lumma | hxxps://github[.]com/darwin86johnsoneei/Xeno-executor/releases/tag/Release

Analysis

max time kernel
383s
max time network
369s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2025 23:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/darwin86johnsoneei/Xeno-executor/releases/tag/Release

Score

10^/10

lumma microsoft discovery evasion motw persistence phishing privilege_escalation stealer trojan

Malware Config

Extracted

Family

lumma

https://whisperusz.biz/api

https://fraggielek.biz/api

https://grandiouseziu.biz/api

https://littlenotii.biz/api

https://marketlumpe.biz/api

https://nuttyshopr.biz/api

https://punishzement.biz/api

https://spookycappy.biz/api

https://truculengisau.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	setup.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 20 IoCs

pid	Process
6148	RobloxPlayerInstaller.exe
6712	RobloxPlayerInstaller.exe
876	MicrosoftEdgeWebview2Setup.exe
4996	MicrosoftEdgeUpdate.exe
4412	MicrosoftEdgeUpdate.exe
1480	MicrosoftEdgeUpdate.exe
3836	MicrosoftEdgeUpdateComRegisterShell64.exe
5212	MicrosoftEdgeUpdateComRegisterShell64.exe
1572	MicrosoftEdgeUpdateComRegisterShell64.exe
4048	MicrosoftEdgeUpdate.exe
5756	MicrosoftEdgeUpdate.exe
4972	MicrosoftEdgeUpdate.exe
972	MicrosoftEdgeUpdate.exe
100	MicrosoftEdge_X64_131.0.2903.112.exe
6496	setup.exe
6240	setup.exe
2044	MicrosoftEdgeUpdate.exe
6300	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe

Loads dropped DLL 19 IoCs

pid	Process
4996	MicrosoftEdgeUpdate.exe
4412	MicrosoftEdgeUpdate.exe
1480	MicrosoftEdgeUpdate.exe
3836	MicrosoftEdgeUpdateComRegisterShell64.exe
1480	MicrosoftEdgeUpdate.exe
5212	MicrosoftEdgeUpdateComRegisterShell64.exe
1480	MicrosoftEdgeUpdate.exe
1572	MicrosoftEdgeUpdateComRegisterShell64.exe
1480	MicrosoftEdgeUpdate.exe
4048	MicrosoftEdgeUpdate.exe
5756	MicrosoftEdgeUpdate.exe
4972	MicrosoftEdgeUpdate.exe
4972	MicrosoftEdgeUpdate.exe
5756	MicrosoftEdgeUpdate.exe
972	MicrosoftEdgeUpdate.exe
2044	MicrosoftEdgeUpdate.exe
6300	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
557	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Checks system information in the registry 2 TTPs 10 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Suspicious use of NtCreateThreadExHideFromDebugger 3 IoCs

pid	Process
6300	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 54 IoCs

pid	Process
6300	RobloxPlayerBeta.exe
6300	RobloxPlayerBeta.exe
6300	RobloxPlayerBeta.exe
6300	RobloxPlayerBeta.exe
6300	RobloxPlayerBeta.exe
6300	RobloxPlayerBeta.exe
6300	RobloxPlayerBeta.exe
6300	RobloxPlayerBeta.exe
6300	RobloxPlayerBeta.exe
6300	RobloxPlayerBeta.exe
6300	RobloxPlayerBeta.exe
6300	RobloxPlayerBeta.exe
6300	RobloxPlayerBeta.exe
6300	RobloxPlayerBeta.exe
6300	RobloxPlayerBeta.exe
6300	RobloxPlayerBeta.exe
6300	RobloxPlayerBeta.exe
6300	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe

Suspicious use of SetThreadContext 5 IoCs

description	pid	Process	procid_target
PID 6028 set thread context of 3408	6028	Xeno-executor.exe	125
PID 5456 set thread context of 6260	5456	Xeno-executor.exe	226
PID 4956 set thread context of 1988	4956	Xeno-executor.exe	244
PID 404 set thread context of 184	404	Xeno-executor.exe	256
PID 5368 set thread context of 5820	5368	Xeno-executor.exe	262

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\Settings\Radial\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\configs\CrossExpVoicePatchConfig\CrossExpVoicePatchConfig.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\TerrainTools\mt_add.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\Controls\shift.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\DeveloperFramework\checkbox_unchecked_hover_dark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\InspectMenu\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\PdfPreview\PdfPreviewHandler.dll	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\Controls\DesignSystem\ButtonL3.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\Controls\XboxController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\VisualElements\SmallLogo.png	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\ScreenshotHud\Camera.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU10B6.tmp\MicrosoftEdgeUpdate.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Trust Protection Lists\Mu\Advertising	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Trust Protection Lists\Sigma\Analytics	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\identity_proxy\win10\identity_helper.Sparse.Dev.msix	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\TextureViewer\refresh_dark_theme.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\ExtraContent\textures\ui\LuaApp\icons\GameDetails\social\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\avatar\heads\headM.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\MaterialManager\Gradient_LT.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\ExtraContent\textures\ui\LuaChat\icons\ic-clear-gray.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\StudioSharedUI\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\VoiceChat\RedSpeakerDark\Unmuted80.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Locales\ug.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\Controls\PlayStationController\PS5\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\ExtraContent\textures\ui\LuaApp\dropdown\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\configs\DateTimeLocaleConfigs\en-us.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\AnimationEditor\btn_delete.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\Debugger\Stop.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\RoactStudioWidgets\slider_bar_background_light.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\AvatarEditorImages\Stretch\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\CompositorDebugger\dot.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\Lobby\Buttons\scroll_down.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\common\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\api-ms-win-crt-process-l1-1-0.dll	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\TagEditor\TagEditorPluginIcon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\VoiceChat\SpeakerLight\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\Chat\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\InspectMenu\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\ExtraContent\textures\ui\Gamepad\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\ExtraContent\textures\ui\LuaChat\graphic\gr-indicator-online.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\AnimationEditor\Button_Curve_Darkmode.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\PluginManagement\allowed.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\Controls\XboxController\ButtonRS.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Locales\es-419.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\MaterialGenerator\Copy_16x16.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\StudioToolbox\AssetConfig\marketplace.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\Vehicle\SpeedBarBKG.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\VirtualCursor\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\TagEditor\Close.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\InGameMenu\WhiteSquare.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\MenuBar\dropdown-arrow.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\content\textures\ui\VoiceChat\SpeakerDark\Unmuted20.png	RobloxPlayerInstaller.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 5 IoCs

pid	pid_target	Process	procid_target
5264	6028	WerFault.exe	122
4956	5456	WerFault.exe	224
6624	4956	WerFault.exe	242
1420	404	WerFault.exe	254
3988	5368	WerFault.exe	259

