Overview

overview

8

Static

static

1

VirtualBox...in.exe

windows11-21h2-x64

8

Analysis

  • max time kernel
    1201s
  • max time network
    1205s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25/01/2025, 23:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirtualBox-7.1.6-167084-Win.exe

  • Size

    117.3MB

  • MD5

    8addd310d09249bc176c9c891aae41cb

  • SHA1

    81212ad29642b2b261df42d25ccd23fe715914d1

  • SHA256

    35c42c98b784974a965c358a9bda63b6cb4edde80db83f87daa2fee83e6cfad6

  • SHA512

    b6126211ade8b38215ea70692af8cff5e47cb922484a3f08e377edf01a4a1d9b865772f4703d6914d779faba95eb46f16266e6f05411efba4691bc6f411d1d77

  • SSDEEP

    3145728:Zqar23mGGWtNN/fdSqyI/LUs5DuFsdOKtVeBi4g:82GGOFfAqyI/7FdUAT

Score
8/10
defense_evasiondiscoverypersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Drops file in Drivers directory 18 IoCs
  • Downloads MZ/PE file 4 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Suspicious use of NtCreateThreadExHideFromDebugger 3 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 63 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks system information in the registry 2 TTPs 22 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 36 IoCs
  • Loads dropped DLL 64 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 24 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 6 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 41 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 45 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of UnmapMainImage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\VirtualBox-7.1.6-167084-Win.exe
    "C:\Users\Admin\AppData\Local\Temp\VirtualBox-7.1.6-167084-Win.exe"
    1⤵
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1956
    • C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
      "C:\Program Files\Oracle\VirtualBox\VirtualBox.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies registry class
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      PID:4088
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3776
    • C:\Windows\System32\MsiExec.exe
      C:\Windows\System32\MsiExec.exe -Embedding D7CCE5205CFDA523C2CB50645864399D C
      2⤵
      • Loads dropped DLL
      PID:3860
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:2580
      • C:\Windows\System32\MsiExec.exe
        C:\Windows\System32\MsiExec.exe -Embedding 8FF26F67A95AD63A4245AC9BA77FBF6B
        2⤵
        • Drops file in Drivers directory
        • Drops file in Windows directory
        • Loads dropped DLL
        • Checks SCSI registry key(s)
        PID:2140
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 04C76F831C00DCBBE4D170E21F6C24B5
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1888
      • C:\Windows\System32\MsiExec.exe
        C:\Windows\System32\MsiExec.exe -Embedding C06EB0F98830773F1CA8D64182EEFC85 E Global\MSI0000
        2⤵
        • Drops file in Drivers directory
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Loads dropped DLL
        • Checks SCSI registry key(s)
        PID:404
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 0E33BFCC93B0AF07143B7B44E8DEBAF4 M Global\MSI0000
        2⤵
        • System Location Discovery: System Language Discovery
        PID:4440
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      PID:4836
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
      1⤵
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Suspicious use of WriteProcessMemory
      PID:2800
      • C:\Windows\system32\DrvInst.exe
        DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf" "9" "431e52bcb" "0000000000000144" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf"
        2⤵
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        • Modifies data under HKEY_USERS
        PID:5032
      • C:\Windows\system32\DrvInst.exe
        DrvInst.exe "4" "1" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6\VBoxNetAdp6.inf" "9" "473b17b7b" "0000000000000184" "WinSta0\Default" "0000000000000188" "208" "C:\Program Files\Oracle\VirtualBox\drivers\network\netadp6"
        2⤵
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        • Modifies data under HKEY_USERS
        PID:3524
      • C:\Windows\system32\DrvInst.exe
        DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{2f0d5d8e-81c4-df45-a71d-582276698e18}\VBoxSup.inf" "9" "4edacf3f3" "000000000000018C" "WinSta0\Default" "0000000000000144" "208" "C:\Program Files\Oracle\VirtualBox\drivers\vboxsup"
        2⤵
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        • Modifies data under HKEY_USERS
        PID:816
      • C:\Windows\system32\DrvInst.exe
        DrvInst.exe "8" "14" "C:\Windows\System32\DriverStore\FileRepository\vboxsup.inf_amd64_51feefe6fa2584ec\vboxsup.inf" "0" "4edacf3f3" "0000000000000144" "WinSta0\Default"
        2⤵
        • Drops file in Drivers directory
        • Drops file in Windows directory
        PID:4380
      • C:\Windows\system32\DrvInst.exe
        DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{730cfc40-2ead-a146-af17-ba08124e4f15}\VBoxUSB.inf" "9" "4f05f54f7" "0000000000000194" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\Oracle\VirtualBox\drivers\USB\device"
        2⤵
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        • Modifies data under HKEY_USERS
        PID:1860
      • C:\Windows\system32\DrvInst.exe
        DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{ad94ee13-94d5-004a-a189-4942651bab68}\VBoxUSBMon.inf" "9" "4e4e9030b" "0000000000000160" "WinSta0\Default" "0000000000000144" "208" "C:\Program Files\Oracle\VirtualBox\drivers\USB\filter"
        2⤵
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        • Modifies data under HKEY_USERS
        PID:840
      • C:\Windows\system32\DrvInst.exe
        DrvInst.exe "8" "14" "C:\Windows\System32\DriverStore\FileRepository\vboxusbmon.inf_amd64_92b271dae027ffef\vboxusbmon.inf" "0" "4e4e9030b" "0000000000000144" "WinSta0\Default"
        2⤵
        • Drops file in Drivers directory
        • Drops file in Windows directory
        PID:5004
    • C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
      "C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe" -Embedding
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2388
    • C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe
      "C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe"
      1⤵
      • Drops file in System32 directory
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2096
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4320
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa61d33cb8,0x7ffa61d33cc8,0x7ffa61d33cd8
        2⤵
          PID:896
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
          2⤵
            PID:2172
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
            2⤵
            • Downloads MZ/PE file
            • Suspicious behavior: EnumeratesProcesses
            PID:3620
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
            2⤵
              PID:4072
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
              2⤵
                PID:4004
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
                2⤵
                  PID:404
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
                  2⤵
                    PID:2620
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
                    2⤵
                      PID:1636
                    • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1028
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
                      2⤵
                        PID:3364
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
                        2⤵
                          PID:1012
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
                          2⤵
                            PID:4560
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4820
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
                            2⤵
                              PID:756
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
                              2⤵
                                PID:1576
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
                                2⤵
                                  PID:3664
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5488 /prefetch:8
                                  2⤵
                                    PID:488
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
                                    2⤵
                                      PID:836
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
                                      2⤵
                                        PID:4928
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
                                        2⤵
                                          PID:2616
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
                                          2⤵
                                            PID:3228
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6152 /prefetch:8
                                            2⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:4984
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
                                            2⤵
                                              PID:5740
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
                                              2⤵
                                                PID:5836
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
                                                2⤵
                                                  PID:5284
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
                                                  2⤵
                                                    PID:5440
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
                                                    2⤵
                                                      PID:1564
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
                                                      2⤵
                                                        PID:772
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
                                                        2⤵
                                                          PID:4956
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
                                                          2⤵
                                                            PID:2068
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
                                                            2⤵
                                                              PID:1984
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
                                                              2⤵
                                                                PID:5312
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
                                                                2⤵
                                                                  PID:4376
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1232 /prefetch:1
                                                                  2⤵
                                                                    PID:5224
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1
                                                                    2⤵
                                                                      PID:5592
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7712 /prefetch:8
                                                                      2⤵
                                                                        PID:3064
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6432 /prefetch:2
                                                                        2⤵
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:1736
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,11236789541728808517,17491919207083918661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8180 /prefetch:8
                                                                        2⤵
                                                                        • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                        • NTFS ADS
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:5232
                                                                      • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                                        "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
                                                                        2⤵
                                                                        • Drops file in Program Files directory
                                                                        • Executes dropped EXE
                                                                        • Checks whether UAC is enabled
                                                                        • System Location Discovery: System Language Discovery
                                                                        • Enumerates system info in registry
                                                                        • Modifies Internet Explorer settings
                                                                        • Modifies registry class
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:5784
                                                                        • C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                                          MicrosoftEdgeWebview2Setup.exe /silent /install
                                                                          3⤵
                                                                          • Drops file in Program Files directory
                                                                          • Executes dropped EXE
                                                                          • System Location Discovery: System Language Discovery
                                                                          PID:5820
                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUE358.tmp\MicrosoftEdgeUpdate.exe
                                                                            "C:\Program Files (x86)\Microsoft\Temp\EUE358.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                                                            4⤵
                                                                            • Event Triggered Execution: Image File Execution Options Injection
                                                                            • Checks system information in the registry
                                                                            • Executes dropped EXE
                                                                            • Loads dropped DLL
                                                                            • System Location Discovery: System Language Discovery
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            PID:3132
                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                              5⤵
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • System Location Discovery: System Language Discovery
                                                                              • Modifies registry class
                                                                              PID:4656
                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                              5⤵
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • System Location Discovery: System Language Discovery
                                                                              • Modifies registry class
                                                                              PID:3736
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                6⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Modifies registry class
                                                                                PID:3516
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                6⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Modifies registry class
                                                                                PID:2060
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                6⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                PID:1828
                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzUyODk0MEYtMjFCMi00MkI2LUJFMTktM0E3OUJGNUY2NDlCfSIgdXNlcmlkPSJ7QUZBQzU1MkItNDA1Qy00QjA3LUIyQ0UtNEMwRDBGQjFFOEIyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntEQ0YzNDQxNC04OTFFLTREM0UtQjUxOC0yODgwODM0MDY3Qzl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc1Nzc3ODUyMDEiIGluc3RhbGxfdGltZV9tcz0iNjIyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                              5⤵
                                                                              • Checks system information in the registry
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • System Location Discovery: System Language Discovery
                                                                              • System Network Configuration Discovery: Internet Connection Discovery
                                                                              PID:4004
                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{C528940F-21B2-42B6-BE19-3A79BF5F649B}" /silent
                                                                              5⤵
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • System Location Discovery: System Language Discovery
                                                                              PID:5088
                                                                        • C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe
