31fdb1bf0a8b7e585501c3d3205095a0200dc8e40b1a6be5c6ff0f0638875e43

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2024 20:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92E44EAD94437A6F12BCD4BBF2E016BE0099B547CA78146272FBB16363AC3310.exe
Size

21.3MB
MD5

223eb1433f7cd227555d88fc906c439a
SHA1

0fdcb189fc89fffd45d686923e1dcd1c71f91444
SHA256

92e44ead94437a6f12bcd4bbf2e016be0099b547ca78146272fbb16363ac3310
SHA512

44689f5f849f2c7c1fb3af7919f42d5396006cbf5f12a79b186747e1710f6aaea52cd2985d5d7ae7f87ae63e070b7ed0bb9d1febd1954bcc90d4ee409b3492ca
SSDEEP

393216:3ppWYSq1A5Jm69mhzyoEsDU6iauKgdBGaSbLb0Kr+B2p9Zey0WThqji7l2D:ZpWYvkJH97oMTKKG1Lb01gpvdyi7i

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 25 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	92E44EAD94437A6F12BCD4BBF2E016BE0099B547CA78146272FBB16363AC3310.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSIA351.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSI34AA.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSIC613.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	data-com.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSI4260.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSI5A9D.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSI72D9.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSIBB8D.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSIF69B.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSIE141.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSI11D9.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSI8B15.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSI6513.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSIDE4F.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSI1C6E.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSI4CE6.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSI7D5E.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSIF98D.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSI2A15.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSID3C9.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSIEC05.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSI432.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSI959B.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	MSIADD7.tmp

Executes dropped EXE 28 IoCs

pid	Process
4468	data-com.exe
2540	driverfusionfreesetup.exe
4992	netshare x86_644.exe
100	Office155.exe
4296	win-tooll.exe
4764	MSIE141.tmp
1724	MSIF98D.tmp
5748	MSI11D9.tmp
5276	MSI2A15.tmp
6076	MSI4260.tmp
1236	MSI5A9D.tmp
4324	MSI72D9.tmp
4832	MSI8B15.tmp
5304	MSIA351.tmp
5412	MSIBB8D.tmp
1148	MSID3C9.tmp
5596	MSIEC05.tmp
6420	MSI432.tmp
6812	MSI1C6E.tmp
6296	MSI34AA.tmp
4988	MSI4CE6.tmp
5616	MSI6513.tmp
7056	MSI7D5E.tmp
6128	MSI959B.tmp
7156	MSIADD7.tmp
6752	MSIC613.tmp
2792	MSIDE4F.tmp
2936	MSIF69B.tmp

Loads dropped DLL 13 IoCs

pid	Process
2540	driverfusionfreesetup.exe
2540	driverfusionfreesetup.exe
4992	netshare x86_644.exe
100	Office155.exe
4296	win-tooll.exe
4024	MsiExec.exe
4024	MsiExec.exe
4024	MsiExec.exe
4024	MsiExec.exe
4024	MsiExec.exe
4024	MsiExec.exe
4024	MsiExec.exe
4024	MsiExec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	driverfusionfreesetup.exe
File opened (read-only)	\??\H:	driverfusionfreesetup.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\A:	driverfusionfreesetup.exe
File opened (read-only)	\??\R:	driverfusionfreesetup.exe
File opened (read-only)	\??\Z:	driverfusionfreesetup.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\N:	driverfusionfreesetup.exe
File opened (read-only)	\??\V:	driverfusionfreesetup.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\G:	driverfusionfreesetup.exe
File opened (read-only)	\??\J:	driverfusionfreesetup.exe
File opened (read-only)	\??\Q:	driverfusionfreesetup.exe
File opened (read-only)	\??\X:	driverfusionfreesetup.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	driverfusionfreesetup.exe
File opened (read-only)	\??\L:	driverfusionfreesetup.exe
File opened (read-only)	\??\P:	driverfusionfreesetup.exe
File opened (read-only)	\??\Y:	driverfusionfreesetup.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\E:	driverfusionfreesetup.exe
File opened (read-only)	\??\M:	driverfusionfreesetup.exe
File opened (read-only)	\??\O:	driverfusionfreesetup.exe
File opened (read-only)	\??\W:	driverfusionfreesetup.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\K:	driverfusionfreesetup.exe
File opened (read-only)	\??\S:	driverfusionfreesetup.exe
File opened (read-only)	\??\T:	driverfusionfreesetup.exe
File opened (read-only)	\??\U:	driverfusionfreesetup.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\data-com.exe	92E44EAD94437A6F12BCD4BBF2E016BE0099B547CA78146272FBB16363AC3310.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 3 IoCs

pid	pid_target	Process	procid_target
4336	100	WerFault.exe	88
4488	4992	WerFault.exe	86
1604	4296	WerFault.exe	89

System Location Discovery: System Language Discovery 1 TTPs 30 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSID3C9.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSI2A15.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSI4260.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSIADD7.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Office155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSI4CE6.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSIF69B.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSI432.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSIDE4F.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSIBB8D.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSI1C6E.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSI7D5E.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSI11D9.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSIEC05.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSI6513.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSI959B.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	92E44EAD94437A6F12BCD4BBF2E016BE0099B547CA78146272FBB16363AC3310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSIA351.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	win-tooll.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSI5A9D.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	data-com.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driverfusionfreesetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSIE141.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSI8B15.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSI72D9.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSI34AA.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSIC613.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netshare x86_644.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSIF98D.tmp

NSIS installer 6 IoCs

installer

resource	yara_rule
behavioral2/files/0x0009000000023c7c-45.dat	nsis_installer_1
behavioral2/files/0x0009000000023c7c-45.dat	nsis_installer_2
behavioral2/files/0x0008000000023c84-60.dat	nsis_installer_1
behavioral2/files/0x0008000000023c84-60.dat	nsis_installer_2
behavioral2/files/0x0007000000023c85-70.dat	nsis_installer_1
behavioral2/files/0x0007000000023c85-70.dat	nsis_installer_2

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	driverfusionfreesetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	driverfusionfreesetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	driverfusionfreesetup.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
100	Office155.exe
100	Office155.exe
100	Office155.exe
100	Office155.exe
100	Office155.exe
100	Office155.exe
100	Office155.exe
100	Office155.exe
4992	netshare x86_644.exe
4992	netshare x86_644.exe
4992	netshare x86_644.exe
4992	netshare x86_644.exe
4992	netshare x86_644.exe
4992	netshare x86_644.exe
4992	netshare x86_644.exe
4992	netshare x86_644.exe
4296	win-tooll.exe
4296	win-tooll.exe
4296	win-tooll.exe
4296	win-tooll.exe
4296	win-tooll.exe
4296	win-tooll.exe
4296	win-tooll.exe
4296	win-tooll.exe
760	msedge.exe
760	msedge.exe
3280	msedge.exe
3280	msedge.exe
3196	identity_helper.exe
3196	identity_helper.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 51 IoCs