System Location Discovery: System Language Discovery 1 TTPs 21 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xeno-executor.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xeno-executor.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xeno-executor.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xeno-executor.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xeno-executor.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xeno-executor.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xeno-executor.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xeno-executor.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xeno-executor.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xeno-executor.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4048	MicrosoftEdgeUpdate.exe
972	MicrosoftEdgeUpdate.exe
2044	MicrosoftEdgeUpdate.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 7 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 41 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ = "ServiceModule"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ELEVATION	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ = "Update3COMClass"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\ = "Microsoft Edge Update Update3Web"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LOCALSERVER32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0\CLSID\ = "{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateOnDemand.exe\""	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\PROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ = "ServiceModule"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ELEVATION	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdate.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 383919.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 635222.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 915143.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 204704.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 58 IoCs

pid	Process
3084	msedge.exe
3084	msedge.exe
1056	msedge.exe
1056	msedge.exe
2268	identity_helper.exe
2268	identity_helper.exe
4312	msedge.exe
4312	msedge.exe
5128	msedge.exe
5128	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
2580	msedge.exe
2580	msedge.exe
6712	RobloxPlayerInstaller.exe
6712	RobloxPlayerInstaller.exe
4996	MicrosoftEdgeUpdate.exe
4996	MicrosoftEdgeUpdate.exe
4996	MicrosoftEdgeUpdate.exe
4996	MicrosoftEdgeUpdate.exe
4996	MicrosoftEdgeUpdate.exe
4996	MicrosoftEdgeUpdate.exe
6300	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4972	msedge.exe
4972	msedge.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: 33	5912	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5912	AUDIODG.EXE
Token: SeDebugPrivilege	4996	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	4996	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	4436	taskmgr.exe
Token: SeSystemProfilePrivilege	4436	taskmgr.exe
Token: SeCreateGlobalPrivilege	4436	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe
4436	taskmgr.exe

Suspicious use of UnmapMainImage 3 IoCs

pid	Process
6300	RobloxPlayerBeta.exe
2228	RobloxPlayerBeta.exe
5492	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 840	1056	msedge.exe	82
PID 1056 wrote to memory of 840	1056	msedge.exe	82
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3864	1056	msedge.exe	84
PID 1056 wrote to memory of 3084	1056	msedge.exe	85
PID 1056 wrote to memory of 3084	1056	msedge.exe	85
PID 1056 wrote to memory of 2296	1056	msedge.exe	86
PID 1056 wrote to memory of 2296	1056	msedge.exe	86
PID 1056 wrote to memory of 2296	1056	msedge.exe	86
PID 1056 wrote to memory of 2296	1056	msedge.exe	86
PID 1056 wrote to memory of 2296	1056	msedge.exe	86
PID 1056 wrote to memory of 2296	1056	msedge.exe	86
PID 1056 wrote to memory of 2296	1056	msedge.exe	86
PID 1056 wrote to memory of 2296	1056	msedge.exe	86
PID 1056 wrote to memory of 2296	1056	msedge.exe	86
PID 1056 wrote to memory of 2296	1056	msedge.exe	86
PID 1056 wrote to memory of 2296	1056	msedge.exe	86
PID 1056 wrote to memory of 2296	1056	msedge.exe	86
PID 1056 wrote to memory of 2296	1056	msedge.exe	86
PID 1056 wrote to memory of 2296	1056	msedge.exe	86
PID 1056 wrote to memory of 2296	1056	msedge.exe	86
PID 1056 wrote to memory of 2296	1056	msedge.exe	86
PID 1056 wrote to memory of 2296	1056	msedge.exe	86
PID 1056 wrote to memory of 2296	1056	msedge.exe	86
PID 1056 wrote to memory of 2296	1056	msedge.exe	86
PID 1056 wrote to memory of 2296	1056	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/darwin86johnsoneei/Xeno-executor/releases/tag/Release
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc13cc46f8,0x7ffc13cc4708,0x7ffc13cc4718
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2312 /prefetch:2
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6332 /prefetch:8
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8292 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8564 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8940 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9124 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9268 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9696 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9732 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9908 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9948 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10220 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10420 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9928 /prefetch:1
  2⤵
  PID:6212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8968 /prefetch:1
  2⤵
  PID:6268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9992 /prefetch:1
  2⤵
  PID:6340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10636 /prefetch:1
  2⤵
  PID:6816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:1
  2⤵
  PID:7004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10524 /prefetch:8
  2⤵
  PID:7144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8648 /prefetch:1
  2⤵
  PID:6696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10156 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10116 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1
  2⤵
  PID:7112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10764 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11068 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10700 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11204 /prefetch:1
  2⤵
  PID:6832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11260 /prefetch:1
  2⤵
  PID:6860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:6880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11248 /prefetch:1
  2⤵
  PID:6892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9456 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9972 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9012 /prefetch:1
  2⤵
  PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10684 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11624 /prefetch:1
  2⤵
  PID:7152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11460 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11832 /prefetch:1
  2⤵
  PID:6212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11472 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1
  2⤵
  PID:6516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9896 /prefetch:1
  2⤵
  PID:6352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11092 /prefetch:1
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11408 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12304 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12176 /prefetch:8
  2⤵
  PID:6700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12232 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11528 /prefetch:1
  2⤵
  PID:6576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9876 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12472 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11916 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11888 /prefetch:8
  2⤵
  PID:6412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2580
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:6148
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6712
- - C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:876
  - - C:\Program Files (x86)\Microsoft\Temp\EU10B6.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU10B6.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4996
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4412
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1480
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3836
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5212
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1572
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Mzg4QTA2MjQtNDgxNC00M0U4LUEwRkQtMEExNkMyM0JGQjIxfSIgdXNlcmlkPSJ7QTAxRkYxQzItMkVFMi00QUI0LUFENkUtREU4NEI0M0M0NDg4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1N0M3OTlENy0wQUE5LTRBNkMtODdBNi04ODdFODk0NEYxOEV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MDQ2NDU5NjcwIiBpbnN0YWxsX3RpbWVfbXM9IjQzMyIvPjwvYXBwPjwvcmVxdWVzdD4
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:4048
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{388A0624-4814-43E8-A0FD-0A16C23BFB21}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:5756
- - C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 6712
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of UnmapMainImage
    PID:6300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9152 /prefetch:8
  2⤵
  PID:6392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2165427273722200523,4364452026784379468,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2716 /prefetch:2
  2⤵
  PID:3352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5348

C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe
"C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:6028
- C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe
  "C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3408
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 792
  2⤵
  - Program crash
  PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6028 -ip 6028
1⤵
PID:4792

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2cc 0x48c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5912

C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe
"C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5456
- C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe
  "C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6260
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 776
  2⤵
  - Program crash
  PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5456 -ip 5456
1⤵
PID:6328