                                                                          "C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 5784
                                                                          3⤵
                                                                          • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                          • Executes dropped EXE
                                                                          • Loads dropped DLL
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          • Suspicious use of UnmapMainImage
                                                                          PID:2184
                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                      1⤵
                                                                        PID:1320
                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                        1⤵
                                                                          PID:3128
                                                                        • C:\Windows\system32\AUDIODG.EXE
                                                                          C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004B4
                                                                          1⤵
                                                                            PID:3604
                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                            1⤵
                                                                              PID:1012
                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                              1⤵
                                                                              • Checks system information in the registry
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • System Location Discovery: System Language Discovery
                                                                              • Modifies data under HKEY_USERS
                                                                              PID:5780
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzUyODk0MEYtMjFCMi00MkI2LUJFMTktM0E3OUJGNUY2NDlCfSIgdXNlcmlkPSJ7QUZBQzU1MkItNDA1Qy00QjA3LUIyQ0UtNEMwRDBGQjFFOEIyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGNkUzN0FCQS0wRUNDLTQyMTMtOTZBMi04MTk4NTc3NzdDQkZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc1ODE4MzUyODEiLz48L2FwcD48L3JlcXVlc3Q-
                                                                                2⤵
                                                                                • Checks system information in the registry
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • System Location Discovery: System Language Discovery
                                                                                • System Network Configuration Discovery: Internet Connection Discovery
                                                                                PID:4172
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E58CA405-23E7-4CD4-B182-8C51896AB57B}\MicrosoftEdge_X64_132.0.2957.127.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E58CA405-23E7-4CD4-B182-8C51896AB57B}\MicrosoftEdge_X64_132.0.2957.127.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                2⤵
                                                                                • Executes dropped EXE
                                                                                PID:4180
                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E58CA405-23E7-4CD4-B182-8C51896AB57B}\EDGEMITMP_C9594.tmp\setup.exe
                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E58CA405-23E7-4CD4-B182-8C51896AB57B}\EDGEMITMP_C9594.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E58CA405-23E7-4CD4-B182-8C51896AB57B}\MicrosoftEdge_X64_132.0.2957.127.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                  3⤵
                                                                                  • Drops file in Program Files directory
                                                                                  • Drops file in Windows directory
                                                                                  • Executes dropped EXE
                                                                                  PID:5456
                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E58CA405-23E7-4CD4-B182-8C51896AB57B}\EDGEMITMP_C9594.tmp\setup.exe
                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E58CA405-23E7-4CD4-B182-8C51896AB57B}\EDGEMITMP_C9594.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.111 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E58CA405-23E7-4CD4-B182-8C51896AB57B}\EDGEMITMP_C9594.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.127 --initial-client-data=0x234,0x238,0x23c,0x218,0x240,0x7ff67198a818,0x7ff67198a824,0x7ff67198a830
                                                                                    4⤵
                                                                                    • Drops file in Windows directory
                                                                                    • Executes dropped EXE
                                                                                    PID:5480
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzUyODk0MEYtMjFCMi00MkI2LUJFMTktM0E3OUJGNUY2NDlCfSIgdXNlcmlkPSJ7QUZBQzU1MkItNDA1Qy00QjA3LUIyQ0UtNEMwRDBGQjFFOEIyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4MTAxRTc1NC00MUVFLTRDNTctODMwMS00OTI1RTA5M0IyQjh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzIuMC4yOTU3LjEyNyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzk5MjM3MzcwOSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc5OTI0MzM3MjMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MzQ2MjkzODk2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8yYjExOGEzMS1jY2JlLTRkNWYtYmE0Mi0zNzNhYzMzMzYxYWI_UDE9MTczODQ1MTM1MSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1pb1MwNE9TRGtXR0JieE5qTWlLazFjaG1kRmZaeTJQSmVKdFlsbFhRQUZvV3lsdjNMdm1lM3VhT0ZLWCUyYkp0Vkx3Z3RjMWljWW8ya2hXQU4zaTNkaTlBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc3MDc4MzUyIiB0b3RhbD0iMTc3MDc4MzUyIiBkb3dubG9hZF90aW1lX21zPSIyODkwNiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgzNDYzODM4MTMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MzYwNTEzODE2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4OTY3ODIzNzY2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNDA2NTEiIGRvd25sb2FkX3RpbWVfbXM9IjM1Mzc5IiBkb3dubG9hZGVkPSIxNzcwNzgzNTIiIHRvdGFsPSIxNzcwNzgzNTIiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjYwNzMwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                2⤵
                                                                                • Checks system information in the registry
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • System Location Discovery: System Language Discovery
                                                                                • System Network Configuration Discovery: Internet Connection Discovery
                                                                                PID:336
                                                                            • C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe
                                                                              "C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe"
                                                                              1⤵
                                                                              • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              • Suspicious use of UnmapMainImage
                                                                              PID:4164
                                                                            • C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe
                                                                              "C:\Program Files (x86)\Roblox\Versions\version-ecc9c250281b4c14\RobloxPlayerBeta.exe"
                                                                              1⤵
                                                                              • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              • Suspicious use of UnmapMainImage
                                                                              PID:3720
                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                              1⤵
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • System Location Discovery: System Language Discovery
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              PID:5308
                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                              1⤵
                                                                              • Checks system information in the registry
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • System Location Discovery: System Language Discovery
                                                                              • Modifies data under HKEY_USERS
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              PID:4616
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C7246D0F-2820-4FE5-9DA3-B7D87F3FCF8C}\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C7246D0F-2820-4FE5-9DA3-B7D87F3FCF8C}\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe" /update /sessionid "{1538511E-B796-45F7-BD30-C7D0963564D9}"
                                                                                2⤵
                                                                                • Drops file in Program Files directory
                                                                                • Executes dropped EXE
                                                                                • System Location Discovery: System Language Discovery
                                                                                PID:1556
                                                                                • C:\Program Files (x86)\Microsoft\Temp\EU45D4.tmp\MicrosoftEdgeUpdate.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Temp\EU45D4.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{1538511E-B796-45F7-BD30-C7D0963564D9}"
                                                                                  3⤵
                                                                                  • Event Triggered Execution: Image File Execution Options Injection
                                                                                  • Checks system information in the registry
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  PID:1732
                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                                    4⤵
                                                                                    • Executes dropped EXE
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    • Modifies registry class
                                                                                    PID:1960
                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                                    4⤵
                                                                                    • Executes dropped EXE
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    • Modifies registry class
                                                                                    PID:5176
                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                      5⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:5192
                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                      5⤵
                                                                                      • Executes dropped EXE
                                                                                      • Modifies registry class
                                                                                      PID:5492
                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                      5⤵
                                                                                      • Executes dropped EXE
                                                                                      • Modifies registry class
                                                                                      PID:3480
                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTUzODUxMUUtQjc5Ni00NUY3LUJEMzAtQzdEMDk2MzU2NEQ5fSIgdXNlcmlkPSJ7QUZBQzU1MkItNDA1Qy00QjA3LUIyQ0UtNEMwRDBGQjFFOEIyfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7OTg4NjA2NkEtRTcxMC00OUM4LTg3QzQtM0FGMjMzNThFQTFGfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuNDMiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzc4NDY1MDUiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMDcxMjYwOTE1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                    4⤵
                                                                                    • Checks system information in the registry
                                                                                    • Executes dropped EXE
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                                                    PID:3332
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTUzODUxMUUtQjc5Ni00NUY3LUJEMzAtQzdEMDk2MzU2NEQ5fSIgdXNlcmlkPSJ7QUZBQzU1MkItNDA1Qy00QjA3LUIyQ0UtNEMwRDBGQjFFOEIyfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntGODIwNDgxRS0yNTU3LTRGODUtOUFEMS0wMjkxREE2MDcwOUN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS40MyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwOTUyNTExMzUyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwOTUyNjY3MjU5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzA1NTc5MjI3NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzIwN2U4MDM1LTk5YmUtNDVkMi1iMmFhLTE4NWY2NzA5YzQwMz9QMT0xNzM4NDUxNjQ3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUM1eFhhUk1XWGg3bGRsYUxBdDhNSXFnJTJicTVMUjF6dWV4M3YxWTd1VUs3TW1KZWtaOEhBUzBIYkNMUmxScUk0V1NUSGpBNDB5T1BqQjllNGtuMyUyYiUyYkdnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjE1Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMDU1OTQ4NDY1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8yMDdlODAzNS05OWJlLTQ1ZDItYjJhYS0xODVmNjcwOWM0MDM_UDE9MTczODQ1MTY0NyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1DNXhYYVJNV1hoN2xkbGFMQXQ4TUlxZyUyYnE1TFIxenVleDN2MVk3dVVLN01tSmVrWjhIQVMwSGJDTFJsUnFJNFdTVEhqQTQweU9QakI5ZTRrbjMlMmIlMmJHZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2NTQzNDQiIHRvdGFsPSIxNjU0MzQ0IiBkb3dubG9hZF90aW1lX21zPSIyMDU5NjkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTMwNTYyNjEyNDIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTMwNjE0MjEzNjQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzgyMzE5OTAzNTI1Mjg2MCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSItMSIgYWQ9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTMyLjAuMjk1Ny4xMjciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9Ins3MEM4ODAyQy1FRUVGLTRCRTQtOUI3RC0yMjFFQjc2NzAyMEV9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                2⤵
                                                                                • Checks system information in the registry
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • System Location Discovery: System Language Discovery
                                                                                • System Network Configuration Discovery: Internet Connection Discovery
                                                                                PID:3624
                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                              1⤵
                                                                              • Executes dropped EXE
                                                                              • System Location Discovery: System Language Discovery
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              PID:3908
                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                              1⤵
                                                                              • Checks system information in the registry
                                                                              • Executes dropped EXE
                                                                              • System Location Discovery: System Language Discovery
                                                                              PID:2144
                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkU0MUUxQUItQjc2OS00OEMxLTgyNDEtNTQ2N0VEQjkzRTU0fSIgdXNlcmlkPSJ7QUZBQzU1MkItNDA1Qy00QjA3LUIyQ0UtNEMwRDBGQjFFOEIyfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RjRCNTRCNTMtMEY1Qy00NkU4LUEwMTktNENFRTREQjEzRkQ4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RSt4YkF6Nlk2c1UxMjg5YlM2cWw0VlJMYmtqZkJVR1RNSnNqckhyNDRpST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjExMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzI4MzAzMDQyIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNzI3NzU3NjAwNTYwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTY0MjM0NDg1OTkiLz48L2FwcD48L3JlcXVlc3Q-
                                                                                2⤵
                                                                                • Checks system information in the registry
                                                                                • Executes dropped EXE
                                                                                • System Location Discovery: System Language Discovery
                                                                                • System Network Configuration Discovery: Internet Connection Discovery
                                                                                PID:4364