pid	Process
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	4060	msiexec.exe
Token: SeCreateTokenPrivilege	2540	driverfusionfreesetup.exe
Token: SeAssignPrimaryTokenPrivilege	2540	driverfusionfreesetup.exe
Token: SeLockMemoryPrivilege	2540	driverfusionfreesetup.exe
Token: SeIncreaseQuotaPrivilege	2540	driverfusionfreesetup.exe
Token: SeMachineAccountPrivilege	2540	driverfusionfreesetup.exe
Token: SeTcbPrivilege	2540	driverfusionfreesetup.exe
Token: SeSecurityPrivilege	2540	driverfusionfreesetup.exe
Token: SeTakeOwnershipPrivilege	2540	driverfusionfreesetup.exe
Token: SeLoadDriverPrivilege	2540	driverfusionfreesetup.exe
Token: SeSystemProfilePrivilege	2540	driverfusionfreesetup.exe
Token: SeSystemtimePrivilege	2540	driverfusionfreesetup.exe
Token: SeProfSingleProcessPrivilege	2540	driverfusionfreesetup.exe
Token: SeIncBasePriorityPrivilege	2540	driverfusionfreesetup.exe
Token: SeCreatePagefilePrivilege	2540	driverfusionfreesetup.exe
Token: SeCreatePermanentPrivilege	2540	driverfusionfreesetup.exe
Token: SeBackupPrivilege	2540	driverfusionfreesetup.exe
Token: SeRestorePrivilege	2540	driverfusionfreesetup.exe
Token: SeShutdownPrivilege	2540	driverfusionfreesetup.exe
Token: SeDebugPrivilege	2540	driverfusionfreesetup.exe
Token: SeAuditPrivilege	2540	driverfusionfreesetup.exe
Token: SeSystemEnvironmentPrivilege	2540	driverfusionfreesetup.exe
Token: SeChangeNotifyPrivilege	2540	driverfusionfreesetup.exe
Token: SeRemoteShutdownPrivilege	2540	driverfusionfreesetup.exe
Token: SeUndockPrivilege	2540	driverfusionfreesetup.exe
Token: SeSyncAgentPrivilege	2540	driverfusionfreesetup.exe
Token: SeEnableDelegationPrivilege	2540	driverfusionfreesetup.exe
Token: SeManageVolumePrivilege	2540	driverfusionfreesetup.exe
Token: SeImpersonatePrivilege	2540	driverfusionfreesetup.exe
Token: SeCreateGlobalPrivilege	2540	driverfusionfreesetup.exe
Token: SeCreateTokenPrivilege	2540	driverfusionfreesetup.exe
Token: SeAssignPrimaryTokenPrivilege	2540	driverfusionfreesetup.exe
Token: SeLockMemoryPrivilege	2540	driverfusionfreesetup.exe
Token: SeIncreaseQuotaPrivilege	2540	driverfusionfreesetup.exe
Token: SeMachineAccountPrivilege	2540	driverfusionfreesetup.exe
Token: SeTcbPrivilege	2540	driverfusionfreesetup.exe
Token: SeSecurityPrivilege	2540	driverfusionfreesetup.exe
Token: SeTakeOwnershipPrivilege	2540	driverfusionfreesetup.exe
Token: SeLoadDriverPrivilege	2540	driverfusionfreesetup.exe
Token: SeSystemProfilePrivilege	2540	driverfusionfreesetup.exe
Token: SeSystemtimePrivilege	2540	driverfusionfreesetup.exe
Token: SeProfSingleProcessPrivilege	2540	driverfusionfreesetup.exe
Token: SeIncBasePriorityPrivilege	2540	driverfusionfreesetup.exe
Token: SeCreatePagefilePrivilege	2540	driverfusionfreesetup.exe
Token: SeCreatePermanentPrivilege	2540	driverfusionfreesetup.exe
Token: SeBackupPrivilege	2540	driverfusionfreesetup.exe
Token: SeRestorePrivilege	2540	driverfusionfreesetup.exe
Token: SeShutdownPrivilege	2540	driverfusionfreesetup.exe
Token: SeDebugPrivilege	2540	driverfusionfreesetup.exe
Token: SeAuditPrivilege	2540	driverfusionfreesetup.exe
Token: SeSystemEnvironmentPrivilege	2540	driverfusionfreesetup.exe
Token: SeChangeNotifyPrivilege	2540	driverfusionfreesetup.exe
Token: SeRemoteShutdownPrivilege	2540	driverfusionfreesetup.exe
Token: SeUndockPrivilege	2540	driverfusionfreesetup.exe
Token: SeSyncAgentPrivilege	2540	driverfusionfreesetup.exe
Token: SeEnableDelegationPrivilege	2540	driverfusionfreesetup.exe
Token: SeManageVolumePrivilege	2540	driverfusionfreesetup.exe
Token: SeImpersonatePrivilege	2540	driverfusionfreesetup.exe
Token: SeCreateGlobalPrivilege	2540	driverfusionfreesetup.exe
Token: SeCreateTokenPrivilege	2540	driverfusionfreesetup.exe
Token: SeAssignPrimaryTokenPrivilege	2540	driverfusionfreesetup.exe
Token: SeLockMemoryPrivilege	2540	driverfusionfreesetup.exe
Token: SeIncreaseQuotaPrivilege	2540	driverfusionfreesetup.exe
Token: SeMachineAccountPrivilege	2540	driverfusionfreesetup.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2540	driverfusionfreesetup.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4248 wrote to memory of 4468	4248	92E44EAD94437A6F12BCD4BBF2E016BE0099B547CA78146272FBB16363AC3310.exe	84
PID 4248 wrote to memory of 4468	4248	92E44EAD94437A6F12BCD4BBF2E016BE0099B547CA78146272FBB16363AC3310.exe	84
PID 4248 wrote to memory of 4468	4248	92E44EAD94437A6F12BCD4BBF2E016BE0099B547CA78146272FBB16363AC3310.exe	84
PID 4248 wrote to memory of 2540	4248	92E44EAD94437A6F12BCD4BBF2E016BE0099B547CA78146272FBB16363AC3310.exe	85
PID 4248 wrote to memory of 2540	4248	92E44EAD94437A6F12BCD4BBF2E016BE0099B547CA78146272FBB16363AC3310.exe	85
PID 4248 wrote to memory of 2540	4248	92E44EAD94437A6F12BCD4BBF2E016BE0099B547CA78146272FBB16363AC3310.exe	85
PID 4468 wrote to memory of 4992	4468	data-com.exe	86
PID 4468 wrote to memory of 4992	4468	data-com.exe	86
PID 4468 wrote to memory of 4992	4468	data-com.exe	86
PID 4468 wrote to memory of 100	4468	data-com.exe	88
PID 4468 wrote to memory of 100	4468	data-com.exe	88
PID 4468 wrote to memory of 100	4468	data-com.exe	88
PID 4468 wrote to memory of 4296	4468	data-com.exe	89
PID 4468 wrote to memory of 4296	4468	data-com.exe	89
PID 4468 wrote to memory of 4296	4468	data-com.exe	89
PID 100 wrote to memory of 4756	100	Office155.exe	90
PID 100 wrote to memory of 4756	100	Office155.exe	90
PID 100 wrote to memory of 4756	100	Office155.exe	90
PID 4296 wrote to memory of 472	4296	win-tooll.exe	92
PID 4296 wrote to memory of 472	4296	win-tooll.exe	92
PID 4296 wrote to memory of 472	4296	win-tooll.exe	92
PID 4992 wrote to memory of 2220	4992	netshare x86_644.exe	91
PID 4992 wrote to memory of 2220	4992	netshare x86_644.exe	91
PID 4992 wrote to memory of 2220	4992	netshare x86_644.exe	91
PID 4060 wrote to memory of 4024	4060	msiexec.exe	102
PID 4060 wrote to memory of 4024	4060	msiexec.exe	102
PID 4060 wrote to memory of 4024	4060	msiexec.exe	102
PID 2540 wrote to memory of 4764	2540	driverfusionfreesetup.exe	104
PID 2540 wrote to memory of 4764	2540	driverfusionfreesetup.exe	104
PID 2540 wrote to memory of 4764	2540	driverfusionfreesetup.exe	104
PID 4764 wrote to memory of 3280	4764	MSIE141.tmp	105
PID 4764 wrote to memory of 3280	4764	MSIE141.tmp	105
PID 3280 wrote to memory of 3612	3280	msedge.exe	106
PID 3280 wrote to memory of 3612	3280	msedge.exe	106
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107
PID 3280 wrote to memory of 2412	3280	msedge.exe	107

