ba3c2cca9a284e
SHA256 b0f175a4a642e98e299983d13f0ed6584ff89d525da8abf7bd2fb84a8b545636
SHA512 16efa872f6ac90710680cd6992b42d0b1245657ec6706cab99ed55e701f20e533107d6bb094764be613fc9ffd7e1e2a97f07344ff4ff841508111114dc80c900

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 e16ba8fb718132a7f724f711f205e862
SHA1 cef4f87901be5c871b52841947e13445c70dc2c4
SHA256 96c0d9c146018d93a26a5b1d6149b57b96a32b9ed1196e0b76f33d2271c12149
SHA512 c9c0c980105750db83a418e6537bdc77de8151d81a6a59a20d709ec14815d9a1c488ef614c569d6fd0d744c549b571d6156a23663a1283aef12b60a0094a40bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0bb9da59b5d8724d6ae27c80ab4e5905
SHA1 6611f2a92ef89cd7c2a0158033414bb2d47a4ae2
SHA256 c48a16ad0a0d4dfc3a945b0a18cbf727f27d5c7c755eb3478f93d7c991e7da5d
SHA512 17ade18737ab55d8a4938e1af9ba595ba7948c995b311a6ec163e25ceb1c1fe5cb73ee5d9838f801fde5c84030c72f52887873e45f58a87db74ef312eceabe14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5e2518fd27606da7450396cd98723a7c
SHA1 c020c3c58589b1368d17d47665bb69fb0ee62181
SHA256 f2b11a40fb2d6749da61865ec116a3b6e52e6fb5899c5d5984870d6c522d758d
SHA512 fc084501f5b203e094516e55de1d0153b5aef7a41a350eb8c49cd836426df7f3cae3272f8e2a81867d2f8ddd79dcafcd9ae586380e8ca172a8f853c1efed38ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 64e78e513bfba21a1bb3e04e557d047d
SHA1 018bd7266e1b615e298b8fb13501758968ffc938
SHA256 23209edf3c077d22b24f5564a1e3f2e5cee4a46f5e11cd08975bcf43161b360a
SHA512 aaf73908975c6f047c7968d2dd15c301dbfe683fdf059e63e9896b4c2fbb9ebc6a4f326031511271f970f1cafbb9fdfaf3bc81b11420a35d1f2471c7d6c87b7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0320bfbeb7ef66291014060435b763f8
SHA1 7366b8f68954314217ce2c77cdebd9000b639830
SHA256 59c5d50680aa833580ec7d9c9996f476046cd05d44831d23d82754b6e3016b78
SHA512 90726edd9612ae2dc055d6aac4e58c812ba9519ef886de569e0537b0a1b1999da219470bf6382f033ce1c0d16d701a6f1428a94604e74ce7a88df3934269329e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d13bb1b466d83d9d79532ddab4c0b7bd
SHA1 d6b3cc285de07f7413cf720bcf3db7bdeac915d0
SHA256 0a8a587a93331582240013614b5e1492a32e4a5f65e55dee16be566b94e62bc5
SHA512 72a2bd86f6270955b454f3babe67afd850a372afd470a0b22b92c7c218c133068075c1784b68ed14dd762809e76663790f32df900b81fe13ce7047e0a57faf9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ee3b69b0c5f1285c00aab695191500ca
SHA1 04e5c561e16b871357360808e98e158471f0d4dd
SHA256 143ddfbb0175e5b006188eccda42145f87bf0300fd3fa8b56634aa5366b28710
SHA512 6c231c7d69fea63743258b9087d82a79ab0eab8015b44b4ba12a3cbac82190d4a2f95073a8add6d5d7b29004df5496897eafc3b5f0d344e630c2337b578fc56e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0ada9bdafb9446c489d4d42c1a0f208a
SHA1 bac38df9c1e94fa3834780ade9e116f07ddff57c
SHA256 0559ebb9094242a2d56916687e960856dbac94f97108257e2a9a63bad81f6ed5
SHA512 7ec1d58e9a519a822daf844fa7baac992551d3629a353ff58e6a8f988515dede051a62894d8ee4fd0154c37262d62401772fb3bcfe7fb3afd058e73821dba869