                                                                            Network

                                                                            MITRE ATT&CK Enterprise v15

                                                                            Reconnaissance

                                                                            Resource Development

                                                                            Initial Access

                                                                            Execution

                                                                            Persistence

                                                                            Event Triggered Execution

                                                                            2
                                                                            T1546

                                                                            Component Object Model Hijacking

                                                                            1
                                                                            T1546.015

                                                                            Image File Execution Options Injection

                                                                            1
                                                                            T1546.012

                                                                            Privilege Escalation

                                                                            Event Triggered Execution

                                                                            2
                                                                            T1546

                                                                            Component Object Model Hijacking

                                                                            1
                                                                            T1546.015

                                                                            Image File Execution Options Injection

                                                                            1
                                                                            T1546.012

                                                                            Defense Evasion

                                                                            Modify Registry

                                                                            1
                                                                            T1112

                                                                            Subvert Trust Controls

                                                                            1
                                                                            T1553

                                                                            SIP and Trust Provider Hijacking

                                                                            1
                                                                            T1553.003

                                                                            Credential Access

                                                                            Discovery

                                                                            Browser Information Discovery

                                                                            1
                                                                            T1217

                                                                            Peripheral Device Discovery

                                                                            2
                                                                            T1120

                                                                            Query Registry

                                                                            5
                                                                            T1012

                                                                            System Information Discovery

                                                                            6
                                                                            T1082

                                                                            System Location Discovery

                                                                            1
                                                                            T1614

                                                                            System Language Discovery

                                                                            1
                                                                            T1614.001

                                                                            System Network Configuration Discovery

                                                                            1
                                                                            T1016

                                                                            Internet Connection Discovery

                                                                            1
                                                                            T1016.001

                                                                            Lateral Movement

                                                                            Collection

                                                                            Command and Control

                                                                            Exfiltration

                                                                            Impact

                                                                            Replay Monitor

                                                                            Loading Replay Monitor...

                                                                            Downloads

                                                                            • C:\Config.Msi\e5828a2.rbs
                                                                              Filesize

                                                                              727KB

                                                                              MD5

                                                                              0a10042db6d26674e76f0c231e2177d0

                                                                              SHA1

                                                                              b2ed4e0957977b28d9b34d8f754ae3aa381841ec

                                                                              SHA256

                                                                              406c29b546503f58195f837fa5578e26c0dee89d4c0c0227398d9bfd36bde0e1

                                                                              SHA512

                                                                              883c63c3da91b1119ad7d55485f9824c470432effc17532ae57745c57ba78aad1730b26d63704a7a1bf8d0b989fed44d3a3c93e0c6c591cf11db199ba86456e0

                                                                              Download Submit

                                                                            • C:\PROGRA~1\Oracle\VIRTUA~1\drivers\network\netlwf\VBoxNetLwf.cat
                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              18fd2f2ce49c749c0c8d4ea321661715

                                                                              SHA1

                                                                              af7f728e0403c4ba63480bc8ddd55cb3c4ac5f1e

                                                                              SHA256

                                                                              96eb758ee44b13d5df932e176addfd42bfd1eb27aa7ddec5801fae07e9797a65

                                                                              SHA512

                                                                              14be128511b33fefda28d2d98fc522f6c85230369b14cf78046a566e8df73734a6971208226523da3eb6445c32db4a805b4819cc315655d0e8dc4b547842575e

                                                                              Download Submit

                                                                            • C:\PROGRA~1\Oracle\VIRTUA~1\drivers\network\netlwf\VBoxNetLwf.sys
                                                                              Filesize

                                                                              250KB

                                                                              MD5

                                                                              10ed4a0f400f1db09e258c99939f15c7

                                                                              SHA1

                                                                              4ed115fb4bece2aaf9b0d724330811cd2c7878b2

                                                                              SHA256

                                                                              b7d5361a58530add79cdce5544f41190196ea7b16b32c889627e8b5a61be8483

                                                                              SHA512

                                                                              a573233ca92ff878f79261bf7ebc10def90c0995c46527a2f5f3791f5e48cf54158c07af1e0d969ba4d196f182126ca2e4c9ab5a1464e6974b279a6038102a6b

                                                                              Download Submit

                                                                            • C:\PROGRA~1\Oracle\VIRTUA~1\drivers\vboxsup\VBoxSup.cat
                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              7d1841943d1f332eb32e49de47d62e03

                                                                              SHA1

                                                                              a4c445ac6247f7919ce9cebf2b543800970a5d81

                                                                              SHA256

                                                                              86d86beec055d6bfcaa0d4906a919cb21789e89375d7b50270f85b6b3b5f9a33

                                                                              SHA512

                                                                              c6574b411c255f97efa343d168ee45365ffab6e195087722398cd3693336f6ac44cfc7b51f1e6ed328c7091f9c7a311672613c158e8a3b28d6862c2002a7b681

                                                                              Download Submit

                                                                            • C:\PROGRA~1\Oracle\VIRTUA~1\drivers\vboxsup\VBoxSup.sys
                                                                              Filesize

                                                                              1.0MB

                                                                              MD5

                                                                              9b7cdaa9dfa551282134f4e75074f702

                                                                              SHA1

                                                                              e05035fcfe2369000a0264ab1c7eac9c40ecbb5c

                                                                              SHA256

                                                                              decc9f7c751ded1aaddc3528dd545837a2a2994c415e983f30a6af1747ac3acf

                                                                              SHA512

                                                                              7da4fe862ce314548977672494391370045b80c6bd38f74f82e1f39a88143f93b36c1c06feeca4668a4e29ad60ff73e5f615fd61c6b514bdd902042ab7698af2

                                                                              Download Submit

                                                                            • C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.127\Installer\setup.exe
                                                                              Filesize

                                                                              6.6MB

                                                                              MD5

                                                                              4c7718620e1040338dc7b6c62c16eeef

                                                                              SHA1

                                                                              aee8016c2ccdc8ac24fd66c4e53556ccc7f260ad

                                                                              SHA256

                                                                              7b1b38c6df6fc88d42a3e89da478803bcf3ad49f771b86edc13e4da247097747

                                                                              SHA512

                                                                              9ffd144658f2e9015d4c0a622618a1aa07ae7f2959d63b97b0817426d43ca2c2f16d7271844db8ea27b691df53922e135cc8a94fdf1706057169e9d5887fb331

                                                                              Download Submit

                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.43\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe
                                                                              Filesize