C:\Users\Admin\AppData\Local\Temp\92E44EAD94437A6F12BCD4BBF2E016BE0099B547CA78146272FBB16363AC3310.exe
"C:\Users\Admin\AppData\Local\Temp\92E44EAD94437A6F12BCD4BBF2E016BE0099B547CA78146272FBB16363AC3310.exe"
1⤵
- Checks computer location settings
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4248
- C:\Program Files (x86)\Common Files\data-com.exe
  "C:\Program Files (x86)\Common Files\data-com.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4468
- - C:\Users\Admin\AppData\Local\Temp\netshare x86_644.exe
    "C:\Users\Admin\AppData\Local\Temp\netshare x86_644.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\netshare x86_644.exe
      "C:\Users\Admin\AppData\Local\Temp\netshare x86_644.exe"
      4⤵
      PID:2220
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 968
      4⤵
      Program crash
      PID:4488
- - C:\Users\Admin\AppData\Local\Temp\Office155.exe
    "C:\Users\Admin\AppData\Local\Temp\Office155.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:100
  - - C:\Users\Admin\AppData\Local\Temp\Office155.exe
      "C:\Users\Admin\AppData\Local\Temp\Office155.exe"
      4⤵
      PID:4756
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 100 -s 976
      4⤵
      Program crash
      PID:4336
- - C:\Users\Admin\AppData\Local\Temp\win-tooll.exe
    "C:\Users\Admin\AppData\Local\Temp\win-tooll.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\win-tooll.exe
      "C:\Users\Admin\AppData\Local\Temp\win-tooll.exe"
      4⤵
      PID:472
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 976
      4⤵
      Program crash
      PID:1604
- C:\Users\Admin\AppData\Local\Temp\driverfusionfreesetup.exe
  "C:\Users\Admin\AppData\Local\Temp\driverfusionfreesetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2540
- - C:\Users\Admin\AppData\Local\Temp\MSIE141.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSIE141.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:3280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:3612
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
        5⤵
        
        PID:2412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
        5⤵
        
        PID:4360
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
        5⤵
        
        PID:4552
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
        5⤵
        
        PID:2012
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
        5⤵
        
        PID:4864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8
        5⤵
        
        PID:3432
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3196
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
        5⤵
        
        PID:2372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
        5⤵
        
        PID:1072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
        5⤵
        
        PID:1916
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
        5⤵
        
        PID:32
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
        5⤵
        
        PID:5196
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
        5⤵
        
        PID:5204
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
        5⤵
        
        PID:5876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
        5⤵
        
        PID:5964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
        5⤵
        
        PID:3408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
        5⤵
        
        PID:4056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
        5⤵
        
        PID:5168
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
        5⤵
        
        PID:2472
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
        5⤵
        
        PID:5872
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
        5⤵
        
        PID:5688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
        5⤵
        
        PID:5392
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
        5⤵
        
        PID:6004
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
        5⤵
        
        PID:1992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
        5⤵
        
        PID:5352
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
        5⤵
        
        PID:4708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
        5⤵
        
        PID:5004
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
        5⤵
        
        PID:5584
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
        5⤵
        
        PID:4964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
        5⤵
        
        PID:4816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1
        5⤵
        
        PID:2252
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
        5⤵
        
        PID:444
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
        5⤵
        
        PID:2460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
        5⤵
        
        PID:6552
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1
        5⤵
        
        PID:6568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
        5⤵
        
        PID:6936
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
        5⤵
        
        PID:6992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
        5⤵
        
        PID:6380
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:1
        5⤵
        
        PID:5576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:1
        5⤵
        
        PID:6864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
        5⤵
        
        PID:6824
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8284 /prefetch:1
        5⤵
        
        PID:5448
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
        5⤵
        
        PID:7144
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1
        5⤵
        
        PID:4008
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
        5⤵
        
        PID:4428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
        5⤵
        
        PID:6264
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8520 /prefetch:1
        5⤵
        
        PID:5964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:1
        5⤵
        
        PID:6436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8844 /prefetch:1
        5⤵
        
        PID:4724
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9156 /prefetch:2
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8564 /prefetch:1
        5⤵
        
        PID:2024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9264 /prefetch:1
        5⤵
        
        PID:440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
        5⤵
        
        PID:3640
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9536 /prefetch:1
        5⤵
        
        PID:6136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
        5⤵
        
        PID:5424
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11538431052802205526,12307617322885247565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9060 /prefetch:1
        5⤵
        