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0721f269c5b4fef93d28c227d4de3907
SHA1 def23b7617d5b1a706d3675a4881a978b5fedf3e
SHA256 0aad0e068502a3658888b188fbb1a5cbef93bb29e8bfc832c93fdf3a0222a0d1
SHA512 d4eefe346b878970a33e298f81514e097ce509c27e7cdf0609d9df1376ccde9a691a81600f6c710506ab2b9409db23980c06bbd83a6154e8e7b5a9f471b0e8ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 78f96ffeb1b16007b48ed38667eee1ee
SHA1 a6988df3867c719dd677c4c4d4aee2e0695ce656
SHA256 46eb95460629ac1192cd53baab530b2ac9179b9bd684478e620d2b85a36e2bb4
SHA512 3a1d1d4583040dc198b36a9d7774736142282f962f760042a51e81897a564b8402f6abcabb3c8e14c8bb7ae8b892b3bc0f4c7c07d0833dcb6cec2c91db1ddb96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 9fcd00c04bc59f2ab39d8890979656e9
SHA1 66e4ef27f7803a5777189689aa58fc708d2d0ce5
SHA256 12e4aeba100b3b19252b0f1aeee2c50d9c0cfbd6ae5487512aa58a5cafa91982
SHA512 172e3bd12f95a3922971570dba7d2649c0bd0df8238a902a30df69a9004c542421a6094e8b307435b454e5ee46a0fd15b15d3193b378305d115351f825024723

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2362c9b6-6b96-4162-bae7-45adc240c1da.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 94860ce8beb93aae9c67003bb8e3fd8f
SHA1 d9e9d5d425234d2155bfa4a4a774d56ad972eac6
SHA256 cd4d2e93d5933fc4106e92d26c64c6078d7643de114b044d570d62af56805627
SHA512 e6bcc4bb87a9d4b64690b6802af082802f59eccb499c6b31b48ed7c4754a3450f98a7df895b5dc8d7ff476b08352cb3b800377a6053fe3e3246961ee46df9923

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 834cf9ac906d4c23e8d5a029fff5e61f
SHA1 2046b9c590b3c3e982ca35b8d16241d636e75627
SHA256 9cf1c25c46eee67e38d60b65539391d72dedfd5900488b04915af325d46f87b2
SHA512 8f7f30b5b045f4aab3377100da49f8840482c81a8845a207d1d7ac8c23e64dfef791b4ede576d7a52a377c1c11711d432f6a03f1a28bd7a026500cbc4777f67b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 024c467f2efe1b5436c3cc7a61ab3075
SHA1 37ceb7d235b9f9c03e3f58ec900a4924469044a8
SHA256 bf1df5963ab834b5ec12ae57d6c1f6dfe38fef68d6c1d1baf2f56ae19cee4df4
SHA512 3fd1f338afa6eb50e3bbd84409f45fb96cc0f9c9ae83e14fe96075dad11c6b09c4a66335b4b3c23339411ac468821dd01b2d44b4a00af2644d776f7aaea251d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b8ea4187f1d9e02eb701c596bdacd678
SHA1 54abf83767df054f4dad2650d9d346ada1abdf3b
SHA256 ed7c4eeb4e2bf5c9c675a0a74ce30445b032d936100a573fa3db80b1518e7c7b
SHA512 08cc0fe292db1ae8a76cb0e514b5290996bb4b4ecd5ff26c2b980906e8435595c89a092b55539f92a505a5d2860a4864a56b2c536447118a3d3892125f684a14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ae6fb2542480473c50672e2e2db0d26e
SHA1 ba2385322e0999925e9e67cd18cc471cedd8ceb7
SHA256 950a65f6666a68c476a9cf61ec8203b76299c5d2ca6a90c4ddbc1705e1c5870f
SHA512 aa2df8e10933f6c9b2c3a536f5db4642e7e3d3d96bc2c6a1c03f43548ed939895682beb343081884fa6dccd4a5a6994d16c9921451c55c876006dec7fbd58ac6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5c9d05d93fc08a83b64b28531185dc45
SHA1 ab27bc4a102b508c97febd866b52f63cbde6d0ac
SHA256 491e37e486dd23de5b18b3878a5ec027848127b9047ccbb86fbea0f965a04aa6
SHA512 5c4e8458d6a51bff8973dcefdb8d6f94be63a533fa48ed169e6ef47990d3d8b611f3230bf371b95a884102936695c5ab0c99810fac3ab963f29b3aac16819ba1