                                                                              1.6MB

                                                                              MD5

                                                                              83f7907f5d4dc316bd1f0f659bb73d52

                                                                              SHA1

                                                                              6fc1ac577f127d231b2a6bf5630e852be5192cf2

                                                                              SHA256

                                                                              dac76ce6445baeae894875c114c76f95507539cb32a581f152b6f4ed4ff43819

                                                                              SHA512

                                                                              a57059ef5d66d3c5260c725cae02012cf763268bd060fa6bc3064aedff9275d5d1628ff8138261f474136ab11724e9f951a5fdd3759f91476336903eb3b53224

                                                                              Download Submit

                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                              Filesize

                                                                              201KB

                                                                              MD5

                                                                              4dc57ab56e37cd05e81f0d8aaafc5179

                                                                              SHA1

                                                                              494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                                                              SHA256

                                                                              87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                                                              SHA512

                                                                              320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                                                              Download Submit

                                                                            • C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
                                                                              Filesize

                                                                              7.2MB

                                                                              MD5

                                                                              88eea09427500e5e467be9010c4c5afe

                                                                              SHA1

                                                                              8ff433300eb702e6413262cfa8595cb07d22b06a

                                                                              SHA256

                                                                              f5aeb7f049e4e44b414d68b06e82a22ec3fe08d58ff2991191ca4d3acd9fdbae

                                                                              SHA512

                                                                              feb5ea900dd4611932d8ca9a69b8d9449451b15ac225da41d7a7d060fa69ff7c7671f75f6aa37c00720f4bc24c7e19690fda00090f94a7431748de236b583bb2

                                                                              Download Submit

                                                                            • C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
                                                                              Filesize

                                                                              936KB

                                                                              MD5

                                                                              dea158fd47abc3d173f6d8de13971372

                                                                              SHA1

                                                                              d42cdc78678744d4b23c338fe81e327c1d4d4abf

                                                                              SHA256

                                                                              701332a337b452e64a56bd7e1a1d7c76eb8b7fb7f6f63f74413866b7e2113980

                                                                              SHA512

                                                                              11f96f77dee048cf7a487334607d517ed3cb7ea0314f4daf719e361d9c6d0bc09c827081cfb6bb6403ecc174e5e6f4201e47c6c4ff186028380e0ac8240ddefa

                                                                              Download Submit

                                                                            • C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
                                                                              Filesize

                                                                              2.7MB

                                                                              MD5

                                                                              c43f5aba07ba81826943658cffd8d6bb

                                                                              SHA1

                                                                              7239eebeae740489dd9d88b533b094fa17627375

                                                                              SHA256

                                                                              c420308c229e51053b9857321c718815ca5551b6e914b5dc44eb1a6faf45db0f

                                                                              SHA512

                                                                              e3e66f177fcbc7e51d8738d8079d6845c4038685694f9a6e004469f2b99be1bb090870db3de391a1e831b45fd84aa593c53ee33973c1f7cde0242924ac9daa6d

                                                                              Download Submit

                                                                            • C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf\VBoxNetLwf.inf
                                                                              Filesize

                                                                              4KB

                                                                              MD5

                                                                              7da30975a6c38e9a0fe9676950f70033

                                                                              SHA1

                                                                              d0134da02edaf78b60143d9d6a310ab97137b709

                                                                              SHA256

                                                                              aee3b03ca632f7985c71c56d747ed61d0a83e8250f72c4e3cecaca43d6262cdb

                                                                              SHA512

                                                                              2ab29cfa41572e3b94680a298248d8d459da50d7f136ec1885a092f8c6550a6fbc5c0e256bdf42285cd7d9234f015d2a577e90989e8eeaa8f4a2780d69c87f01

                                                                              Download Submit

                                                                            • C:\Program Files\Oracle\VirtualBox\drivers\vboxsup\VBoxSup.inf
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              59048a0500cb88084655b38de2a3097f

                                                                              SHA1

                                                                              014f0f333df2fac12045fb89ce1042f3352241c4

                                                                              SHA256

                                                                              c3c0f8172fee9aeeff7d4ac43af0b0b9357f2f119b53c70377f015168586c546

                                                                              SHA512

                                                                              cb596dc5048d09186b011ea4a314b7355c2191fff0cae929ebaa919294ed17041006ae575122d7191bfa3572c4da3f75e109d10cbc847e48121de0ef2761b9c0

                                                                              Download Submit

                                                                            • C:\Program Files\Oracle\VirtualBox\x86\VBoxProxyStub-x86.dll
                                                                              Filesize

                                                                              684KB

                                                                              MD5

                                                                              a575376c0da3e58d68ddb30cf903af50

                                                                              SHA1

                                                                              5c82c307d82d57b51f365006b7935f952b0775b1

                                                                              SHA256

                                                                              ac2e8cda8c16350c20115774413245d2ef4fe2ee76aca73b2b3c47ad4add6116

                                                                              SHA512

                                                                              b16a1920b5c51df04e2adfeefbbdc523dfb99586a6e397c43f521fc7111b28416cb4b72052d00a7d2f6ea3f04ae6935f4536ba27a456dc714296940e2b557a2c

                                                                              Download Submit

                                                                            • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                                                              Filesize

                                                                              14KB

                                                                              MD5

                                                                              ee252435dc8e57a70e1e2a88a84ac104

                                                                              SHA1

                                                                              792f2a2397bba87dd9e343296dc5deaa2a4e2519

                                                                              SHA256

                                                                              a24d40e79951701fdb80c8d965580250eef2ba2e8ddc96552142fbe46262855c

                                                                              SHA512

                                                                              5b2fecd3e365bacb0441c0a81293807724df46632401f0adadfe5d425c28ef90524340d72f5455bebe492aa5ba46c4bb312c328a8d14038d85e5e68808d9b484

                                                                              Download Submit

                                                                            • C:\Users\Admin\.VirtualBox\VirtualBox.xml
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              d9d28bd2ef7192fb0efb99607d7a0807

                                                                              SHA1

                                                                              7fb6f32f1c0f227118613dd7779e1bf0a6e2ce4a

                                                                              SHA256

                                                                              dad710b076d96b3de34a58363a3241935bfe205b7240ce57f9d85bf2058e6dd5

                                                                              SHA512

                                                                              e058987d5fd8ea6cd3c3081c7ac45ce1e3719c4a38b46390133b19539fad35a0d8ad699023a3d934d18e3356cb6def62bd197b5a32ad496b620469c55d9efb13

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                              Filesize

                                                                              471B

                                                                              MD5

                                                                              1c18512223586ab3282bb6bba1db24f7

                                                                              SHA1

                                                                              89663a9efaa5a683756fa086fd084453e9a4c2c5

                                                                              SHA256

                                                                              f84878e493377e9f1cbbef53127e424fa0c605a1afad41b47203df1fbb4f28e4

                                                                              SHA512

                                                                              42502f8d01cf5c4241d7fbafac64e23980ad9f9723b8a93599a8f9da04d37599d3a3161100ef3888f66ce2ec70e4a80a849b245eca09e37d6fe60c86f0443384

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_D2F6556190F7B1A25A117FFB5467EEBD
                                                                              Filesize

                                                                              727B

                                                                              MD5

                                                                              ed705b01cb7d6ca77c0e66a276b96ced

                                                                              SHA1

                                                                              894ed9a81a745c72b8127b79df223e63e7cfaae7

                                                                              SHA256

                                                                              25c654c674208a807c9dcb66bf01eb343e3d5db6e11e464c02997e51595a6e11

                                                                              SHA512

                                                                              c01d152c2a6b5b544f07d698f6c09c2a0f3266eee207b7d7622e0d0df5d40cc086fe6706ea70d0df0423746bdc5079d3b31ff1c83d398c6d220269e80fe6af1a

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                              Filesize

                                                                              727B

                                                                              MD5

                                                                              fef03a1167fb05058012df4a9ec3b9f0

                                                                              SHA1

                                                                              5746243a81ec24754316c63a86404f0c26beb826

                                                                              SHA256

                                                                              1fb7e0556c8f89a32d34c0d6b6ab506648d018b1a51c26376687c970d65dc5b7

                                                                              SHA512

                                                                              7806aefbcc9a6d3befc6736a630fad1622a53cca76dccc178c3c311d22206440f7e1522c115b0dec330da00f090b40786a5686b8287c095f5366662d57ac737e

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                              Filesize

                                                                              400B

                                                                              MD5

                                                                              16dc5ab6585a118bdb6ab0cf3712967d

                                                                              SHA1

                                                                              b0e9fb09d52c2b76a49ff7df2708f653b1c1bb88

                                                                              SHA256

                                                                              32c380580a72dd248db36ed712d27458d41e2bb68f9e2c79ca654ff32d8b7636

                                                                              SHA512

                                                                              6241bd73ba1ad8622f7ce6ed50aebb53d70b6379e7fa531fbc0b5f3be9a5ba1b558ad4969bdd3dc811a7d6d378b8b5e3a4a5f83e06baf614f8c0198ccde97fb6

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_D2F6556190F7B1A25A117FFB5467EEBD
                                                                              Filesize