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:4972
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Mzg4QTA2MjQtNDgxNC00M0U4LUEwRkQtMEExNkMyM0JGQjIxfSIgdXNlcmlkPSJ7QTAxRkYxQzItMkVFMi00QUI0LUFENkUtREU4NEI0M0M0NDg4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFOTBFNkMwQy02MDlGLTQyODQtQTQwQy1GRUZDQjE1MzdGNTR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcwNTIyMDk2MjUiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:972
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{44A4FC39-354A-4D10-9F65-F116BD8E3A2D}\MicrosoftEdge_X64_131.0.2903.112.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{44A4FC39-354A-4D10-9F65-F116BD8E3A2D}\MicrosoftEdge_X64_131.0.2903.112.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:100
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{44A4FC39-354A-4D10-9F65-F116BD8E3A2D}\EDGEMITMP_55E31.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{44A4FC39-354A-4D10-9F65-F116BD8E3A2D}\EDGEMITMP_55E31.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{44A4FC39-354A-4D10-9F65-F116BD8E3A2D}\MicrosoftEdge_X64_131.0.2903.112.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:6496
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{44A4FC39-354A-4D10-9F65-F116BD8E3A2D}\EDGEMITMP_55E31.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{44A4FC39-354A-4D10-9F65-F116BD8E3A2D}\EDGEMITMP_55E31.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{44A4FC39-354A-4D10-9F65-F116BD8E3A2D}\EDGEMITMP_55E31.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.112 --initial-client-data=0x220,0x224,0x228,0x21c,0x22c,0x7ff632a92918,0x7ff632a92924,0x7ff632a92930
      4⤵
      Executes dropped EXE
      PID:6240
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Mzg4QTA2MjQtNDgxNC00M0U4LUEwRkQtMEExNkMyM0JGQjIxfSIgdXNlcmlkPSJ7QTAxRkYxQzItMkVFMi00QUI0LUFENkUtREU4NEI0M0M0NDg4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5RjIwMDA4NS01NkQyLTRFRTMtQUUwMC05NUNGQUEzODREOUZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMxLjAuMjkwMy4xMTIiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcwNTk4Mzk3NTEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MDU5ODc5OTIzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzM5MzE2OTY3MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvN2Q5Y2Q5M2MtMWQ1ZS00NDliLTlhZDctZjFlOGQ2YjkwNTA5P1AxPTE3MzcxNTc3MTQmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9ZXNMME0wN3JGOExGR29xc1JzYzJYdWxadEU2ZlRra0Jrak5CTTVFTHQ4dHpOSnVUTWV1UzJXWVNWRkhlb25EZVUwZ3ZCcTJHUnJtb0RqTFFtaUZHNkElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzY4NzA5NzYiIHRvdGFsPSIxNzY4NzA5NzYiIGRvd25sb2FkX3RpbWVfbXM9IjI2ODczIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzM5MzQzOTY1MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc0MDg0Mzk3NjYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjgwMjcwNjk3MTUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIyOTkiIGRvd25sb2FkX3RpbWVfbXM9IjMzMzQ3IiBkb3dubG9hZGVkPSIxNzY4NzA5NzYiIHRvdGFsPSIxNzY4NzA5NzYiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjYxODU4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2044

C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe
"C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4956
- C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe
  "C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1988
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 768
  2⤵
  - Program crash
  PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4956 -ip 4956
1⤵
PID:6132

C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:2228

C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe
"C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:404
- C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe
  "C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 228
  2⤵
  - Program crash
  PID:1420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 404 -ip 404
1⤵
PID:5364

C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe
"C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5368
- C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe
  "C:\Users\Admin\Downloads\Xeno-executor\Xeno-executor.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5820
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 776
  2⤵
  - Program crash
  PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5368 -ip 5368
1⤵
PID:1164

C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-37cf60402a5648b4\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:5492

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:4436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Installer\setup.exe

Filesize
6.6MB

MD5
f0dc48bc6e1b1a2b0b15c769d4c01835

SHA1
66c1ba4912ae18b18e2ae33830a6ba0939bb9ef1

SHA256
7ada85f31a3b501eaecd2aa37b8df1f74b470b355279b5db2d1fbc0bb7de4889

SHA512
d2ceeaf987446f7463e84a6286dc1c8f50a80466af641f77d174826189ff5a56b048e616ad8d97ddb12a2f68e182af80309be717367224605c06dcf74a84cc0f

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
7.2MB

MD5
673f7c90ed7046c1403b3ef6d77a706c

SHA1
e559e39d49b5bfb9c20285dde82159f61fc5a65f

SHA256
bbdf25dee8c741b498e59f8588e2a64c73b012d632b033a5e7c74290f12d3a34

SHA512
441ad8f5169d04f1414e7e8f91d5a894258efd09c115c7bef6eac6b2c07f7dc3323ad6e69400b5c2efac776a1d1b5bce1884471f4d5ebbc65e131a2fa55fada2

Download Submit
C:\Program Files\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
bb7e1053d9958cadcb58a7187e9d4cee

SHA1
63a66144e1462b2a9aabfddbd3ccbdf78c724858

SHA256
903eba26c2df3bc3e9049459d21fdf2aa0387058df59396a838e163aa13a6acf

SHA512
29c728f3c5e16dce2270240cc3007f2372288333b2134f40d283f6205c24bb02dde2f7b18d4a372d92ac69b0c413c1a3574ace57978b452d370ee99d63a0c800

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
95KB

MD5
97b01ff822a5ce5a0e93b993b51ad04c

SHA1
082e1f5444ee6384656140b98ef926ed3cba65ac

SHA256
9622eb6111725e1abc1ef0ad62868c96059eb3fa82cbda169191f8ce6e80f86b

SHA512
6924975d85d89cf96474e7bb66974f2a078532b116d9b325a1fe60844fdbb3220aafb0162a53c1696239e2cbb31ab6fd1c69d5daf6758fff7fc4ad39aa31488a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\72c0a684-906c-46d3-931b-a28637206257.tmp

Filesize
22KB

MD5
e0ceb16c0735fe434c57b41b918ed8a2

SHA1
ff2025a094c6d48e987112ce042ffed55b84a6e4

SHA256
f552628947cbfaaad3d93914b48cfd7a4321952cc282fd8c0202fd4bb23749e8

SHA512
9578608342565fb6997207e1c201adaa4c300f6311336c781a6697ee84ffa71da2fb37ea1b2353f44b5fce6c21da1cc454f02dcb2709f873be40b65e47a601a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009f