C:\Users\Admin\AppData\Local\Temp\MSIBD6.tmp

MD5 be8c065b21d74f889136049761d8a3f3
SHA1 d3a03a826102ccd3c23bcbef9d4a9cb5ae66119a
SHA256 c4f80a77217c2dfba6e5c2208c1631ee1c02b2f0d9888dd2368aeaa20af4e793
SHA512 7e087b61f3a86f3c562b818b30cde9341b84e45ba89bfc04ae00852614fa3fe54a73f50d2b9bee883958fa8f437272883eeb416746dd9a9385ce44c1004f8596

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 20c630fc6ec61ce3cac4d493ba7095c2
SHA1 bc62ad083e3916aea9e586a172eb81c311bf467d
SHA256 6826ccdbbe31b807aed041311471d58ae8ce39b698eeb0166e90fedfb9bb9159
SHA512 de148a7d270719531c4f81af1d52c4a17539819ccb5e9d67bcf34ebc46fb7767fa26df1b1bc739e6c58835e7fe7e01d8446ceec1f537006b0d8fb94900c49244

C:\Windows\System32\DRVSTORE\VBoxSup_A787ABFD625D24C81859933DF75DB4CB1D1DB543\VBoxSup.sys

MD5 3fc301253dad6e9b5aeb9c16b8425900
SHA1 b97de5c3b246d91ae2d7d811f9fcaf1eed927c4a
SHA256 30ec978da9660b5b97b7c5f3da8f8b7e0fbd0d71233bf9db2a97942f1cb4da5a
SHA512 5491bd430b5d3f61340454eed34b948d477575b07e1bf92035dde6d5bd7a0bf70f3e90068ff29d14d5406c08935f56be56c3419989146b53ebeec85a4880626b

C:\Windows\System32\DRVSTORE\VBoxUSBMon_3FFAF57859D7F88D95E7F2E24CAA859EAE571CD7\VBoxUSBMon.sys

MD5 f844ae6bd2b1828097a67baa599f2c87
SHA1 5a748018d31f8bae1bd4ae5c8d0b789ff5ea3d57
SHA256 c7b70d26de2badde1b2733e30041b41dc88a23f85b7f38fbce44f748787803c1
SHA512 10925e588ac0af3df3660bdab643c643dbbd192e55f5c5f1b2d7bbe96dd70bdc5264a43bf8217015eb1437f04c21a1b59dd536a4e28f5ded448a5e1385f0cc63

C:\Windows\Installer\MSI6635.tmp

MD5 8deb7d2f91c7392925718b3ba0aade22
SHA1 fc8e9b10c83e16eb0af1b6f10128f5c37b389682
SHA256 cb42fac1aebb6e1ac4907a38035b218b5f992d1bcd4dece11b1664a588e876e4
SHA512 37f2c132b632c8e5a336bdc773d953c7f39872b1bae2ba34fbaf7794a477fd0dcb9ff60a3ddb447fe76abd98e557bd5ee544876584adea152b0841b3e313054c