                                                                              412B

                                                                              MD5

                                                                              d420d3a1b4837158681b287d561f820c

                                                                              SHA1

                                                                              95b7fe184e779b2bd37747639d6a4e9751310842

                                                                              SHA256

                                                                              61706c886274ab748ff3aa3a060ecfa9da6311996566917a89995b95ab8363d7

                                                                              SHA512

                                                                              a157d3fee2ba1544eeafe83d10464c64311acf2fa51ccb611aeef38b00564c357f982e5e6486b612cd2a806b32cedc5c9796778df0ddabcf05db737e0329fd84

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                              Filesize

                                                                              412B

                                                                              MD5

                                                                              c67ac0db64bacb6a002117af63c095c4

                                                                              SHA1

                                                                              07fc48e5c6337437cc97b1edf8f371cea6caecb2

                                                                              SHA256

                                                                              9b8754c45b7c3212670c0543626bfc0d20b7137fb31a8209a560e21a8254b3dc

                                                                              SHA512

                                                                              7af85f1aea390675d2aa1c1fe499a3a834d771f18ace6be637d48421a0fba195b53a33b1e74ca9317300b568889bbdc2a0cd81cb6dd375266a9ee5fb79e8daa7

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                              Filesize

                                                                              152B

                                                                              MD5

                                                                              9314124f4f0ad9f845a0d7906fd8dfd8

                                                                              SHA1

                                                                              0d4f67fb1a11453551514f230941bdd7ef95693c

                                                                              SHA256

                                                                              cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

                                                                              SHA512

                                                                              87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                              Filesize

                                                                              152B

                                                                              MD5

                                                                              e1544690d41d950f9c1358068301cfb5

                                                                              SHA1

                                                                              ae3ff81363fcbe33c419e49cabef61fb6837bffa

                                                                              SHA256

                                                                              53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

                                                                              SHA512

                                                                              1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
                                                                              Filesize

                                                                              62KB

                                                                              MD5

                                                                              c813a1b87f1651d642cdcad5fca7a7d8

                                                                              SHA1

                                                                              0e6628997674a7dfbeb321b59a6e829d0c2f4478

                                                                              SHA256

                                                                              df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

                                                                              SHA512

                                                                              af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
                                                                              Filesize

                                                                              70KB

                                                                              MD5

                                                                              3b06aa689e8bf1aed00d923a55cfdd49

                                                                              SHA1

                                                                              ca186701396ba24d747438e6de95397ed5014361

                                                                              SHA256

                                                                              cd1569510154d7fa83732ccf69e41e833421f4e5ec7f70a5353ad07940ec445c

                                                                              SHA512

                                                                              0422b94ec68439a172281605264dede7b987804b3acfdeeb86ca7b12249e0bd90e8e625f9549a9635165034b089d59861260bedf7676f9fa68c5b332123035ed

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                                                              Filesize

                                                                              63KB

                                                                              MD5

                                                                              226541550a51911c375216f718493f65

                                                                              SHA1

                                                                              f6e608468401f9384cabdef45ca19e2afacc84bd

                                                                              SHA256

                                                                              caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

                                                                              SHA512

                                                                              2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
                                                                              Filesize

                                                                              19KB

                                                                              MD5

                                                                              2e86a72f4e82614cd4842950d2e0a716

                                                                              SHA1

                                                                              d7b4ee0c9af735d098bff474632fc2c0113e0b9c

                                                                              SHA256

                                                                              c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

                                                                              SHA512

                                                                              7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              e12d73256a424dad65626ea631f40b98

                                                                              SHA1

                                                                              d482a971589bd4fe995596d639e6a532aee62354

                                                                              SHA256

                                                                              635cd7d3f42630ef7404b32072d7834de1695398a3240750da3d5a7a02869a22

                                                                              SHA512

                                                                              527660f202a2954f6c3ef917fe742918224f03f9111442df9134b2c6c255d9de86776246cc14a5197de5928b1f1ec45ead22bdd214f7ae1a8045d24eb403a10a

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              822ccab84bf22b66f60841040034f9f1

                                                                              SHA1

                                                                              e8ad22e4b6b18be88b2f781d428b3c92dbd12cb6

                                                                              SHA256

                                                                              66a5674155da2a2a16ea5b78cad300cc55443605b56166a411c2b86c155b5ebd

                                                                              SHA512

                                                                              6bf6f254c4f09eaaeab1310d131a8de29f6f2a60198c3038c7014ef93e2e3f7b383dcb4e882f70915709cf703d8d0e5046c26ae683e70b58bc282d9181181511

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                              Filesize

                                                                              4KB

                                                                              MD5

                                                                              7fc5165e5bb5c84b60309a6693371f3f

                                                                              SHA1

                                                                              49fb0bfebe9bb3620328ddd2db82d484b58f13f7

                                                                              SHA256

                                                                              1bcf6cd47c366cb7a501c3aa78910ac287c7409d763860dd9ddb852ca7cbf8b0

                                                                              SHA512

                                                                              ba9c1a243c41cca4079111aceb85745beafc366db7752676d4aba41927701570c502a5bd2289462fe498909d68fe775637f7947f049fe58f4d15ce6135616388

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT
                                                                              Filesize

                                                                              16B

                                                                              MD5

                                                                              46295cac801e5d4857d09837238a6394

                                                                              SHA1

                                                                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                              SHA256

                                                                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                              SHA512

                                                                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              3399227c82b9c3af1179d08e308ab03b

                                                                              SHA1

                                                                              6b5941dac8298209843e46a1d14fbee0a1568fbf

                                                                              SHA256

                                                                              f346ef33010d05c1880a9d829ff0ae09f5622816bc5ea87e3084bceb03f4c34b

                                                                              SHA512

                                                                              6b7acad4b0b65a08c26072542ab7767d4de0dadc3f89415259eb6f874b6a567648cac62a56b526a52e016cfa7788edc35241bd6a452f426005cceeeac580a3ab

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                              Filesize

                                                                              6KB

                                                                              MD5

                                                                              fc56e13fdf412a2e7c8a50f15951641a

                                                                              SHA1

                                                                              88852b8283a6a49999dab0e29f94744274147886

                                                                              SHA256

                                                                              db0e0b7ddafb0830657f608cd1f67092fa3218c8494fbb27bfef6d7ac8e59e65

                                                                              SHA512

                                                                              a3c01ffb16bf3c48317ef3008d17235924b2802643b9086090816a92e3d10ca423cb1a759bdc87d6288790e529f74f547847d475ca4dc68f8d771a84ee0e3769

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                              Filesize

                                                                              6KB

                                                                              MD5

                                                                              b12d9d5020221c997565743e215786c5

                                                                              SHA1

                                                                              013bb4cd6b05e2c79b94214ff55202ac2b636751

                                                                              SHA256

                                                                              faa0cc133068b8241a4d5c4f2507b6d10dfb20dd9f08c71e876a195bd8a168d4

                                                                              SHA512

                                                                              fc2d5a54c01ad865059d178142e64b5de9120afd3b5cffa5d13fea9e2b8655c9a23d2ad26c3fbf611c9a9e80b51857198543b378cace045c15e6f17a564495e5

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              9KB

                                                                              MD5

                                                                              d90e04421f9433e5e041e3d9ed7962d0

                                                                              SHA1

                                                                              6b450bf3019d13763e07a590e1a0ca472215ed3c

                                                                              SHA256

                                                                              cda92d33123dffe902f38a63b2397f1e05773c8521bb30572b159216e56e1b8b

                                                                              SHA512

                                                                              195da8d908fb2c83d975d6b35239b158763917fefe646fe9b7afd21d98fe5a82ea30de0512328ad066e1ace7b10d2146e7fcec0d002f805996a226cea7546f45

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              7KB

                                                                              MD5

                                                                              730dd23e9c2e4c993d2f5a97ccd03eed

                                                                              SHA1

                                                                              188ff5e81b2010e530f2967d5d8e435b0ca4b563

                                                                              SHA256

                                                                              5f7154054e75159257fedd5879182a775eec685d415257dc9be2b1274f3d4f4e

                                                                              SHA512

                                                                              486d6416bb009903b4d0077b4663a64098eca753ae9c8a2dbb9ac2ef8e7347b3a7dcc9d2ae194cce53e36f4520eeddceea087a25e1876f6e2075203b18480c38

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              5KB

                                                                              MD5

                                                                              cd3c09f2651f7a009428d90687fac98d

                                                                              SHA1

                                                                              60a2d31aaffcdde673b6754416bd7be5cf93bd86

                                                                              SHA256

                                                                              96513e4b4634b82795056e46229590c0a6fdf4ca9380a6012fd8de253cd78829

                                                                              SHA512

                                                                              35b9cca4f0bca308375b6ad9b91d4f12fb88435b448ee3ac7059eb37d71cee917434be99a198ea5fd29fe69f2000998bc9e17dc4dda6379aeebd695e83ccba25

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              6KB

                                                                              MD5

                                                                              cfb5c93a52fa2149ec9c35bea0252b14

                                                                              SHA1

                                                                              d00cd44deaf4b91600fd5ad0c16886b67877e251

                                                                              SHA256

                                                                              a1a4cf84ea79dd30d4ba53cca339a61a5da50df9794a522a6936254e8cfe9559

                                                                              SHA512

                                                                              61200babbeecf98bbfc8bd996c2345fb888757843b8cac9e3db7782e40190719bbef871ac498fc3f61a1588b134b65fd8e2c34559013b6cd8ed92be61ed1015e