        PID:6652
- - C:\Users\Admin\AppData\Local\Temp\MSIF98D.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSIF98D.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:3496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:964
- - C:\Users\Admin\AppData\Local\Temp\MSI11D9.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSI11D9.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:5812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:5824
- - C:\Users\Admin\AppData\Local\Temp\MSI2A15.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSI2A15.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:5176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:5192
- - C:\Users\Admin\AppData\Local\Temp\MSI4260.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSI4260.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:5376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:5196
- - C:\Users\Admin\AppData\Local\Temp\MSI5A9D.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSI5A9D.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:5740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:5768
- - C:\Users\Admin\AppData\Local\Temp\MSI72D9.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSI72D9.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:2348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:5072
- - C:\Users\Admin\AppData\Local\Temp\MSI8B15.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSI8B15.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4832
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:1804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:3500
- - C:\Users\Admin\AppData\Local\Temp\MSIA351.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSIA351.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:2588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:3464
- - C:\Users\Admin\AppData\Local\Temp\MSIBB8D.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSIBB8D.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:5520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:5588
- - C:\Users\Admin\AppData\Local\Temp\MSID3C9.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSID3C9.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:5412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:3700
- - C:\Users\Admin\AppData\Local\Temp\MSIEC05.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSIEC05.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:5612
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:4964
- - C:\Users\Admin\AppData\Local\Temp\MSI432.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSI432.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:6480
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:6492
- - C:\Users\Admin\AppData\Local\Temp\MSI1C6E.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSI1C6E.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:6876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:6888
- - C:\Users\Admin\AppData\Local\Temp\MSI34AA.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSI34AA.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:4836
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:5564
- - C:\Users\Admin\AppData\Local\Temp\MSI4CE6.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSI4CE6.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:1340
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:6052
- - C:\Users\Admin\AppData\Local\Temp\MSI6513.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSI6513.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:3404
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:6296
- - C:\Users\Admin\AppData\Local\Temp\MSI7D5E.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSI7D5E.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:7056
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:6424
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:6444
- - C:\Users\Admin\AppData\Local\Temp\MSI959B.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSI959B.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:7060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:6696
- - C:\Users\Admin\AppData\Local\Temp\MSIADD7.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSIADD7.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:7156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:7064
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:7040
- - C:\Users\Admin\AppData\Local\Temp\MSIC613.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSIC613.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:1324
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:1164
- - C:\Users\Admin\AppData\Local\Temp\MSIDE4F.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSIDE4F.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:6896
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:6900
- - C:\Users\Admin\AppData\Local\Temp\MSIF69B.tmp
    "C:\Users\Admin\AppData\Local\Temp\MSIF69B.tmp" https://treexy.com/products/driver-fusion/
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://treexy.com/products/driver-fusion/
      4⤵
      PID:2128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff99a946f8,0x7fff99a94708,0x7fff99a94718
        5⤵
        
        PID:1564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 100 -ip 100
1⤵
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4992 -ip 4992
1⤵
PID:836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4296 -ip 4296
1⤵
PID:1124

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4060
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8426ADEADD12FD714B46CBDCE2F74686 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\data-com.exe

Filesize
1.7MB

MD5
11ce0a152fdbf1997778a2a0d11200aa

SHA1
b728d7df96a888eb6b61a20d4daa4e71445bab68

SHA256
dcaf19328afff04eb26fa9d8edcbe16fe0ede4785830a6a8b66b68e9e23290f8

SHA512
5f3e889de15dddc4d77715b5a90c6db736ac045384fa03b604e9f9bf64e961d522a4ce1057fbcdf766fac7d01344c6fd1cbd2db085c9e2b8d4d7e833d579eceb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
bc590b5a05f696b5ba563c5561d3dd48

SHA1
26b1d75a069450b2c80c62a5314cc2a465c2714a

SHA256
f02aa295f422f272c4fe04cc6a35e8ce0ef6ea2fbda161b2b6908579fd3632d2

SHA512
46f2687bd87c8b753c80c7e4b761a7553eb5f7e75007a1de41add70da77ce6ff1dfc49daecf6f01cbccf43d5df178de06cdf10bc0282d0e7b8c5117328ebc4c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
1e8ce25245c23cc6c68e7d391e529767

SHA1
827c6b456ab09dac53b065fc4a2c069aabe97f6e

SHA256
123e6ab5d7406a615c75a03f73d2be7b8dd092cb8722abe252b22a11f14e4a7b

SHA512
3235cc9776ebc5aa46ab2821c714c82627292e66d701461240fa2b365a95053e428ebcc8eefb05a50253a1dcffd24342303503d0d654838838d2e0927c1aec6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
19KB

MD5
e43e1e7e83b6593c2bf8c6fba9cee5e5

SHA1
4bbc845e26262c120fd004ff1422f523a0aa6c3d

SHA256
2a2522347ef4429b07965426ff608396c21f4b7153104db718a8c5294f95ab1c

SHA512
3d67956c3e07d556b6b17b1040d216b63ba1d2e8c225136590e836c342c5eba004b0cefa46d39eb726c11f202dafe0b10f7e6c1f7f9da6de9368ed9b077a6aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
16KB

MD5
a655ec20c95136a4eaec07b778301bdf

SHA1
9ad878dcec124d1d7832993c69ebb1e37e7b0097

SHA256
857d680c5230a653f876164e4e3c5d051ab7b94046f2dcf05e8d28b2273565a4

SHA512
5273bcf9a80ab387d8e646ae273d0a338b43022cf0cbd7fe90a1b96e6ed6ccaf7c4cb5eeabe1e2bb1405c860d5b520f55835b6d8044fdeb7ece21abfd041a6dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
40KB

MD5
0ce73cfd8f6ebdedd14390a7dc81a299

SHA1
050f190324b4ee2952a1d8b2ffa1222562ef4169

SHA256
5ad3684c12cd2c4955e68a0b4d5506cd8009162311cc0927e4839668e30fadee

SHA512
0610bb404e6fde9b6e1402e48d19ab544dbbd9ed3758de6fed375118ff817e79a4762fbef737e0ac9dc46c4b995ec13019560ee7bf592f824089d42fc7196dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
28KB

MD5
f723bbbc76fde91b2c1247218a6526c7

SHA1
5f01e4e429a5664efabe1481fe16cc13294e2f8d

SHA256
133cc139e2520f777c0f759bd7225ed5105d9eb2ecbbf04022f7a43a02876258

SHA512
cad46ba7adf52bdaf2da4164ade86abaed1c346e6d5dd64cfeb0e1b89411d79ea473172021e9d0a9019ca6e5c3f42681d73480269b32be1108562dba3361ef76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d2af3f014f56d4b_0

Filesize
26KB

MD5
c7453e1402e58581d8b5b6fa6f28f20c

SHA1
d0ecdcbc7c6f2cf00e1335d8a36455e4a6c96d0e

SHA256
8db26e16bcddb45747988cf17df6cd8731b66a84302d8e56807aff4bd316b922

SHA512
f27a09dcee07ce91ceae3899e8955f117ec1465e8ce53faf2bab452f64c454f91b9567c02cb55d876907cfe1a0810be2587795cf0d3cf21a049b5183198f9f51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8d68dd654427e697_0

Filesize
72KB

MD5
5b9db350136f14d0439a8f7a3f339216

SHA1
989c92dfb7bdc0be1e5b2551af1b71a8fec2114e

SHA256
acbb7d75a9ea1675e0195b013513f655443222054da1cdaa7a69900b4cb1c358

SHA512
2fbfd950583c0734b680dca61d144c12a3a49a196f49d0a70749696edef655cc915a52ce3384ef55afe2f021859795be8c15469bb485394c6eca767a742d4c83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\994ebb3f13a493bd_0

Filesize
238B

MD5
299a9e5e44341ed017e3741411cb8d38

SHA1
f160673f3098b442b1f8320fb1561e80b2f633dc

SHA256
30019c0940a4b75f92313d5e300261187dec13c60abc04a5914e94a89a985e7d

SHA512
588d6f5bc37e18d6e611fe9fc5a13096f9d402cd690586c771c26d207520d938d17a623e54be228ca2753e2194838ea43dc34bdbf1f8029f807cbb817ff11381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cbdc74a697b85911_0