C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\VBoxUSB.inf

MD5 3e055710fe99d15c831a4e481bfed456
SHA1 cb320b453695318ad977881b79a1be042629f712
SHA256 0751a6450b0241dddeef854f5e020ff27a6e470d49e00cb8a286014a235b3769
SHA512 29bf05414a00f6f6304b3d4337e3f5a0a159490d8414b556697ee0af03b0425ead3a14dcff30f2522f795923b7d4e3b44fc3283654bcd0411c1c21bbc1847cee

C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\VBoxUSB.cat

MD5 1ecc55653b3ba5ba2c2fe372caf5ba42
SHA1 7059b0ddd0d35f51e74de2b967d5e418705c4d0d
SHA256 ddf448e0c52ed0d0f85aaeff603669c0b4e232503d311987a5581518b7c333d1
SHA512 3fc0e0b60eda19e7a0b93bc57ec9c865bee3d88e2a472a4beaed247cc8bd9e4182e0858c4693a9feadc43ebb4466b5447dcd17c66841daad04f4ea3b75ec8dc5

C:\Windows\System32\DriverStore\Temp\{179c419b-7cea-494b-9249-62cda04026fa}\VBoxUSB.sys

MD5 9e90bbd316496fa29989b05b71358ecf
SHA1 60f917e7c1c9f86a178e4ed8dbb00d8422af7a1e
SHA256 7eb8952d0ecff00298289971dd7466dd68e6fa0f8c013ac44534dcc287c53d85
SHA512 694f473c1a80974771d523ea43436b7b402872831dcd273f72467848b3b67f9098135926cdce9206add539fd32f2e7a19c3216ee337155f68190bda614dc092a

C:\Program Files\Oracle\VirtualBox\VirtualBox.exe

MD5 444a17ac5b31830666353df862b468cd
SHA1 9504a68af7bb1db32b81aaa14cd92050dab2920b
SHA256 3dcb11a7f0a3e7b3e7631b863ffe0b35de96547d2171a128d58678a922186873
SHA512 be96145077e9f151c6ee0d3a349f532a654dd4e5a7fe3098b606246acc57d016b1e5f92b263e62fabeead4dcf397dd9cb97f0713b564fe54cfa711580d20c115

C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\VBoxNetAdp6.inf

MD5 41b7e48a0f5dc49758c40c7307f11903
SHA1 97bcfef97ad5dd8bdb7b04824b98cfff9e3d6775
SHA256 150a5b91b0c03ca9c0d804115c170bbb94306868c1407a18d7cc7981ebe2a178
SHA512 e141ceed32a5174747d9c7c0e813fc8e6c79f41769c0e73a00ff1f259603bbdf44df4166b17f3cf004ebb73129ec1ac1b227bdcee70a4068bd5079f8bfbb642b

C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\VBoxNetAdp6.cat

MD5 e85f56e39bff15eb90c843ce6d89edec
SHA1 22d646525834c2a9eafa99f845c1e17c6d1cf920
SHA256 125a51d8b2f3737176db37c01d170eee805063669240a27d1aa71f11bdfcf31e
SHA512 12b9772ce06911a2a3735c1b639f2bd6e16d93ba15853d26270a6b9596fee7bd0c017efc4e6aa8945b8cac6670a5b19aa1211991d3efb0558c2155d6ef35bc81

C:\Windows\System32\DriverStore\Temp\{4a6ce11b-7bdf-624f-bc89-9f4d56c9f73b}\VBoxNetAdp6.sys

MD5 95f0ba193042eb22e5afe458d1d2df1a
SHA1 a6b013f7ef8b69ade12e325ab9f4e8c02bfcf2f0
SHA256 3513b3902150ba67ba9a8bc25203e572f785a25d9a70bd6b384e3b5b7ad8d87a
SHA512 3a395a5787b196de3c84822342f9f881c416b595f06470cfbb5861e1edd00dcbbc96d15ea9d5b137ed6490f4203db390a1e44b83d0ed75f8504f2fed59901866