Filesize
67KB

MD5
bcfda9afc202574572f0247968812014

SHA1
80f8af2d5d2f978a3969a56256aace20e893fb3f

SHA256
7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91

SHA512
508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a7

Filesize
31KB

MD5
00bd4556d9672009a7cce0eb5605fd1d

SHA1
e6aa062aa34cd745dbaa2b0fb851511a5ea734dc

SHA256
11e4340eefdc92053fa38149176a0c17f55472b8fd3897426a76050aedcb8621

SHA512
34f87481e0cfbab27750b392d885092bcd6e11796745b5ef7f39e9564b8d29d169cf8d72795e45745c366c18057d02120726951d2729c699bc60e6518499536e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c2

Filesize
32KB

MD5
7cc9b78226acb93f406eb1e4e17d4d5a

SHA1
8edf2712deade134ce6bd42fc8ee70eb68891656

SHA256
45afa895ac254a15f8928733b5c07204aee680dfc3f0b3a1e87da9430dd99ef7

SHA512
4dbd56f013826532e5ce24410fce357abeecec07e4d525cea627e911e96842ff0fa3a8848f8695a6476aef4c343601451a69d53e0469eb388e753956f94723cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d9

Filesize
99KB

MD5
6a5b179b8b992d08d375ab2b81ce5ac4

SHA1
ae7e1752051a423a2f6dbabfaf519dc552fb7719

SHA256
c29b9c295c8198264838e65e9a16c6afda7ef1082e0fd7fe56ea6f0a3a5088cb

SHA512
0fc813d681b62964c268e47eb46bbc203dbf9f3037ae7e70b59e28eb6d2c468329f0eff1b7e8c82edc789868755098455d463cff926f8bac075318fa10a6d23b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000df

Filesize
84KB

MD5
dfaa47f2bc919b6c6fc50678c54bf381

SHA1
0ed30b7d3fb50e10e12daff0dbefaab676da9b38

SHA256
8fa09473a82a6863f8000dd67c5dcee04c9a20d489633df6ede56d7ca15f18cd

SHA512
ce01781421e26f5b4fda7b79d1ff7a580fb6444e0737568c21ae854f0911487f44881ae7bdef3502f9148199b261c0e8a7f9a50cce69fceb14795ebf5ac2deb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f1

Filesize
20KB

MD5
bf19963f072b61208a423c95d2b0dbb2

SHA1
7b39999fbfdfc5f646c47e07eddff767a8f77057

SHA256
cc731c3775c0ab17bb6d658c01591c6aa240fc0fd4ef4872792389020f1ddc8c

SHA512
49ad4dd456ee69f86de1ef6dc6b8c48bf9e6652e0df7e3370ddf944867c7b416d3e7e3703f01831cafa845270f0af6a1b088b897afc6a48c67477c424fa6cbee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f2

Filesize
21KB

MD5
2481ac6525d99c8aa045e0cdf9b02ef0

SHA1
e86df3a0d0f37d6cf98c892831933fc456963b4a

SHA256
3d90de223cef2364a53fff7e299f385d48605c4eaec5b168cd067882ebeb6018

SHA512
76d76e6b53f7665c1feddf9feba806e75f793948f1e5500dbcd3a3023f03ebf726982ee70e4dcc7e4e1b01cad14aeec28349de08abc8d09a58ab0f644b25c860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f8

Filesize
62KB

MD5
35fe37e08d59a3191e5937bbf348e528

SHA1
64555d7ba585935ad7031b1dcd85e32d665c5e19

SHA256
e0050b274222e7bbe0d963be219a27e4a47fddcf1a72da32f744a04eccf91615

SHA512
ef3b2acc746dc86ce4e9d075c133e0b65277c14c6347526e25ad5ede7a0f9403478a5fc6a2a19babea02012b5770de1b7484e68c1dec64502d362f8197289f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fb

Filesize
35KB

MD5
7c702451150c376ff54a34249bceb819

SHA1
3ab4dc2f57c0fd141456c1cbe24f112adf3710e2

SHA256
77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583

SHA512
9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ff

Filesize
20KB

MD5
6408c37d09ecb7370b4d61ea51a15ad0

SHA1
8fa447851c7db6c2a4e20a13d769ed926daee5d5

SHA256
38c4bb35d2dc312b0e82bf8c5098495fd12d73029dedb6014c8f3ead635e641e

SHA512
5436d6204625fcc424989776d5ceb7fbbe286bd37bf077967289ce336ecea0e1db85f064d51d4a18877cd96be0d20557c682bbf2ccc6e34d6e096557aa357311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000100

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\322393eaf7fdc4f8_0

Filesize
227B

MD5
c014cbc244903aa821bb0c43a9587d7c

SHA1
89cd2d4b07c272b5b7ce9e0f354c5c38c64a586a

SHA256
d35093729b9bddff870a1650fda65fc8c6b025d0bc03414d3a3af538dbe816ae

SHA512
684c8b058cdde8804e75896d11df17b437867d69785df13a217fd65123d89a49b5e20edb6139b57cd1a30fbc06a3cfbeb1b59bb2b92c9469a3fe4571c292dfe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b462c854d9515429_0

Filesize
228B

MD5
1b8973a7cc8fae88b736046d6746710a

SHA1
8d55230895f73d03aa4d9e4af6dd88dd098c0ef7

SHA256
1a3b55a398cc1894c89e42ddd50ae704980fc8fb07f4b029a450bc510a19a197

SHA512
58073fa48ba39b982762a1af3379365e58714962eb566964c296987e83e3dbeb177e71c58f769c9dbba696d21e5cefd9b75ef58aa41ce24375b42d91fc202f56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
7KB

MD5
7ee264d86fcb337677d46e2d6afd690f

SHA1
857d7bba188081f2a93019cff1258c90b1f1b50b

SHA256
8ea83ec814fadc869a0c12e62886766121c53dc71e3584d1bb977c90ab8153ed

SHA512
ba4b823e919174c328e0513ce1e1a436dcbf39b049449ea90a050af3ea31e415aa007194957146da4e62ae7435fe515c84dc10d487ea1f095744110d6c7532f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
678490024ba998426b515b2643c4db56

SHA1
57299cd6dbd36bec53bb0a842946565ae17422b1

SHA256
a3b05a1c10851cb4cdf761a6c4409f4bab6fc6ff1721d087bba0a56835d614ff

SHA512
01a47a800325d8e3c9db4b272e9109d726002f85dd8290843936365e78c42a79d20bbd94d0cd3b64bc5dac713d21d27a776b7cc22bb75b0abafc5ce5dda7b52d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
13KB

MD5
9701b1de39e4eec7bb5b5de58f505447

SHA1
2a8754b7a550d84754e2f6f4584bbf691ef96767

SHA256
d5833d3cf69c821ae5e4323c82354fd10712cb8630bee17c2c8696cf5df1b0ab

SHA512
0cedf75b794511f1b2fc7f29d0d5650439eb37017892058ad2d09c0567980bf889c5eb123d416a7d48e137f9a05e3348c4ceb61a211a585102c50808322a8409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
13KB