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              7KB

                                                                              MD5

                                                                              96edecee814bc2ef69c972cf23dccc49

                                                                              SHA1

                                                                              797e4d40071fbc3c580ff8376c087b0a9e9ef7ab

                                                                              SHA256

                                                                              c290e8f4a772836331c3342553be25170cdd5a5b7832fd9939c1eca2ad89de40

                                                                              SHA512

                                                                              b1cb220bf0f8497c2e94bb1315ca123828b3f1ba27c73e2fb74f449794e4df054c2a94eb04e1c4c4bcd0c5b55127e390c1fee60be4a5d18b9ac60137cf4ca8a2

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              9KB

                                                                              MD5

                                                                              3c8dfc4965eaa0a570499c824afc769c

                                                                              SHA1

                                                                              2dfc8bbd1c92ff8cd153857d066fb42f8eaccd30

                                                                              SHA256

                                                                              e51db0cd0433c7fabfc3c59674cde6bb19fac646ffa7c899cb9dd03dd4cc0cb3

                                                                              SHA512

                                                                              8556c3ac1291a0567062673744ae52c36c45ce91a6f8ba45a059aa97d1c3c60ee2212327e9315641274a73e510f4af7e817e85e5ab170705eae36b9114c898eb

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              9KB

                                                                              MD5

                                                                              72018680fdfe0e8969ca7288737d76b4

                                                                              SHA1

                                                                              b8eee999db3f8b527203692946805f4aca021494

                                                                              SHA256

                                                                              3ff8bca388053de4a50c56b16d33485b96123d4c586458ed3bc178a38e6141ce

                                                                              SHA512

                                                                              7126be58ff5bdecd9d6f27c338903398816cd5281fef43894380054a12fc4cc16005412f53b272f740adec8ca4f5803475c18501799ebe65bba3a8e8c9b9f8fa

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              6KB

                                                                              MD5

                                                                              c98a2bf8a067443fdeda026cbfe284c5

                                                                              SHA1

                                                                              2e0a6c03c82da8f631eb0ed450c3bfe7ae6aae50

                                                                              SHA256

                                                                              2506b51655a25dad06c4f71da2cff85b0e9836fc59a658082c63e2bd0ec1b80a

                                                                              SHA512

                                                                              37607a476b01f09f60bf9048d3c5b8b3f67f7b07e89d0f944a69e421de14fbea72ceb71eac7aa78ce9b4168b39149610983a16d93a6723a9bf786ed1b3e636e1

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                              Filesize

                                                                              5KB

                                                                              MD5

                                                                              5783d71246002c9a795625cc5e8a94da

                                                                              SHA1

                                                                              6bd5ec5c8c8a62356d917528ddc6eef49326567f

                                                                              SHA256

                                                                              f23d6cf8a1f0d764594766ef27eeac679cc6c93f2462956fb8e44af52461cb6c

                                                                              SHA512

                                                                              ddb824b6e30637f45e73da0b069eb8c6f1877c90e09c2f24e0d950fa7b8d45cfc69a5eefd125d14a7d501479c9f79d3cc23e5f1b6c09959ce196a6acac821f27

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                              Filesize

                                                                              3KB

                                                                              MD5

                                                                              3a3f3bf010c77f5f2d18fa86852c0d9b

                                                                              SHA1

                                                                              fbf382e202af7a8c294c4259b0fa219cc3d3336d

                                                                              SHA256

                                                                              afd01c8434e79a6bc44caffede5ddb6a4f723ee94764a42251ec81e70e53e7df

                                                                              SHA512

                                                                              5b8e87a069815ccaaffac4e0b48e771b9529993e23833f8797499655f7e827536dae6404fb5a4ea26a5793b40d34bd5fefb6be3e3f1c87e9617be89c9807b022

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              28451bb4b2d098f2af419cd887892780

                                                                              SHA1

                                                                              0fdf4fbbc4a681c3e4534a163ddb81d331a94b14

                                                                              SHA256

                                                                              ccfbfaf96ec95fe9300d4650b47fed548fb7ed102f577a759372ef8ae8d341b4

                                                                              SHA512

                                                                              54aaa4b4d5cea625a2bc3f017ef90f5e6e7df497949b7d5299c8f1601922150bf95f52eacefc9e7f6a9c945d14a470c7e8b71ba7b4ce48fba3adc0f5bc52c517

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                              Filesize

                                                                              3KB

                                                                              MD5

                                                                              d7b39c06eceeca89e2749ccfb61db740

                                                                              SHA1

                                                                              554d8f5fce116dd7c3d005f49249a5e289f0d28b

                                                                              SHA256

                                                                              4d14c6b5bdbc9bed4f81173d8bbfcbd4ff73f3364521cfdb6ce0afdf7d7e19ee

                                                                              SHA512

                                                                              6e85b86ca7a3945eb18cf7171b7b65cb3b01964e36de909446fdfcd948ef203e25969e3017d411ca65bf8019a0895cdfcd8214792509c8bd141e2f85e2203dec

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                              Filesize

                                                                              3KB

                                                                              MD5

                                                                              a12576b7d6d3ea0eb6accda79fc2b52c

                                                                              SHA1

                                                                              1c4592a39459d58baec7ea8b6503f4fe5640f3a6

                                                                              SHA256

                                                                              8dbbb39590caa26992a5f2a2e6286c936690ef2a52893c454832022dcf8941e3

                                                                              SHA512

                                                                              840277959e7d209b13a2d35116dba71cb9d3a05542876139b0ab4c71cd0bba8cfe8de0c7855d0eea67c7e5da4e4ca0039df6d2527355fe410088e2d3e177cc7a

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              310824e60450979b43aa811ec85625fc

                                                                              SHA1

                                                                              41b3c041f8c4091b21a40e1813ccec97fe9af07b

                                                                              SHA256

                                                                              e1f6bcce4a6d61aa27150d9d8f407df04d2c621e9c70f4912e27a9d9acb6b31a

                                                                              SHA512

                                                                              f1e8fcc9d13560152a26788192869f172b2df059b00fad912dbb81a37de1ba27bc7ffec7bb223a7ae45686fb4c13c6541ad6c57f9ca9f05f8f02cfb97b976f3b

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                              Filesize

                                                                              3KB

                                                                              MD5

                                                                              eb92305536dfa83907abaadd7ed9d6c3

                                                                              SHA1

                                                                              7f6584adbe0c997065e0331b989f37938ea7581a

                                                                              SHA256

                                                                              f794c816bdd4094e90583fbd71d090972b4c7f204bccb5e854168d32f2fdb155

                                                                              SHA512

                                                                              189b645888e28170cd9e27f6bd4766897a13512cceebcc89c1067d5632f211c6a8ec0f37d712a1f0895ffa9850fb48f1a1edf81e606c9aded13981baee33b308

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              d4a36932f7258eab1d0b609ed8ad3bea

                                                                              SHA1

                                                                              451f22918466cd84ab90baccac9814c6f3a2783b

                                                                              SHA256

                                                                              9945effe53ecf8258051dc3631fbf581bfca97d936c4ff7306aefbff066019cf

                                                                              SHA512

                                                                              89605bfe8cb801826a7fffd9ee84ac0ff49bb89bcedf7d9489aa7da8dad6ba0f02f0a27875060a69dbf1ee0bbf96df42adb9ecd225f09eab08f831b3998586af

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              5a26eca28a47f44a6e488465a8f4afe6

                                                                              SHA1

                                                                              96de03bf5d3c55454a1446c636285d0b5e51c410

                                                                              SHA256

                                                                              9c9c2cf95ae9b36147249134f78213a18a49e432c87a6bac6861d3afca2eb478

                                                                              SHA512

                                                                              12daae3f8d861b4f88920dd94c9a701b2ff9235e2f9baa1e2ec7a44cfebce7fcf1b48b7a379db5ad2ae1229b837738e33abdff463c25e9e445f790f3d27d0016

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59525c.TMP
                                                                              Filesize

                                                                              538B

                                                                              MD5

                                                                              9dc890120a7be0fe7207293eed725d7f

                                                                              SHA1

                                                                              25cb37684344e2c6c33f0b71c6081731edd35363

                                                                              SHA256

                                                                              b162dcbeb1675b0d3719ee133f31de2c9e76f8404e5de8808a8820ddb3d4228d

                                                                              SHA512

                                                                              6a7dab0f5c15825e413e1312fbf2054ff706c7ef6d4040f305b1b65d909d9a04d71cdb81417491c76d608e0694588d19191d7035c3202c97f59288e5fd76af95

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\be9f3ce2-28cb-4ec7-9e21-35d347ac160f.tmp
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              1df68ebb0d054e83fc44c6a3749a8ce2

                                                                              SHA1

                                                                              5bca51df3fe93f7324fa1070d62e6da7d3ef4739

                                                                              SHA256

                                                                              5a32892cbaf767fa10ffa8bca861b37bfd8c81669c67153b9027d3736dba9e65

                                                                              SHA512

                                                                              e59edca46b03ce36e98f229eafc334b43b35464337817d378077a639e7ec0d71df81bb7935e2520e211a80deea46e22f76f948475bd52bb4e209f2a8bc0e28c9