C:\Windows\System32\catroot2\dberr.txt

MD5 8a4b7168dab6fbc4c80dfe1eeed71f82
SHA1 834ff7cb5b6bb790f64a00003e1c389c482a1978
SHA256 ea07c2e4bdc7077a65d7ae359887c7dd348757782890767f705081316f959700
SHA512 2c8a1a3d5de5f3d242ab4884da566f7bbe0048010aaa4839f0c1cb8f16a28cda97c0ade449fdb5515ec0b995ee5198abec68c9245c1ad63216c7adab2dc03698

C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\VBoxNetLwf.inf

MD5 d01e2328edd5ff970588603b9c0198ed
SHA1 e999593c760ac94189f0b2ad171d99f4922a072c
SHA256 f02b8df318c50cc4f465581c8936c11591f6e8e8084c23ac3c1aeff52c55df1d
SHA512 9d5993e27c52adecb563b64b99b2ec511977a7491c1e3c314fd9dca5152d7f8fba7aef8e3b60eaa1810c35237e13554d70c259f81094c0cbf470f959c4330b9b

C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\VBoxNetLwf.cat

MD5 ed86a6e61d2f4678c88868dd73ca33cf
SHA1 31a61d0216b4e4a0a2b87744838868c1673402e6
SHA256 988482c43a2eac4fd63c9be31d6dd21b5346d5b0adf260afcfe9516dcf243bfe
SHA512 359477ad3d0f98c4ea99f3236ad10f4b6ceb19bd59df1d5b394a195d5f67de71f24f7ef19a33733998a403b266696703fb16b21f9e206bcd56b30b1b99851434

C:\Windows\System32\DriverStore\Temp\{ddd41746-10a2-ae43-90a0-18ee3d566b33}\VBoxNetLwf.sys

MD5 76d8ff9f293bdd5a5c53a50940356538
SHA1 b30eb13f79967f01ebe1f502dec29817bfd629ed
SHA256 c7e49444f83849ca1c67444ab1339e0fe355dc68cdfd3e1688006d9a46c01c56
SHA512 3ad4f4f7a9256af92acb70dfc5135bc26394b2a96f35ba08d30009ba781d3e624b85253e9f4f72c6401a83e03a3ae1071ad377c3ae655be1ae11b5df8c7bdeb7

C:\Config.Msi\e5b5234.rbs

MD5 340e6b69eec9793ed175b73ea5852e1e
SHA1 9a55ba5fa1156889da4c81bc2d1de04397fd1527
SHA256 8d46e5ec009c9046519f66ddd12ea7384a87b8dbdead3e88e59a02e0c634d823
SHA512 230690e554ec5adda59358f5b6fd282bf67e6771487385ff09cc2c7ea94223e84e28c96d728a70775057829d5a81d698ee56a2046b18f394fd9331f5d2664b44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 87e6f72f92f0fde81f0075b523c4ba25
SHA1 157c1ee6c1fcdd36edfe5e4bd657ab57da8dbd1e
SHA256 e8762bbcff1ab3f632991f2861c1e103df07a14ac207a2d9529388629b626781
SHA512 15f90361212ce988241863c1a831812adda25b8cef4c8604ebd8dd700b098bb7928b4aed165827c4b6f22522ecf6d767ad28f4eaf61a9ee40d00416bc3c4a984

memory/3104-2300-0x00007FF717E50000-0x00007FF7180D4000-memory.dmp

memory/3104-2301-0x00007FFCD35E0000-0x00007FFCD3B21000-memory.dmp

memory/3104-2302-0x00007FFCCE970000-0x00007FFCD054E000-memory.dmp

C:\Users\Admin\.VirtualBox\VirtualBox.xml

MD5 d9d28bd2ef7192fb0efb99607d7a0807
SHA1 7fb6f32f1c0f227118613dd7779e1bf0a6e2ce4a
SHA256 dad710b076d96b3de34a58363a3241935bfe205b7240ce57f9d85bf2058e6dd5
SHA512 e058987d5fd8ea6cd3c3081c7ac45ce1e3719c4a38b46390133b19539fad35a0d8ad699023a3d934d18e3356cb6def62bd197b5a32ad496b620469c55d9efb13