MD5
51549cca033247a1a19241bbd84cdd43

SHA1
c04c5d146e6dc475addd6026b5bea4bd1bbc87ac

SHA256
b190f5ac341acad658fafaf0a6b0198e762e36232953ac9a3ea269b4019f0500

SHA512
99762b2c33ad5d6bae730384c0e3ff100d51987c814b3b7caa109c68cfc6032869bd7cee96a4cb5da603c6e998978c9da52afa503704ccf633c9201f6768da4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
685a519037b0816a9adf70ed361fadc5

SHA1
0135a9b122777fea4f2300fb1bf52d91861a68f7

SHA256
f7226182d18d916f386ec90c8f6538fdac7f59f0452c40ebf35c6a3209f0e794

SHA512
af28fd4ac8690aa1c73cc7bc4e62752486bb962aa72b5829ccce85a50a0e8d13038065403773c5ffbdd38d807804398a87cfe1ebe1a33df7cfad59ef120104b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fc022ba9f83c87a6efcc2330e984526e

SHA1
1f2b9ab0e689cf5dc77e97864960e67e66b4045f

SHA256
e25925966314f95b335def538e673a227e5d9dd44941733efc8d816f39ecbb63

SHA512
d6ae5e68fdbbf0eab97feb3a0607c1e2e8af1010c0b2de250580c82cea44890da9f762688933dbf82bb185cbeb65542424279c79d823866a98e383ff3357962d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
bcd32d46f960ed89acd7a1b7ed113c9e

SHA1
5496bf90e0a98b32650fb6e8fd8b9efe412044de

SHA256
d7ea5a0108129bb6c15b6cdfb28a75090f9b467d8fe805f5095978f329e6d3f2

SHA512
512671926b20fc5bd82e944cc4066e428eae5876a4465f3a889a6019dd8679bff2cbb6040d6d93c1a0f8b1cba06f4421bdc7040b0905ede3ebbfa1fc07ea1739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
24KB

MD5
247555e8fbe211e7c91c8ce36b649492

SHA1
9a1c6c797be787bdd336665464732a1230463aa7

SHA256
7075fa8a6c090f86243b306f5d16a1a0a08297d74f910ea8cbdc0f3ce6b5fc11

SHA512
03fedcd109294ad21d9c82500b91e7b8cdd3684d03be5cc27d781d5794b0152c8e45047d8536711f1ea2e0ff9b18a3f021d22eb46890c8c9d4402c815d330799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e6e363b0cd547453ee1b492ebfc047c1

SHA1
1c44e8c2c8610bd445df1868105c46d903ab6479

SHA256
323df16077e2142877c7a0966edd58b8a9d29f8f9016b8a204ccb21a8a647b81

SHA512
bea37a19477173ad50406d31807bfb7e8bbccbacbd75a343c88116df06b3d5ab27e7efc99f0a12010a932c2ea5133dd561cc40c0dbb160a9e20042aef1658596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
647ccc7d32cafcb7c9d44a137b424200

SHA1
84a65b780d1ad12fe9429a1950c7de8c7a8becaf

SHA256
0c0fedda696350e79dea3230de205466b3434220db323e4ecbc266491f7f50df

SHA512
49b373748c40131fef60f97f6bd09d2a650ef0d3e53205a22f985534c00e6e2cd1b16ca34ea1f430a40204362f3f6147e894a4ab3b3e2b7fe0872232baf392b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
c7f6f62e7e6528fa26562028de70cfb0

SHA1
e9d3393897e1f1d0ad7fd9d0ae41535ca5f889d0

SHA256
4bc41a72d21c79ff29cadf12613a9762af839e2ddc387fa302904980389d703a

SHA512
ca96cce154342a125e6c1cb8730c312383728c94af7f420204c91a2bd44962ff68da91902385d7fe3a9dcbaa8271f0b3207de69106a16c4e0cad5c6b424f3087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3b637ae454e1191c2afcff3975a399f5

SHA1
598d2816228e2d944f33420d84db33b07a241215

SHA256
57d836648169150da045e94bb9a054955aad3a82e40fcda9acbac5eda47c4b7a

SHA512
1c1d9c65a996471308fa22d67e2f216147207293d77f2b3c8d5c51fa36c22a827007c91250822b386c3bd2afd24591e282ab3ac1a857f25bb0e44352ebe7b71c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2094921529bff8273273f6a28dc5b76d

SHA1
4c46f54395f9382027cf648d1d33caf75cce2026

SHA256
c9c237d9c441c42b879ea324f76a47edea9369d1e8396a008c8f7456c49ce6dc

SHA512
b076997d1f5e72c87fcba71320b1e1e2b487b7ff3e0aa9e27d8e26e345491e2c6c2b67e8e09a256d01c2d0ccb4f7cfe550dfc30c0d776b55bbf8c49dd6609319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
6eebd7bae92a8e9950cfa07bf8773307

SHA1
723a0644af086ab2be378a7836c52b2b42a897cf

SHA256
3403e41227a3842045f0b999654c323466e166d660bfc94a91572c3351b1873e

SHA512
1db9d5d487c15bdf40c9b7cee8b316b891f1173e39a0a680d7e13df64fcd5581943e2d806ea4c15d0117bbc658db41c39431f4c1817d90d4259cfb663bc6bb2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
682c402184e83d3846f9fb4a1efb70ce

SHA1
cb0923640664e402be2ea4a79172e1f811e1f403

SHA256
0d9165c0ef44bb52bb866f919720f34418ab66b98800b7c8167cb3a7755a532e

SHA512
864c5ead4d3541c3d83bd602190db7ef6e014431552036e828077a428168fa5c098b28123cd0e4fc65b0c3f72c240f98170263c4256b5bdf4b9285bf4e42ff95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d851631168009f0e90fc84fae88c6361

SHA1
92fdc0ed95d9807c48136845f0a5228cb7d6f5d5

SHA256
10151364b904a1d958f46961ce40278056731c9a1619562327a0d9708e27643d

SHA512
daf184206ee42db8678a9371990dd8c589d05f0a0acd1be12224ceb0c7dd7a1d1069e8e591bb257a627fc529ffac40946db9c2ca1d7831486521b9bc32646062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
65cef99771c2a5833a10caed8a552f06

SHA1
9bc6b1569ff60f9f44bd75c95f9308de3e1edc39

SHA256
f9c90e34bb4a6c19830c8eab983d8a2264e51ac8816063c53c0c54dd8ae97c8b

SHA512
48869f60567fb8ac37fadb712207cf31d02f1c5eb55ef9fb06898c0e8e4a49f555cb61aa3623b4f3d56a3293755fd7efa1534df6e690042a1ca577b9450a8e80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf5a49caf025805f4c5fd7e999d02290