Filesize
47KB

MD5
3c96ed6aef12258105f0b3b9980e55aa

SHA1
5ff04d7432fdeb7f0688efe074b6a67bf8778260

SHA256
d3d364c2be019c722bf1a68b648d0ef938096a3d78748e2842a48301434297d3

SHA512
458ec58f198a755c268b3cdadafefc23d000cab19b24846f30965dad0d6e9c2669175538368c190f044b581cad06135a476ba9096f2223571cc1eee84b63bc93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
337B

MD5
bd7f254b93a46f2eb33ac3694443d088

SHA1
3e2f8deae6f50d7893b5736f113ef1272853ecf3

SHA256
4acedc9c2e0da52e14c87b9bfe1ab9a7943824e88e986ed4e59e43915d0ec34a

SHA512
514b8af249bf082f5e17ebfe20803272a84cfbc1855dc8e1a5c4f38ea2bd049e40b363db6048b9dcc8d7d249b4d80e9c0d7655563e5b9e53cb21e3e1f4190a61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3fd3871b47ce3b1f0df5ccaabf88dfb0

SHA1
47d61dbff83256645ed5a768fe33f136cfdb1c2b

SHA256
e6b19e931a695aabb7acd0978e225c64f55368d39e567030411b5ddd0b8c7655

SHA512
282873cf81ba669749c1d77acca428b4095aed0d2aef6f57bb73a9249ce983e3008370d99ba9f215f10a96698b6339c5a9c0c4f117b3d9b50ce3a65c597e06fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6caeeb38557658925df1208f853c00ea

SHA1
c46af30e25df1a5f0c8b8758b7c4278f47f68692

SHA256
c985b0588897c1af17f065b092d5a832ae2c15bb0f06ecc10c67578aed4ea1e1

SHA512
850d2bfc42624c69beb3bea6ad533fdacd805ac35a116792277d5e95fcf5dff6749fc8654fc273c7840725bf43a0dd04b3df9d247da68a2e9a39f3a7bf0b0a05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce8979be3da4816f8edcb514b8f052ee

SHA1
61fc5384751efd377fafa52a66f339418e6752c5

SHA256
6fe35be1657f663ec33b1e7c13d4a7c8ee558f092b1e88672e3edf5e6ce09a0d

SHA512
d12b35aa46bd0cfb18933f8cb748e984f2d3cd5c71f6907b2fac95ff182dcedff7d00deb26d3aac16c8c74d82d3a512ef4703cab0f1c9f583e32892c7ddc6cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
870cae08b4803a49d422205f8282e7b2

SHA1
55fc55d0b8c41a08379f916059e7c7d2afb30c3c

SHA256
294ef79541f8e50b68de0945b26a2ea6b466ffeeedc4c6bd33170fee4ecd74a0

SHA512
19d144fa2e1b8021919180bd0b06b029ef3c3efda6e60147b3f5015465018bce2420b32de20bb1442518e8877fd20cc6377cc77709257d174841b3f655190b3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cea7c338835881e9ccd32ccb562df68a

SHA1
742908ef90b69b746984527a1f6b3b4f424742b1

SHA256
3cb90cd77b74dfdd553f13d9eb352309d11c7ae072e484a033ba2f9da0614970

SHA512
7f8471f15b612ec21b1efbd61dde06d0c44b27c152d77da3f5299061f4419f1b0e4f7960e72896ac5fd762bdd62b6881d580cfd69367c5a18b7c89a6b3064751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6138eb8b88db7dc6706571f54ef803e6

SHA1
9f6fb263f28b2e96fee23bb47376d61bcc977a68

SHA256
5184cd12b0ec13ef06fa5d45d8f453881d0df92ea2147b621ab5f4645105736c

SHA512
ee73c307bfcf85b8e8412f63da555058d21f10d682453b39a30feaaa923401ad94acad4ec0ec72ad6cda5c37fb4e0086c9c8d2a0f284d5fbf0d7d791a4821d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b26b05799c4e6e93b3a04aa817c53a72

SHA1
606b79d494869ff279df26f269d75656bfadb7ad

SHA256
4945a973bff04c5c860e25e73caa966a841a41624f6cae80d02c1a83a33bbd25

SHA512
c7cc1c40bb9dc3d7c54da79f4e8b4149a3061d722e9ae425d64a58d7588c10146e22b2d8baac556741a9b64fd49bac0f69b9c6b0cbd3300ac89735d566a2e16c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a028e242e130438afa32bc4bc34d243e

SHA1
f41490d8fec1aa3878584945307e7ef4fea6c05f

SHA256
4d2eb14a3fd699c3e2353afcd6e9f5d7146023ada30d8910ce6fcdc636dbb7c4

SHA512
cfdfc78ac0b975ef4015af38d448fafb8d6be83169f420aa1b8e28e22f114602c151ec8f0bff5e37400658646397b284bd8f9b421e40b069c358703ee914fd48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b9d4b7d2c9e0c80b2b40185e0a3285b

SHA1
d83535c9d56a0ddcf8e52f49a102688c90ca8b88

SHA256
c0d5945dc5a7c215d6d1bd662b07c7532bf34cd05e000a08ea52f03fd79f5b26

SHA512
0e8bad771a7a6266c738c95bfcd7b97237e9635f92476b03aca3e2a8bf1019d8af05048a7fa9e373297d13a1c5595307cddf75777c19b74e2e53793eb33d9240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17ce7424d1d048562b97ca0ccd18ada8

SHA1
175091adccd4338867fd82e077bf9de83e839d27

SHA256
2f2c3d201404010cd84efb292cdfc48dc29aef08b4924a7741c207b813d93aa5

SHA512
80f07de350ab2180524533d433174b649db3699d9fdb7dbd7985338f4925ebd80eb0e77326fed45db877041a183dc5f503509ba8312454641a1cb825633325ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eedc4d31413a158320e68720f6a96d94

SHA1
3ccd05c77463b04fa853f92fe268de55f128d2a5

SHA256
34a10999eac5dcabb26d37ede45cb1cd6805e36f21156dc6b8e3dd85018d4f15

SHA512
d8720b51f306d64a06419fbda2ec63332df10f89f2047372758a513ee16047f20705c695b793526f9ab5fcdcc1a79c476a50612806ee6068ed7ca3967bf32e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d786a14583f4b847cd4662bb8ae54869

SHA1
2aa9a2f33cfead4285cb86e108d9db1146baeaab

SHA256
918a0f06b8265a77e0920f50fb2c6a4cdfbb8cf7d9db226c7f067eb597778747

SHA512
8e4c15af9d585b05d9ab15988a2bc8a6f18972f0b3ef8f59e547a0ada1c2a95b2b74afb42fad6860d8bf239046aace5e8e2cca997719fcf8764454a4fa73a23a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
03815b3f489163c5c43807393f8a2fd9

SHA1
6732b7154838c17bbcbce0c9bcc578a09e2ae25d

SHA256
b17ad25bed771872310c73aad0560c93f18359551a25d671cf59353686b173b4

SHA512
a1dd9d338ed6956a64d35e679a65b78305e5233b4df85c619e6dc39de97b4741f252a2af63c5d2fe6a469abe2d1ce28abe08eb625053a27aa5e0dfd444f68b8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
4916770bd42979a48bcf0b547a5e6f29