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-06 18:53

Reported

2024-11-06 18:58

Platform

win10ltsc2021-20241023-en

Max time kernel

242s

Max time network

276s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://itch.io

Signatures

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\be52ecba-19de-4ca3-95e2-7d6d25d2a005.tmp C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241106185351.pma C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2032 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2032 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://itch.io

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff903a346f8,0x7ff903a34708,0x7ff903a34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff644815460,0x7ff644815470,0x7ff644815480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,10572946072908274566,11621141962704543225,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 itch.io udp
US 45.79.115.66:80 itch.io tcp
US 45.79.115.66:80 itch.io tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 66.115.79.45.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 45.79.115.66:443 itch.io tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 73.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 static.itch.io udp
GB 172.165.61.93:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 data-edge.smartscreen.microsoft.com tcp
US 104.26.9.198:443 static.itch.io tcp
US 104.26.9.198:443 static.itch.io tcp
US 104.26.9.198:443 static.itch.io tcp
US 8.8.8.8:53 img.itch.zone udp
GB 2.19.117.28:443 img.itch.zone tcp
US 104.26.9.198:443 static.itch.io tcp
GB 2.19.117.28:443 img.itch.zone tcp
GB 2.19.117.28:443 img.itch.zone tcp
GB 2.19.117.28:443 img.itch.zone tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 198.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 45.79.115.66:443 itch.io tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 28.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 22.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 130.109.69.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 78bc0ec5146f28b496567487b9233baf
SHA1 4b1794d6cbe18501a7745d9559aa91d0cb2a19c1
SHA256 f5e3afb09ca12cd22dd69c753ea12e85e9bf369df29e2b23e0149e16f946f109
SHA512 0561cbabde95e6b949f46deda7389fbe52c87bedeb520b88764f1020d42aa2c06adee63a7d416aad2b85dc332e6b6d2d045185c65ec8c2c60beac1f072ca184a

\??\pipe\LOCAL\crashpad_2032_MURVCPUIXECJSDPC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a134f1844e0964bb17172c44ded4030f
SHA1 853de9d2c79d58138933a0b8cf76738e4b951d7e
SHA256 50f5a3aaba6fcbddddec498e157e3341f432998c698b96a4181f1c0239176589
SHA512 c124952f29503922dce11cf04c863966ac31f4445304c1412d584761f90f7964f3a150e32d95c1927442d4fa73549c67757a26d50a9995e14b96787df28f18b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a394868a-b801-4ed8-be05-3ae19c692c1f.tmp

MD5 df60a8491a1139cf8d583c51a0122a0b
SHA1 8dfe060b5da81702a4ce4e302382e92a7f3b908c
SHA256 a679f8576757538100989be1948cfa6ff8f18ea2c27237e3e0c9c63536626c31
SHA512 6300a58321e91301fa9d5663011cbcc44fedb1aabf2decf2defdc1a43f62891fb723f2b838e500866c513bd7433ab55f4698976837b5d7f399c90d53e8632bec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 9010fe212d7da97a4e9cf63a903ee7a4
SHA1 8f124a736d045eea3c50a9597d18c9af8b128e28
SHA256 c2956b77f9af9f4d79e0198d8a7e0a5b6f880b4d597dfeee25a3f56c05d11834
SHA512 f763ab3261592107fb19b7d6134c7f4d02e921258b1c72f1e0c69a95ee8ed9cc20498259a279cca9648bbd213a5234b965a9196865d465e1f975ee9242e36326

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 5b1f94087dd3cc156fe156f6272f7f03
SHA1 b220bf41f7a5d6caa5489dd3c35407c90bd4ae62
SHA256 71c0b8c37a47ec2cabd6c588a78126399f498da8addb9071ed5258743501ad77
SHA512 a1545a4e938fddc2b8a9c6387b579e00a29a1b1817fc186acffbac7f130ff2d07eeef81176df81f727a0d6b29ab90595207363f283a78b9839838e346b48c9cb