SHA1
c2ce7fa7c0362354466709fbfa4d35b057ca2bcf

SHA256
9be6cf4b139160446ae699a7738b30e0187ed6397d5c08051293f4da3c6746e0

SHA512
0e925985ac5e73a3552cd449626e17a6df647649f20dcf67bbfd0a22da19860b9b1fe8a61e8480e69ca7021aa59bca4e1486c0a5902b4f1150aabd12c5f2b196

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
d4b9ddabf40adee13697be3a5c03cee1

SHA1
58c6e1bb149312f8db46b62aab064aa220d59bbc

SHA256
aa0961eed039728cc5c63ace877c37c33474d38eade19ba93ee75f600c896cfe

SHA512
184753112dd9140da94d228c5256790c74bf35421b440ed695a7339ed18e143a6f9205a2841002ae2a00a958a9d1cbacb7b47a708e553603d2d4e5cbb7c8bc7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ffbaea2f778edd7500f7c558dc485746

SHA1
37b36fd967232a1da7e925f1d632ea65354d8e0a

SHA256
3eb0671e6a252e6d1cf622a15b4edb49c274494d5321ce02d495ffc5a078ace5

SHA512
dcb335392f308ba0754f8a234f378c8b9d2b88eacf85e89be7b10ae21ce2960e959d66f52316578058e096935f7fabae2f63e39fc176f477f4ee8fcbd543f59a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
7e9e8a7eaaf5a8356ea1be28d4f1ee23

SHA1
884679d1a15b430452a68d3d54255bfeec9aeef6

SHA256
5ff33bb9f13d8df3dc0546c5d0f8c432e8d36b58444165808ad07b22c83753f9

SHA512
7a7fe1c085eedba3cffac8c4739ab3ba9fdfbdb27f0cfbb6413f6a2cb39752708906561bf9bfc63fb7e2732c6d8c1b12dd262be050379a3f73c33bbc97fd4b5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
b8a5789a53936579a53af78097c0403e

SHA1
0016b3c198a0ccae24802f0c405a98193ebc9509

SHA256
f02f876e25a42a90d451b273afc5c87531ccee04fc0a9f703804a88b6ea3df24

SHA512
90eb3b809f168858012a5a5d5d3371aea82acbba1a6d9e0dfd5ed87d799fccd54c2917d7c99dab6797bd3543af5cb7a2372d28da4009845f5ac2f371c04962d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d60f42e6404a930a81f7fbbf1d5d8d4d

SHA1
b9435f51fdd8851558f628ffb459088ce1a165bd

SHA256
38431d4d728194272a48315fc9c558765b57ac440789a0afac1adf2ca7e7fe80

SHA512
859161a8b44b92f109384d31263527947ea87d410859ff5a6af0bfb0e2239e29c9e5dc1e971b84180c9c3b8ea3c611b54c8a56d0dbc91cc490e972f5735f90c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a29a1.TMP

Filesize
48B

MD5
63d5fcf3dbec33cf0f85b2d05e460672

SHA1
b940f6c57de3eb141a3c4628d383f0b50b3653cf

SHA256
5e948e291dc791e8b5afa077b0e91c826ef6d41b2ef4d0b2d6d56be6545254c4

SHA512
b1f878af5a67b76e8dce836946deb29efabfea136f845de0fdc046e5494e89c48941c6fa98d18126748f741be3b14ac67484c968a18fadd28c997e0113d82cbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3640e5b4cb7efaf94ceab93be7aed79c

SHA1
2f31ad9f4fb556978c59d58cc64cd694e5b58dd2

SHA256
c2f9508ed6794f9644cc26a826cbfda3924ef69383802cb12cef26ddf9cbeb0b

SHA512
fde9eb86f2d3b05084116e6250438517cc68c763b986677de764a0fa7426deb4fe9eb985beba578286aa6ef7dbc9e86c603b6b3fa2b41654f71decec3d68bed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
7aef7039b2f08fd347d975732c3ff37f

SHA1
c5df47533f1bcbcd8db6abbe34fcf888298624f5

SHA256
e6a6a3464aa146721908d3e7bb2fbb878f4147127bba346d6e327df1806d323d

SHA512
47669006c4b4f6930d0fb798771415f6744a2e6b8eb7e2016cec791a410f90c5e50a19c7f60122897d6d8ca7b40cafb3d609fe58d6290aad2667e3755c50c3f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a617571540f9b4efc5a4dadacd4dd114

SHA1
ffacff8d3322215740faa75a4a4167b693c04b47

SHA256
552b3ec56b9f88f041b705fb8158f5af84bdf39517b1f283a9d30cd2f697d04f

SHA512
4791577059ae6dc5b7a2621cc9b4e6d9b19c016a62de53a70bcafe2a0611c9bb3c8ea160409ee49ca646dd9c1f76b04645a621a688eda7726eb838ccd59f027b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
11KB

MD5
40d1a7e3c8a0667434a406374a6643be

SHA1
5d30fb5c67692f8044e641465a6c366020d8e04f

SHA256
664b29d765fc122e86ea677da6102f4c65402a7d11775199b9611d8ac6502ad1

SHA512
5f91f402f122a003f2d0d0dda35be22c9b6e0e4fffe4e02d33135ddd61d384cb362954a764b6486beff91ad918cde3737c676d0cd6fcd0a3b691c3dbb7ae84a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
11KB

MD5
5244d63c928620f6300309adf9d3bbe6

SHA1
d435de4335ec855b046d00821a26f7df6c55393d

SHA256
fc9a46656591ad6d7325158af41e83d1120d453b1192d191a578a4e1d058f76c

SHA512
fcc0c2260f90f3b254df751d7539809abc48fec921a4b504cb95b8a3b68ddaaf523fb10047fadb734f91e760d92e9af1300cbefa4338556938ae288a6717d213

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f6f10a8522b33e5494683d9b7e1d3c73

SHA1
6a65d2b3fef473763eecf853322d13eec9ccedc5

SHA256
2fa559c90890265876ec7602c45ff37c0197b2f3e3da47deb803d5fad4da2fdb

SHA512
68d2ddb9e479754e2ed039b6980f1728932755a912d9b366e841a6d6960af661e53b106dc1add7217c8ce506d4d51ab24e951b918d727e49974194c30e98d0e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
73eb25b69c10ed00c5c27215209ada33

SHA1
ece575f336480e62afd394ef77ec5f1af17fca8a

SHA256
d21759082eec7cdf9879c84e159eaa8f8a13fd065b7af09710e86d4b43dc6c43

SHA512
ed3a0c6821d611ccd27f07aace1e81a3a8966d07484c77249899cddbad715321359e62d399ce8b97bf573222109f1e40c486653d2bc0b684754d63d2aceeadd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
11KB