SHA1
8ae824aaf661e6f7de1d2438c6c205bccf23d656

SHA256
00b9fa3a1c27fb757e5b72ae4e86e8401ca3c080e43007b2a42df3fb75946bd4

SHA512
f5d8cd3ce4393b77c04f4b4aae2ab9ee9f9f1143f4adec468213db86be409edc4863c27da64d47dc4f46aea06380e4ffc14ce3b5d35f8c1ee94c41bf1be351ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
b2b2278ce4be065b498c9bc647861087

SHA1
0286d77c35c627d0f25f189a8662b31936417c86

SHA256
ec99eb813f3e731790c88d44ef96e38a08716418a53faa9f0badbee23eac61c2

SHA512
bee9c2611aea7f3b9a1bdf1f56c0e60d66d1f632bc7b8abf7462b1fa6d559de2a62a92e7ba975dea0effea1d33bc5cd19117fbd231ab3576ad03ca74ea778184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
7ad63699d4c531198eac754a06090182

SHA1
7c180d0f0a8ae404cc15d174782bc09ceca1a157

SHA256
61316bfc0c33ee7726cd4ca50faf324286b5a94f4fbd7e8923c31f9e8613ebb9

SHA512
1e1d9da58cc68d191d12ff77de9653e056f6f9b6572ac97d9ed7f6cfe9d8a34830852be96f7b7556685e6f3e7fb7a1ade6af19e2b6bf17d0c41a4f3ed6ce1662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
dab300150e6461d1a11c489a040724a8

SHA1
a894b76605e126d0774c30d61fd8b2f57ccee8ad

SHA256
c1f10a95d228375792076b62a9f8adf2ae2a1ffba285e0154cba6493cfbef5cb

SHA512
e6085ec7dc89468b9c344947d7267edf664e19e9ba9dd570b29e3273a523822b428e16aeb42f97fc9c863630c84e13cebcfaa8956a16c70b68490638d2c6d4c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
64c18d1f48209f8700916f1ed3990e2e

SHA1
8369c126f0401d980b5830e9e5787cbc5257ffad

SHA256
73d9e92f0b9fbeb6f4c9043dd743d21105ae3f08f73282515cad50f2474ee2f1

SHA512
a4b9660ee9300dff278a6c0c5d66fcd5fb6fdcbcbfc9e6dc19855a00ef7a9cc49d36b287321b1e1e44b85e14c1df4ec74d2cfeb15c7481350bfb701f97a31eaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
4c7ee3ee96d7d96034a55812ae93cad0

SHA1
c111dc94a6c164580d68d51f480d7b04aac71280

SHA256
3e27bd7351698b6fccde0d25df3784857b0f7a6b23498f8143da2f1681f5fa03

SHA512
2e825c1c88bffe71f89a0528e8ca49413396bafca9e7c5c7a2143b6988bc8916f6470afc84a284780b4e0239535963875eb9fc2fbccffcb5140fb03110acdf55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
59a6245bb5bcca2d3e4525942da67238

SHA1
3d692369b679f37859ac03f9a6f5e02c44cd64cc

SHA256
c95997a04a3310ee6fe24567f4bedd7931d55049b86c522054c1df8ad70d9a1d

SHA512
44e41f4dc0f2ec27dc637f8e019a0e218c4f9a7d455db2fe8661c7ed5b89e11f6f9dea7293d529051532163d4f0799b66b9b8aaa620aa11b0d1f145d2266c0a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
faee9a7122b6b565c5802c31b50da063

SHA1
2b1cd13c1e71fd559012597ed7443204f77408c2

SHA256
b64ef3cf3aafd7f65be74d8edbe9aff73b4e0cd8177a8d149fc92d1bade51ba0

SHA512
a00cc1b327cc69c8486f98e4e3219126f5c24037364c7228c210abb92fc8a572b5fad6818440a65b04ab50ec328033b1bc122967087a736676ec7009978d1c49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
51085543f7aa0eaa0335b804d5b91275

SHA1
001a1df57ff172e72f48fd8ef8d486db9751628b

SHA256
cb7677af932ee97897f1ce326fc863ebf7c0078122e0a547f521ee87d727de83

SHA512
e71a6315b962f5987e277c693ffa860b374956f2cdaf0805876f362d04aad015324770891c970d6a51b4ca89429ce44e206791c606b365bccb941bd80473339d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583af1.TMP

Filesize
368B

MD5
8a8928ca4f145b380421b30ceeb20665

SHA1
7d1a229395dbf370a4f03d5cf4c279659c6ed48f

SHA256
1586f5c023aa99a5cfe150c0582f007733522ce00cbafb5c73389a2e52d6b35b

SHA512
a25aeeb669929314c4c2aa0f8cb5dde8e4c05527376325c158cd2c4dad2cafe0bc0b345563f38225193448369276170379ef58ff69c2dd097f3c41180f7b7ce9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fd9af560b1c7c79720a5a46fdc464a03

SHA1
d82633d8622008bc5fe224fb860754c1318502d4

SHA256
2d3d83aecc774a4a21add6a29d609e5f2efbc50778b724580cbda4de1b391685

SHA512
45a60cf545e3aef5bd4677798ee174bf75434e81cd47fc64d6b1da9f63d862dcd6b04b7875aca631bb4a5989cfc1fcdc61884f841b4be4de03b56b6025cbbb04

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

Filesize
5.0MB

MD5
05b1aaf5b9e8081a45e58c20ddcfc3a8

SHA1
9ddcc738e83f35549dba1afeef34c7a17ff07d9d

SHA256
f14cfca76541c6bf9216be41985c162c32ee4b910a6d83c244e1ffb618f75185

SHA512
b865b7e879245c74bfd0cd7c9c0c500abc9ef9e1d5297ed6c6951cfffa409d7455316f12039b453e48be1ad7f13d9ffff04e41d4c6104da25f37d2242a1f3e1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2540\PreparePrereqDlgProgress.gif

Filesize
24KB

MD5
f550f449baed1315c7965bd826c2510b

SHA1
772e6e82765dcfda319a68380981d77b83a3ab1b

SHA256
0ee7650c7faf97126ddbc7d21812e093af4f2317f3edcff16d2d6137d3c0544d

SHA512
7608140bc2d83f509a2afdaacd394d0aa5a6f7816e96c11f4218e815c3aaabf9fc95dd3b3a44b165334772ebdab7dfa585833850db09442743e56b8e505f6a09

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2540\backbutton

Filesize
404B

MD5
50e27244df2b1690728e8252088a253c

SHA1
b84ad02fd0ed3cb933ffbd123614a2495810442b

SHA256
71836c56ec4765d858dc756541123e44680f98da255faf1ece7b83d79809b1c3

SHA512
ba3d3535bfd2f17919e1a99e89fdb1c9a83507ff3c2846c62770e210a50aee1281445d510858d247cc9619861089aaf20f45b0b7c39f15c0ea039ac5498fa03e