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 a327a7ba8227f36016b1657f6761183f
SHA1 c0b28715ea43898e546e27d792e0d016c8255c0b
SHA256 d90cd37329ce4ce9e642f85b954d170f561005901f765ebd01e4664dee3adc25
SHA512 d0e5f9e155558a38ddf959dc22892e9ad0432b6cfefa7c24bad538ce185b47a8bf43eb2fd76c8a06fd0c1de2adcbfacacb1d66f5ea38f5cb29a831df58a8a82b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 91a059dc9cd580d40aa73c76376c0870
SHA1 2a9f64f4504ba2567744d22ecc315891d25c20d5
SHA256 d44a988e76fee10b4fed0c56d19828c69fa09c3a7ebbf1731edafbb8382ce313
SHA512 af4778de2c76be3ced53c8873b35bce91d69c67cf3d0b260cb29792c04a095872c05fca5e0781163f98f9721e21aa1418800c6ced8bcbf4a7b15b16c586414c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eb8ec331e5a002bed95b2f628e82bd4b
SHA1 22a5379fea8dfbf6e3e35a9632c6b2422575f154
SHA256 dac660ad0d9afd09baf36512e21ec696155cb0e17d5bddd56cc4c8c5b254c710
SHA512 436e6e3eb5a0366db56edfe1ec0b2273962669a3ed7c2c8ea7d2f97442637b9a83bc7fb9f3f198643049da7e40cea1e2abeada916b977de2e9617944d12f1ebc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 21320325bdfc20c6f4e4d136228fc9c5
SHA1 7e96950811d7ddbc1daeb7341ddb9768980bf2b5
SHA256 5e7ac2b978206a07d8b1841a2bd89eae4b466bcd8a0df3a62ae2ca0439b8bd5e
SHA512 ee78316d5b8edffdc83e3431bdbd28ae05a481d2a445ddf3b7c58bf0f01c6c42aead46a4d91e7fc75519a5ca8a7e2bab78749d88476c7a2fa0a25e8b3592bd43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ea1db5be497599171ae2d4b2e5473d58
SHA1 5bec91520b57727ee3e5d6f4dd5c1050a2d2a283
SHA256 9186723e4836a1c850fdde8bd582eae0d441931e50044e3cb1f09c9ff6fc86e6
SHA512 b773ba738d264257befdce695f0e2597feb8aee081a7970ca2d8b0e60ec85014f8ebb747cecaf607950b033f860609e52f9aa9b2fa9e0c497081ffacbf2ab45a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dbf794b766490d6e5c00ab95f767f7f3
SHA1 30df6b23f6bd61be801ed7f341050512d35c5888
SHA256 33dfc8bb252d57c4095c2dae316abc702339ba2daa5022b1ac18c7256dc23339
SHA512 ec2de7503aa3d33f1bc173b08844cbf7b40c502b2aafe0ffac0144c508fb1e99c374d91381ae12546df76ac8d5ff17efc4a561f9cf52fee84c89deec688a8256

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e2d5d01b37a7567d574102664521808b
SHA1 54afc158490ac831ccf253044047cb82eefe2772
SHA256 7b7947ec7eaa59621a7b1c73ecf2c7b03eb71ca92d9d0f30b475a1468d0ee8c4
SHA512 b94f302ffbd433524d8950e0660ec0172193f64701fa66a5d63f81708f4c198990a5fcd72a85e691a2efaa5b0111ef4d6a820cea7f3cd6780f6db79b6ef5c337

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 873e1d29c8ea6248a96397609b11a3eb
SHA1 f952aa412239ef837575ba7e726b4973b6bc26a9
SHA256 7c3345261d65ee9218069725307b9b0de3a4c4183884aaef10ca22567507d725
SHA512 97705631552ef7ac7e2bc8a980036666c8325a9cd14d23542fb0403b39cdd05a8a6179a9566e67117103ec4d90074b7022aedf1a2efda4ffe4ebe37bd8dd3286