MD5
59751b963d20af9625909f479b7c175e

SHA1
acc94f6ee42f81eb24ee079cac169159ea0b18a2

SHA256
7440431d5ca9db6064c0fca8fd7bacc7f30bb0fbb374dedb44502b6ac25acf31

SHA512
95dd50a934c8aa34ba9c62e03376ae9f401feab8df6baa5fc6d71207fe19d228b206af256c8dd08572576b2f423362b43750156f45ca41519572e3d7d1602143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
11KB

MD5
a2052ca4bc92467c60a8a8a4e8676d2d

SHA1
5f87a6dc402e92f5e340a90a27b2987eb5245869

SHA256
e4a946247f778db2d87ec8b04224960683f735cd06d46278c0ed23f9c886fd3f

SHA512
c83a9cacdfbb72b795b604352601640668a3513f984322e8a9007f19a859b94ef75bce750ad55afa8af2facf6d4c2f8c8b381e249f54a405a68e5e377bab9c42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
53fe5ec8a56075122116f980fe1c5ff1

SHA1
79c93f76dc97f9f2136ef4312d7bcc560b1e0703

SHA256
0ad9067f058fe400758a0ae7777c0dd14effc40d3563fed5025da574e5e68a4b

SHA512
7f750696d4fd0ca9b7862f6a709e93682330673f960a1d5619f6383862bbde72748a2bc93d2cccddb9b068343b6b4885ff827931b44a3bf7cb292ab2538918af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
11KB

MD5
84011a4fd4c9e05b678cfa021f82aff8

SHA1
e633b3904f1b66e7766a33bff08237553493896a

SHA256
f3169733d705fdb8b290f43e22a43432a36ced395f08b4be65f402435d923602

SHA512
9f1ca2d031e4a1764403ec077c654ab479d65c9efb165a3bd45f3632a9044e32410047f1e1ccb10a18bc9423ee396fd0c64903dedf87b2c9a751814017817db9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
c57462ccb166657d90026147a99505a6

SHA1
2b956987b2d4ec49ae8bd737b2f119dcad02f03d

SHA256
e01558b369f6fbe451c985c9d159798cca61b4dadba82a4a6e7da329adf30541

SHA512
3cb95905c5715c0abfd097f82652161daa550bb55bcc43c62ccce44b84f5568d2c5b6997d60e8272a6e8a213d2aefc68e0c50c651729e4684c67dbd5fbcd1937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6f9cf93c2a611068e6d08efc808b0cd4

SHA1
9411b102b2683a2109775ded8edf31be5da46e4a

SHA256
1ff3851d61c8b873d579de7e20c5f6ab6c05e86cf98e6ed57aae893392683c29

SHA512
c446fa19ecf4e5541774d0ee09c20a027fc5cb9a93f90fa6ae07eec8c2ab38dfc2a3c31c82468a3007e26a87b6f6b55111eb4e11e4912fe492d5a8435f4dbd50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581b05.TMP

Filesize
1KB

MD5
598dfa3795910aa589bd459b0084008e

SHA1
f16221def705f0e9e79c89878cb1aa5af7c6d2cd

SHA256
ea43cf37522bf6748fdd26b12ef3f846064246d53b02167aacc29d167c819c61

SHA512
2ce6d543352ce2ace773ed84b325a6b44895fa4ff205ce307a06f6cbaa9e1efa49bda1078547ecbc45f1077965d7f88d706ec3b3f9aac51f09041c816778f149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1ce8d3bd8c6a43b3f8cd46783fd7aa74

SHA1
d2f3a8290c0a4af831454459c85845a253d95f4b

SHA256
6643804c8e7b9a5bc9046869dd6ff5a8a716c4ecd120bc191358042565e64021

SHA512
365eee443dc271025f5d836c9237a696c7e467b4778297ee9c818a919e34865d40cc19e81271c3b1eddf3388175c8289a0b834747732a2761a3ae41fca0b06f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bacae169ef8107c0d9eeb606664206bb

SHA1
c3a263b8d77a28177d9c386db14201d5aed906d2

SHA256
95309c8c659b2485dedfbd34b2432800371a320ff7fa857ecfe65e34b7368774

SHA512
9889f477916cf9884c055b55a03a9926dfc9c056a0d618afa6ea39086f1312c7982a8b909a83ec2dac2a365b4f14c28031d199cb0f46d48e174a42526ff7599b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1f5837c4c1fd29e8aaa16b9b56081e20

SHA1
2fd245f932b1d26b39886f75b3ab20e0f9f96834

SHA256
10fffa411d45cee019201901da7714ef60ab84de2c9be0f0d207cad2786d6f88

SHA512
77359a2212090c013754d20ec75ba340dcb8ed8b007501b97995cd0ce8d7045faa6fe49be2487bcce7d38152b097f7644e6c6366c0ec53d9d94dcd1b8eee4354

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
7.3MB

MD5
b825df864798d040bcf9f2dae2974eb4

SHA1
99ac3a6e30188e67182350d16ec3785d2a5d435d

SHA256
c0b8cf766a5b45144861e78ccc213b1732dccd0932daf611963eb98512a7e7de

SHA512
3e486aae5f12bc0dcc2b2005c5c110d6b98c13b71a028a7ba1a60891a579a8713bc33472702569cde7d3786b2cb96dbf3a74596175d1b72ba641d45ff1e18397

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 915143.crdownload

Filesize
2.1MB

MD5
b415d8a5edc8f03383dc33574a2c8401

SHA1
c4d3231e3081dca4a2a2c4959e73ac054d2e07f4

SHA256
4bc7acb0c614a363ded7acde10bf6ac3ca8ec1a2dfa8eaea7a9ee0c9ba3eb9dd

SHA512
878508da2dba8172fa575f4252a530b7769bb6a866429094db30c246221e87bd0dd94307af4f85b6e41b997ddadbbfd3ce6d1a3a876d777101cc9d6d250ea8a2

Download Submit
memory/3408-328-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/3408-329-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/4996-3232-0x0000000000B10000-0x0000000000B45000-memory.dmp