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                              Filesize

                                                                              16B

                                                                              MD5

                                                                              6752a1d65b201c13b62ea44016eb221f

                                                                              SHA1

                                                                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                              SHA256

                                                                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                              SHA512

                                                                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ee5fe371-23ec-4943-9dfc-c50a401c2438.tmp
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              c31abbd2b954703ffcc1d366455acdbc

                                                                              SHA1

                                                                              a306d877f40bebf305c4d1fbcdcea5a356f86da8

                                                                              SHA256

                                                                              504a96eca7c4ce282ddc7239085cd5cda04444d68e7db003e652c600b6d29854

                                                                              SHA512

                                                                              e78daec6212d5215ba4528eba16e08bfbd42d89815a69235ef22102b8d66b9b9d3d17ab884990bf8c1bcd84eeeeb3325549053453a2bb1333c195a4cd4b11381

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              552345490279aa7afe5992e12c45495b

                                                                              SHA1

                                                                              7e2492088300dba8135f3b9b7dd30e5f965f8140

                                                                              SHA256

                                                                              dcc9931b9b07461c3e5ddd5e0ae08adcd364a97d582c09ff40b4be96087e14df

                                                                              SHA512

                                                                              87db80c871e17bfcd966fbf410b1bac05d78dfde4c5b8b6e45570e862a1bcbe0a55c2cfd18a727015a21ecf45b4aa805e2b28b1eee7aa552a850903ac42a2329

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                              Filesize

                                                                              10KB

                                                                              MD5

                                                                              e84f7b353882eba7cdf6b8a93821eb01

                                                                              SHA1

                                                                              8ee4ea52071f84727ad897f3e108fd2b6eb850a2

                                                                              SHA256

                                                                              544c230ffa6a0e9799365a17604c1ae931b43377c295a96b200c77d7733e14f9

                                                                              SHA512

                                                                              bf7e991d9c5fac6c1783452db5756422cf11885f46115489d160cbbf6a2817a813f5804f21755fc3744e2cddfe1904f5521c7547380b72b1902e86306f3ae682

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              d84347eadb58674ea55a58045ceb395e

                                                                              SHA1

                                                                              96c712fd4284f30f176622d306aa095cc60ada4d

                                                                              SHA256

                                                                              5b9e3d43cc8304188dff977f2c9a92df0a81f58572c8af652e023d36b637a0f6

                                                                              SHA512

                                                                              ee2164f960805c3c564eae75178fdbb4ca96072ae6d0f5d0ff0493692358e0d5138608f7f8f85d99ed43cdf38a8cd19958304606980418f6280b7e310bb1c559

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\342d1af7296519a909dbf9d57f966893
                                                                              Filesize

                                                                              7.5MB

                                                                              MD5

                                                                              342d1af7296519a909dbf9d57f966893

                                                                              SHA1

                                                                              ef1191f64533bbdca107d88619008fdce9b65fca

                                                                              SHA256

                                                                              6c4f27f31a9ad78636a2588d28a1d7ac32f66e99c39d28ff04c420bf6a0424df

                                                                              SHA512

                                                                              d4bec44d9fc51b03af005acba5ea79cb6f8b09b58d07390fe9cbbd6c5c89a0f29fd01631a223cbf58c27e6a849019ba0b2ef4d67828c407035c7b85b1c20d707

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\MSIB12F.tmp
                                                                              Filesize

                                                                              476KB

                                                                              MD5

                                                                              39f6c48493b5225bae95cdb52c8bf69d

                                                                              SHA1

                                                                              f54e11158d71068dc61f2c3c2a9db471ecdfcadd

                                                                              SHA256

                                                                              55dcfb4404fd2a7ce72dabc23d856f7529f7ed4359e1af19eca2619c2bf840cd

                                                                              SHA512

                                                                              0c5a07e45ba250e253e5ec3fb87c191e9de46027ee1f8ff5fae4be0a4c0e8a7aac48f64d6fb12dfbdd1b77ee93b5c6740e36a5a90e6ff817dd5f18e3fe3bdd6b

                                                                              Download Submit

                                                                            • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                                              Filesize

                                                                              7.3MB

                                                                              MD5

                                                                              027183c8f1be3ad3b30d3c8cf7332988

                                                                              SHA1

                                                                              a7de0320e768d2f737c30e77be4ca5043c3dbe55

                                                                              SHA256

                                                                              5f02e34dc5d7a478675fef3b4bfa9ed321bf6b6f8d6804aef7b243e360fba2fd

                                                                              SHA512

                                                                              66aefb4f2295d66da768ada2849e498145ef0f8d1e2e4c4bb7daa1745b6937742451c2f1eaf3dad35833096179e4b9d123487d744106a709f34c6a7bc8f589ac

                                                                              Download Submit

                                                                            • C:\Windows\INF\oem0.PNF
                                                                              Filesize

                                                                              5KB

                                                                              MD5

                                                                              6ae31aea52111f10f4a65884020440fc

                                                                              SHA1

                                                                              a7c9c2eacd728dc7efeeaa6d810a6959cba457db

                                                                              SHA256

                                                                              2dafb2d7142f160a0c7a8a9f4ba0a0e6393324717563438c6e3e6d3ec8784529

                                                                              SHA512

                                                                              da1c300c64ca23237be64bac9428f088f13d0d23e366dd22303b0b866309419d3a3ee4cc2e82f4b3f80add2769063d3b3b43bec8c881f39a94bea382bc5546dd

                                                                              Download Submit

                                                                            • C:\Windows\INF\oem1.PNF
                                                                              Filesize

                                                                              5KB

                                                                              MD5

                                                                              1e2413677b6d997da149f0a9436ad181

                                                                              SHA1

                                                                              87b664055a71ed303748734b64d6ed1d889b94fd

                                                                              SHA256

                                                                              6d21be1bfd31686a9145526b3516a314a9bcd1b75618298243fd77c66a421040

                                                                              SHA512

                                                                              eaf185cce4b48e0971988a2a0f7bf434d6df62aa71e9e398807201e096f740cfb06862346ffcd15886ed34d7da228c99862e87a1ec0d6883acf0d7655001f852

                                                                              Download Submit

                                                                            • C:\Windows\INF\oem2.PNF
                                                                              Filesize

                                                                              6KB

                                                                              MD5

                                                                              2a6e02dc12a269df139d3bcf2d378a89

                                                                              SHA1

                                                                              44284fe80b3b1e560886306dc8348b3c15b68469

                                                                              SHA256

                                                                              361a76a62a659dbec2e4ac5ec72063e34840f874a38a5f914f5b15b3e0446587

                                                                              SHA512

                                                                              47d0d1baf6808e6317ed9a90d07575c1bce36cc04942fcf71716dc20aeada6e1c69d8ae0d87ea0be6184e15e3c61fc878a854c12d5d9de83bc99b19d55bae79b

                                                                              Download Submit

                                                                            • C:\Windows\INF\oem3.PNF
                                                                              Filesize

                                                                              9KB

                                                                              MD5

                                                                              1b10afc76366594331df2c705c5ee6b4

                                                                              SHA1

                                                                              25c23ba783f1031e44d4cc684d00e7a3ab9303fc

                                                                              SHA256

                                                                              76beade0c96f1bbfa76a588c6fdeb6fd4ee20bb4434c391eb303e8a69bfac6f9

                                                                              SHA512

                                                                              b90d1c6f65f602a44b42d9a9ff6907bcc7fe55fac95e4b803aa21f62dbd2cdb79131a2e563168b9e20b0382a891c557fbb466c306ab3d2aea6253c2525d96211

                                                                              Download Submit

                                                                            • C:\Windows\Installer\MSI2BF1.tmp
                                                                              Filesize

                                                                              330KB

                                                                              MD5

                                                                              ac831c25bc16a05ee60aea5d79517434

                                                                              SHA1

                                                                              4946133e7fac34315a0ccaa30ca8ad383d5f0140

                                                                              SHA256

                                                                              947f8fd98efb1986df32a9c179eccf720376721798cc15d4cf9e31cdb8324869

                                                                              SHA512

                                                                              72f625386a7af35b58bdb70f35b8a29cd06c091f04e4cc2f9c7ec1c1ec194e4fb120b5528b55ed589c9daa890c1bdf8762dce1e17dd69a77ec7a002d2685ba5b

                                                                              Download Submit

                                                                            • C:\Windows\System32\CatRoot2\dberr.txt
                                                                              Filesize

                                                                              107KB

                                                                              MD5

                                                                              ecf76924bd9e69c17ef391b9516ca272

                                                                              SHA1

                                                                              d2f0e7a0e6b2e6a7f1f459b6d4cad06b0531555e

                                                                              SHA256

                                                                              8b5482cf7146a849dd06b42f039a1aaae006d64ae08d97ed053ac8460b1a12f3

                                                                              SHA512

                                                                              562b409d20b4d8006d14b35e6f270a9484933cd6e572452582b3f11d5054b9a6f6f5bf749af59c5663dd15cf3a69419e96c0bb01224450e75255afeb06bffafd

                                                                              Download Submit

                                                                            • C:\Windows\System32\DriverStore\Temp\{037f4029-4a87-0a4f-9d08-1354725fe18f}\SET55AD.tmp
                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              27eefd6a4c376a709a16793b3cf420da