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2540\backgroundprepare

Filesize
134B

MD5
a0efb0e7b9cee25b09e09a1a64e96ba6

SHA1
0c1e18f6f5e6e5e6953e9fb99ca60fdec35d6e39

SHA256
f044f542bc46464054084c63596877f06c6e2c215c0e954c4ace9787ced82787

SHA512
7e53f9f564aaa529b3b15035671957c2923ec98ddee93758ea7a4c8645ee9058962078771b853e3490290fde1f57030dff5092d40d69418776ffee89f79c8a7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2540\frame_bottom_left.bmp

Filesize
66B

MD5
1fb3755fe9676fca35b8d3c6a8e80b45

SHA1
7c60375472c2757650afbe045c1c97059ca66884

SHA256
384ebd5800becadf3bd9014686e6cc09344f75ce426e966d788eb5473b28aa21

SHA512
dee9db50320a27de65581c20d9e6cf429921ebee9d4e1190c044cc6063d217ca89f5667dc0d93faf7dcc2d931fe4e85c025c6f71c1651cbd2d12a43f915932c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2540\frame_bottom_mid.bmp

Filesize
66B

MD5
71fa2730c42ae45c8b373053cc504731

SHA1
ef523fc56f6566fbc41c7d51d29943e6be976d5e

SHA256
205209facdebf400319dbcb1020f0545d7564b9415c47497528593e344795afd

SHA512
ea4415619720cc1d9fb1bb89a14903bfd1471b89f9c4847df4839084aae573d49b4969d3799ad30ff25b71f6e31f8d9f30701e1240d3cd6a063819c04873f21f

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2540\frame_caption.bmp

Filesize
206B

MD5
8641f45594b8d413bf1da25ce59f1207

SHA1
afebb23f5a55d304d028ca9942526b3649cddb52

SHA256
0403ed31d75dcc182dd98f2b603da4c36b6325e9d159cac4371e1448244bb707

SHA512
86a5f959f8462f866466dc706d3ae627b1fb019b8a33ee7fe48e3b69f92bf33dc0f1417c0d5116552b25b488bcb5d9050a33773e6883ebe08410267d95b2353a

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2540\frame_left.bmp

Filesize
66B

MD5
30384472ae83ff8a7336b987292d8349

SHA1
85d3e6cffe47f5a0a4e1a87ac9da729537783cd0

SHA256
f545ec56bc9b690a6b952471669a8316e18274d64e2ebc9e365fcf44363a125a

SHA512
7611f930a0a1089cc5004203ec128c916f0c2aedae3a6fcc2eaffa8cd004dcbf154714e401947921a06896ca77c77daec7f9bda82369aacd3bb666f8a0331963

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2540\frame_left_inactive.bmp

Filesize
66B

MD5
4b84f29fbce81aab5af97a311d0e51e2

SHA1
60723cf4b91c139661db5ecb0964deca1fc196ea

SHA256
c93be5a7c979c534274fc1a965d26c126efa5d58c14066b14937e5aba3b9eb55

SHA512
775eadccc44fddbd1e0d4231bc90d222f0a9749199e1963449ad20285ea92941a5685cdc12c0cd8c0ef0a21e10bdacaf139e5c69cd5e402cc110679323c23df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2540\frame_top_left.bmp

Filesize
154B

MD5
1966f4308086a013b8837dddf88f67ad

SHA1
1b66c1b1ad519cad2a273e2e5b2cfd77b8e3a190

SHA256
17b5cd496d98db14e7c9757e38892883c7b378407e1f136889a9921abe040741

SHA512
ec50f92b77bca5117a9a262ba1951e37d6139b838099e1546ab2716c7bafb0fc542ce7f1993a19591c832384df01b722d87bb5a6a010091fc880de6e5cfa6c17

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2540\frame_top_mid.bmp

Filesize
66B

MD5
4e0ac65606b6aacd85e11c470ceb4e54

SHA1
3f321e3bbde641b7733b806b9ef262243fb8af3b

SHA256
1d59fe11b3f1951c104f279c1338fc307940268971d016ebe929a9998a5038ee

SHA512
7b28bcb4e76af3b863a7c3390b6cd3316c4631434e1d1e2df8d6e0eb9987a61a4f1a24de59567394e346d45e332403a0817ed0b0b64d7a624dbe48e30db9bb64

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2540\logo.png

Filesize
58KB

MD5
78b8486b89c4e3d214731ec1d13f466b

SHA1
d2792f1b48698f3c05f7a834c20b6f699e4d5b5c

SHA256
b068891ee9e1496d1da40e521f3d8243adf58910ee44a5feece91e6f9c8615c1

SHA512
e38f2aad280e6a21f042c9b725442ad6845e8a20b6ee121fbb226ee61a1ddcfa774ceb0b1a337f018e798edf5b747f2e154d656eba34396db80ca869c1fd9d78

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2540\metrobuttonimage

Filesize
404B

MD5
17368ff7073a6c7c2949d9a8eb743729

SHA1
d770cd409cf1a95908d26a51be8c646cace83e4c

SHA256
16e6e7662f3a204061c18090a64a8679f10bc408be802abd2c7c0e9fe865cbb4

SHA512
cbc3a378335f131d0146e5fe40cea38a741a0754a26304daebfda6f82c394cf0e151654782c6c8c7bbf7c354fcb72a2c66a77a87df528c2a3fa87c88f204059d

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2540\nextcancelbuttons

Filesize
404B

MD5
583580e2c651f5c230fb3235b7ca0e3b

SHA1
a9bd6aeef43a6f4c0c00d1ecd98a585d7eb0aaa3

SHA256
65172283ee04f2fa18d0e57b21471be2e68017d1f61816aaaa6be070b446346f

SHA512
6c61e6c06c883113a7a0efbd352120354c070f5c17d770b6b821c42cb9d9ca895992842b29b51bd3e569b0c95e93709dd7c1c2a26bcff0ad425079f5302670ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2540\sys_close_normal.png

Filesize
225B

MD5
8ba33e929eb0c016036968b6f137c5fa

SHA1
b563d786bddd6f1c30924da25b71891696346e15

SHA256
bbcac1632131b21d40c80ff9e14156d36366d2e7bb05eed584e9d448497152d5

SHA512
ba3a70757bd0db308e689a56e2f359c4356c5a7dd9e2831f4162ea04381d4bbdbef6335d97a2c55f588c7172e1c2ebf7a3bd481d30871f05e61eea17246a958e

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID93A.tmp

Filesize
380KB

MD5
2160822ba37161cbacff695771afa2ed

SHA1
87b5fd899791d245b1ed7eb5a7f0f0e8ec5cf79f

SHA256
6c7fa74530bb1140309ba0803cb240bc3e54e507c4abd790cf2dd49834435bcb

SHA512
061454ee65ad95f19890f7336278a72538a805f565ae80a0fe5eabca546d401eae18cf08c2274733ccc755439b7c8d8925919d0131ec0a28789e6c3bc2614011