Filesize
212KB

Download
memory/6028-325-0x00000000007A0000-0x00000000007F8000-memory.dmp

Filesize
352KB

Download
memory/6028-326-0x0000000005690000-0x0000000005C34000-memory.dmp

Filesize
5.6MB

Download
memory/6300-3252-0x00007FFC208C0000-0x00007FFC208D0000-memory.dmp

Filesize
64KB

Download
memory/6300-3278-0x00007FFC222C0000-0x00007FFC222CB000-memory.dmp

Filesize
44KB

Download
memory/6300-3245-0x00007FFC225F0000-0x00007FFC22620000-memory.dmp

Filesize
192KB

Download
memory/6300-3242-0x00007FFC225F0000-0x00007FFC22620000-memory.dmp

Filesize
192KB

Download
memory/6300-3243-0x00007FFC225F0000-0x00007FFC22620000-memory.dmp

Filesize
192KB

Download
memory/6300-3240-0x00007FFC225A0000-0x00007FFC225B0000-memory.dmp

Filesize
64KB

Download
memory/6300-3239-0x00007FFC225A0000-0x00007FFC225B0000-memory.dmp

Filesize
64KB

Download
memory/6300-3238-0x00007FFC22490000-0x00007FFC224A0000-memory.dmp

Filesize
64KB

Download
memory/6300-3237-0x00007FFC22490000-0x00007FFC224A0000-memory.dmp

Filesize
64KB

Download
memory/6300-3244-0x00007FFC225F0000-0x00007FFC22620000-memory.dmp

Filesize
192KB

Download
memory/6300-3241-0x00007FFC225F0000-0x00007FFC22620000-memory.dmp

Filesize
192KB

Download
memory/6300-3255-0x00007FFC208C0000-0x00007FFC208D0000-memory.dmp

Filesize
64KB

Download
memory/6300-3254-0x00007FFC208C0000-0x00007FFC208D0000-memory.dmp

Filesize
64KB

Download
memory/6300-3253-0x00007FFC208C0000-0x00007FFC208D0000-memory.dmp

Filesize
64KB

Download
memory/6300-3251-0x00007FFC208C0000-0x00007FFC208D0000-memory.dmp

Filesize
64KB

Download
memory/6300-3250-0x00007FFC208A0000-0x00007FFC208B0000-memory.dmp

Filesize
64KB

Download
memory/6300-3249-0x00007FFC208A0000-0x00007FFC208B0000-memory.dmp

Filesize
64KB

Download
memory/6300-3248-0x00007FFC20810000-0x00007FFC20820000-memory.dmp

Filesize
64KB

Download
memory/6300-3247-0x00007FFC20810000-0x00007FFC20820000-memory.dmp

Filesize
64KB

Download
memory/6300-3260-0x00007FFC201D0000-0x00007FFC20200000-memory.dmp

Filesize
192KB

Download
memory/6300-3261-0x00007FFC201D0000-0x00007FFC20200000-memory.dmp

Filesize
192KB

Download
memory/6300-3264-0x00007FFC201D0000-0x00007FFC20200000-memory.dmp

Filesize
192KB

Download
memory/6300-3263-0x00007FFC201D0000-0x00007FFC20200000-memory.dmp

Filesize
192KB

Download
memory/6300-3262-0x00007FFC201D0000-0x00007FFC20200000-memory.dmp

Filesize
192KB

Download
memory/6300-3259-0x00007FFC20060000-0x00007FFC20070000-memory.dmp

Filesize
64KB

Download
memory/6300-3258-0x00007FFC20060000-0x00007FFC20070000-memory.dmp

Filesize
64KB

Download
memory/6300-3257-0x00007FFC1FF50000-0x00007FFC1FF60000-memory.dmp

Filesize
64KB

Download
memory/6300-3256-0x00007FFC1FF50000-0x00007FFC1FF60000-memory.dmp

Filesize
64KB

Download
memory/6300-3265-0x00007FFC21CB0000-0x00007FFC21CC0000-memory.dmp

Filesize
64KB

Download
memory/6300-3246-0x00007FFC22680000-0x00007FFC22685000-memory.dmp

Filesize
20KB

Download
memory/6300-3277-0x00007FFC222C0000-0x00007FFC222CB000-memory.dmp

Filesize
44KB

Download
memory/6300-3276-0x00007FFC222C0000-0x00007FFC222CB000-memory.dmp

Filesize
44KB

Download
memory/6300-3275-0x00007FFC222C0000-0x00007FFC222CB000-memory.dmp

Filesize
44KB

Download
memory/6300-3274-0x00007FFC222C0000-0x00007FFC222CB000-memory.dmp

Filesize
44KB

Download
memory/6300-3273-0x00007FFC222A0000-0x00007FFC222B0000-memory.dmp

Filesize
64KB

Download
memory/6300-3272-0x00007FFC222A0000-0x00007FFC222B0000-memory.dmp

Filesize
64KB

Download
memory/6300-3268-0x00007FFC21D60000-0x00007FFC21D6E000-memory.dmp

Filesize
56KB

Download
memory/6300-3271-0x00007FFC21D60000-0x00007FFC21D6E000-memory.dmp

Filesize
56KB

Download
memory/6300-3269-0x00007FFC21D60000-0x00007FFC21D6E000-memory.dmp

Filesize
56KB

Download
memory/6300-3270-0x00007FFC21D60000-0x00007FFC21D6E000-memory.dmp

Filesize
56KB

Download
memory/6300-3266-0x00007FFC21CB0000-0x00007FFC21CC0000-memory.dmp

Filesize
64KB

Download
memory/6300-3267-0x00007FFC21D60000-0x00007FFC21D6E000-memory.dmp

Filesize
56KB

Download
memory/6300-3282-0x00007FFC203F0000-0x00007FFC20400000-memory.dmp

Filesize
64KB

Download
memory/6300-3287-0x00007FFC20420000-0x00007FFC20446000-memory.dmp

Filesize
152KB

Download
memory/6300-3286-0x00007FFC20420000-0x00007FFC20446000-memory.dmp

Filesize
152KB

Download
memory/6300-3293-0x00007FFC1FF20000-0x00007FFC1FF47000-memory.dmp

Filesize
156KB

Download
memory/6300-3292-0x00007FFC1FF20000-0x00007FFC1FF47000-memory.dmp

Filesize
156KB

Download
memory/6300-3291-0x00007FFC1FF20000-0x00007FFC1FF47000-memory.dmp

Filesize
156KB

Download
memory/6300-3290-0x00007FFC1FF20000-0x00007FFC1FF47000-memory.dmp

Filesize
156KB

Download
memory/6300-3289-0x00007FFC1FF20000-0x00007FFC1FF47000-memory.dmp

Filesize
156KB

Download
memory/6300-3288-0x00007FFC1FF20000-0x00007FFC1FF47000-memory.dmp

Filesize
156KB

Download
memory/6300-3285-0x00007FFC20420000-0x00007FFC20446000-memory.dmp

Filesize
152KB

Download
memory/6300-3284-0x00007FFC20420000-0x00007FFC20446000-memory.dmp

Filesize
152KB

Download
memory/6300-3281-0x00007FFC203F0000-0x00007FFC20400000-memory.dmp

Filesize
64KB

Download
memory/6300-3280-0x00007FFC202F0000-0x00007FFC20300000-memory.dmp

Filesize
64KB

Download
memory/6300-3279-0x00007FFC202F0000-0x00007FFC20300000-memory.dmp

Filesize
64KB

Download
memory/6300-3283-0x00007FFC20420000-0x00007FFC20446000-memory.dmp

Filesize
152KB

Download