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID9F8.tmp

Filesize
860KB

MD5
e922ff8f49a4734f442bcd26b4a05ba8

SHA1
13e0dcc761282b31a9e21118035768cf75145045

SHA256
f2fd2ccb8d8412753ca7aa3d402f29b8280bbd4f7170d53f613e05f742f13a22

SHA512
0d395483f4ac9af3f011990612517641d4e6734e184faa0f17b4525aab729350ad5b9737a1c0f0164ec81775a41fb21dc90b72609a7ab25a37c4d2a19f253a0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE141.tmp

Filesize
391KB

MD5
7b344cf64d727aa30d30c79721f90750

SHA1
44de9cd2752fe8971b0bfb78cff40170526031ab

SHA256
95a3515e35c6fea01646a9e392df731bf38d40a4dc52f4292fcfcda9042a46e7

SHA512
cbb0740c25a7d37f8ffc9b40adf23885e07abe60e82ba34b735bb0adad4d82bc9229f12478c089b4dd005a4757007dd0db1b54200a4d8ceef302f20130088419

Download Submit
C:\Users\Admin\AppData\Local\Temp\Office155.exe

Filesize
650KB

MD5
e1719a774dafed6ca894ec6b1d0fd457

SHA1
13651637cf5477d3103410cf9829999285d9eebe

SHA256
78474b2f484a98ec6375e8389adb097afd942181fef9dfc2550f54ece30edcbf

SHA512
38ecde8ec5833c1f3ad207dfe14ff71792632b29c9ee6ea954563243020b755bc1fe8547d54eeb91bc25d7f32f204d891f6c865735af781049741efa15e1baee

Download Submit
C:\Users\Admin\AppData\Local\Temp\URLF9D1.url

Filesize
68B

MD5
38b8e980cbcd862f757ca8f8c37127b1

SHA1
1dd580d8e01ca1fdd57558612ad8dba221abc9aa

SHA256
5964310c78ca9e8d0d91e8b5fe3110c880662eb444dd468fc5eab0fbe207229e

SHA512
e0a9bb8d6f07738114463474448e8736638dc5611942369cd1a47a3b7f7d5e2874c23f6aa4dbd094d666cf9f133d473a00f923f48297e1b06a1847aec88fe409

Download Submit
C:\Users\Admin\AppData\Local\Temp\driverfusionfreesetup.exe

Filesize
27.2MB

MD5
135ce5f33b23823bc4f5726a17274995

SHA1
028cd3a0cf53da5284c117be9ccc9d23aac57fdd

SHA256
b1a5b35572e3060001d9813a126463d564b2e43eea0d3dba658f3ef46f79f680

SHA512
31f7ac2f5154b5c265cf81ab45ea91f6a9dc1d264ca434a1ecb392ec3ea119231abc6742851441108de0e18b40daf375ecca8e97d80287e0cb0aafed4e96d39a

Download Submit
C:\Users\Admin\AppData\Local\Temp\netshare x86_644.exe

Filesize
718KB

MD5
7443707310e3a6b120beb1e61b34d25a

SHA1
1fa6806ee6553931532cc6e2bb49e42d8655734d

SHA256
afe09a1fd24c633424b2ba1aa1df9cc80431c6f9558a48b933063fd18d055fb1

SHA512
37f673558b6d4953f807f18bf14a6a1fde7d39fa3d82c733e98809c7732d30591ac52b17dcb9a80d87418d8b797bec67fa511b1666ad18a5afb276d64f07a721

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC91D.tmp\8x0pq8gq9j.dll

Filesize
669KB

MD5
2064ea94df92b42740c547aa2c610dd1

SHA1
9ad300e310ce27c2a0d94131ca182fd74edb5f62

SHA256
cd43f332905d74b8d8926ae6288888cf843666db0a5b703f2123afbd63c5f2cd

SHA512
607f19c5cc1eb57a1bb81c82aefc84761f532df08c3538140db94b06005163678199e7841e9e78cf457e289ea307f96c78507e948d6bd9137a756e7ff74d3090

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC92D.tmp\7aew68vt0q.dll

Filesize
586KB

MD5
fd826e8cb4ced9c11498351c5d602c35

SHA1
81295b8b5146668e5b1e97ed414cd5807c5b83a4

SHA256
8202d16efc125121e836db33f3a71b265a87740c1407a79b2e6ba796c028a9e8

SHA512
00b2a3c2a392844680819d7106b70e586ff207de9d5c7c90290fbfba72fa4b6e9a5ac59164cc67026e7a1467c69feb2e796440078dcf48e75f61c6ece922b9ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgC96B.tmp\t7f2wc.dll

Filesize
129KB

MD5
0e2d5c75d97e0ea879e12dacbf91a6df

SHA1
a61ffac27eca63ebb0075e842a460e80326a5092

SHA256
d40c71ea25575e573284a6763e5530cfd395b3b75a45db4cff8f7a298e84cc74

SHA512
08acde739b4e1caa22fcdfaab508d2ef3b6db78191b0f4a2cedc1d5c0a1de68fb9d8dff72b8de2e129ef011073abd18bdcbf172a99e862bca76e71c7046bab51

Download Submit
C:\Users\Admin\AppData\Local\Temp\win-tooll.exe

Filesize
177KB

MD5
cb7cac7a65b31662f2116d75d65d010a

SHA1
92869d6a5a06114c2c571fe583d744708b401be4

SHA256
dfcff668b6a257948fd604e9346b570d91d8e1602d8058548d2141f0e7c5ac2b

SHA512
6cf8db0a4a54d0cd6d2c85135173cf520a1b574e111babc42d154325251bf7ef0ba2b4adaa071492adc85039e96204f6893ab7e1f7f526062bde0103869bbc4f

Download Submit
C:\Users\Admin\AppData\Roaming\Treexy\Driver Fusion 9.0.0.1\install\40073A7\setup-free.msi

Filesize
6.0MB

MD5
eef753b9d53cb04360a3c012cc6013dc

SHA1
79567cbd5202303598e77ec296e86e76bb43bdba

SHA256
1cf1b339dfaa725132a1378a1fba96eb12246bbe18f9a56d9c112a70e1c654b3

SHA512
123d309d6af9d127459e566d30114604eeb27f025bdbc6dcb2199e879d0ae71ca7d8fad0e95ef7715d330767b37cb10d19962e039f4156572e4a94b4a6e64449

Download Submit
C:\Users\Admin\AppData\Roaming\Treexy\Driver Fusion 9.0.0.1\install\decoder.dll

Filesize
182KB

MD5
fddee40c512e40f05ed565f1a00e85f1

SHA1
2f0096e7418d19d8df8515f9899e87ca6671b517

SHA256
f7ab1e969edfece0c89bd4d79ce3cc70ff46e460da4d9d90b1ef91f3a0716265

SHA512
6845cb0f841572e7c516b8401eab4aadcdd492613ffb09ccd07ce254d6748ddde4b3b566b3e8fb2ea841c8fd5977d6f1fddaadda81e0f39d8736323e750c8127

Download Submit
memory/100-97-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download
memory/4248-54-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/4296-105-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download
memory/4992-96-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download
memory/4992-115-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download