                                                                              SHA1

                                                                              a3465d24e915ef51ad758df74de6787bd16d5ea3

                                                                              SHA256

                                                                              6323642efc5be5973787e2ecaf8ec6e5e09d72a3ecdc2799f9b6c06841862d8c

                                                                              SHA512

                                                                              52a296b56c8fdc9c214d139b47e2ec2ebb7339ee88ca65daa236e088b4dbf3cae392b6e0dc6ea93a23f1877654d335650e03054b39de3692b9b60c46abdfbaff

                                                                              Download Submit

                                                                            • C:\Windows\System32\DriverStore\Temp\{037f4029-4a87-0a4f-9d08-1354725fe18f}\SET55AE.tmp
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              b54fa51b12cfc7a9a54fe666b64b8ade

                                                                              SHA1

                                                                              e17673b6636138209d98953d1f6d56b701bc0ba5

                                                                              SHA256

                                                                              5b9f68c1a69270234873701f8ad50e60487ad5b3103f7bb1953d0363ffaf61f6

                                                                              SHA512

                                                                              f2347994eff841006fbad5dd603875444c13702392dc52f4fb05ee297faf3cf2c617bffa9245f99b28e50171825517af59b2b87014213abf3a80060e6714a40c

                                                                              Download Submit

                                                                            • C:\Windows\System32\DriverStore\Temp\{037f4029-4a87-0a4f-9d08-1354725fe18f}\SET55BE.tmp
                                                                              Filesize

                                                                              176KB

                                                                              MD5

                                                                              337251c0585346f48901de919f1758c1

                                                                              SHA1

                                                                              6acf0a827435716d2a464f21c57e51fbf68466f1

                                                                              SHA256

                                                                              5c750a8d786aad679c0e13934f07bd5cdbf5e5b7fb68a6d62a58967bcf2562e2

                                                                              SHA512

                                                                              ac565a4b8ef61b48c0ea7ac8f304a045fce6a925e5cacc3a03646ab41dbf910d58ae65e6c3df3b5d75df4d4efa7f1cc1bf03e48bc7bba5815a9e2690fd1ce2af

                                                                              Download Submit

                                                                            • C:\Windows\System32\DriverStore\Temp\{4ad55eba-f55d-864c-9238-8a498b077924}\VBoxNetAdp6.cat
                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              0a751919ada4675a3347d8f45a174b77

                                                                              SHA1

                                                                              5ab33ad59706d0456a6396bbecbf5cab9e13138d

                                                                              SHA256

                                                                              f42b04be8a339a383dd01b640f0fa274e31c18a1c531287d5d9182b0dc56870b

                                                                              SHA512

                                                                              aa3bb2b0a258e716ff975ae56e4dd0b14ca1bc1a0c8f56598d448ac2b78fe2b91d9ed4c109e04956860919f624c845d348a03f8ee223f6b8a776e3e33a69a2d2

                                                                              Download Submit

                                                                            • C:\Windows\System32\DriverStore\Temp\{4ad55eba-f55d-864c-9238-8a498b077924}\VBoxNetAdp6.inf
                                                                              Filesize

                                                                              3KB

                                                                              MD5

                                                                              7bd5968035e290fc975a3655d2a30c08

                                                                              SHA1

                                                                              f07a370d4734c9b332b35d26b4d16d7ae1ec17b6

                                                                              SHA256

                                                                              c1af8774a2b6c246a31b8c3f5185fff67a856c4f96d55c21b4d0587b34e4611b

                                                                              SHA512

                                                                              2da219b9fc716499b2d8fa62084c5039d61660bf4ea26e48599eb4d10d95b4ba408e8415a092307b5731cc1de9201bb000848f68d7e79f6b03da453e223253ac

                                                                              Download Submit

                                                                            • C:\Windows\System32\DriverStore\Temp\{4ad55eba-f55d-864c-9238-8a498b077924}\VBoxNetAdp6.sys
                                                                              Filesize

                                                                              240KB

                                                                              MD5

                                                                              bb13c7ae29af3d73e2e2326bd37ef752

                                                                              SHA1

                                                                              d2b5617fe2f2de0831d2ad0f6301e5cb88851261

                                                                              SHA256

                                                                              755120e64cec6673bf8ad2ed0cfb031dd71a31ab8fc063c1b26cc3a8b9198857

                                                                              SHA512

                                                                              6aa2a7c483dd205a6d0f667a5249f7eb23b45ee760de009400c208e73c21feda8d94ca428e4922303727e735a0f6026ddfd02bc419f2f280e68f2b55a93acf82

                                                                              Download Submit

                                                                            • C:\Windows\System32\DriverStore\Temp\{b51be704-c544-4d47-935d-e3064d1142ae}\SET5658.tmp
                                                                              Filesize

                                                                              11KB

                                                                              MD5

                                                                              a707e21804161083d77a12b91d3059f9

                                                                              SHA1

                                                                              2bb2e03cf8b024133bb501b769ec128d24f49194

                                                                              SHA256

                                                                              2969d9aa44c08db04529ec043d9a8c9e47b68ece7aa51ab6cb78f1c514c9e843

                                                                              SHA512

                                                                              9233a827cadec4ec8b44b0b5ed3526f2f45391f07a15256d9f68f943378079311893257532fe6e1bdfeacc2014d8f110f33f1db199aad9bf4573ac0794587da3

                                                                              Download Submit

                                                                            • C:\Windows\System32\DriverStore\Temp\{b51be704-c544-4d47-935d-e3064d1142ae}\SET5659.tmp
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              7ad88778968e6768a71bf7dd65444c3c

                                                                              SHA1

                                                                              ec753a59e7c6482e8bb1e72e9c5b5424092c26d8

                                                                              SHA256

                                                                              db8c675f4a9837eadf86654d586f2afd2d44e31be12f5c5cec2754d424ebb6e0

                                                                              SHA512

                                                                              2339e015305d601077ea17e3bd9d2d2649d64de350436d99d5f1d2a3bda84bf7610fac278094c87b628e4f3c51fb516fdb8f09a274bd532734543cb0eea284b6

                                                                              Download Submit

                                                                            • C:\Windows\System32\DriverStore\Temp\{b51be704-c544-4d47-935d-e3064d1142ae}\SET565A.tmp
                                                                              Filesize

                                                                              190KB

                                                                              MD5

                                                                              44a46b8f144a04e18d341b9ac239ff20

                                                                              SHA1

                                                                              9e911d62c66b8fedff0cf5a9a9684b2f87221f7d

                                                                              SHA256

                                                                              ebcaba012c908d5584579ba927d4e7dfb3be28d91d7c369a2473b393915e933d

                                                                              SHA512

                                                                              144d7c3b3f4c63f8f04f786ddc7d553b83808afef47a9628b5f67493950a42d020469c75d536c1214186daae34fdd437eb2a9f7a2214b0e434b6d8decd57c3dc

                                                                              Download Submit

                                                                            • C:\Windows\System32\catroot2\dberr.txt
                                                                              Filesize

                                                                              107KB

                                                                              MD5

                                                                              c9726c43b6f99ff694929a7f8d221ae0

                                                                              SHA1

                                                                              d9e04b68443009ed732ddce253026f6380c93162

                                                                              SHA256

                                                                              10ae76749e704354eceb4dbd03a4cd74269f7c255d8ded5c9128d031f0282e4a

                                                                              SHA512

                                                                              2f8a5f289971b5b5b0c27ae138408b3ac0f5be18088153e62a1410c027627277a997c99616e732617f121277e566f53f1ac29ab77583772473c2d2565c3ee44c

                                                                              Download Submit

                                                                            • C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
                                                                              Filesize

                                                                              280B

                                                                              MD5

                                                                              e7c9ea195adbdecb0d0b03e58e00daa8

                                                                              SHA1

                                                                              54154f2ec3eaef0088d367298fcc1452b6b68214

                                                                              SHA256

                                                                              5df6f6d6d7afa13dead31ef96397d150363c2cbc8df316033f9902fcdc42a9df

                                                                              SHA512

                                                                              490dfbd945e5795cd80885f1b5c4ebd331e027c7b51c34f1c01021a56d670cfa146e2d7955f3e4d0acd1ae1e6cf22ed11e6fa1e30104fc62dbcedc39f0a25e26

                                                                              Download Submit

                                                                            • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
                                                                              Filesize

                                                                              24.6MB

                                                                              MD5

                                                                              9091666b3ca9f44020ad4a2f1bfbf63e

                                                                              SHA1

                                                                              27a224d0170fc5d769b70e18c594396722bdbbe5

                                                                              SHA256

                                                                              3031bc3a105dd300d3a9a63836f339b5c8a9f67eb3d6bc08009a4f3ee5df2800

                                                                              SHA512

                                                                              5c3d1afff989021b4803507934777fbeeb70ba75f58259008b58df520f69968d20657f3a2a9b57b6a84017e4925a9cd48d1f0a32dbec45515033cb64be8304e3

                                                                              Download Submit

                                                                            • \??\Volume{78425248-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{3d31826a-1f36-444f-9672-9e897c85399b}_OnDiskSnapshotProp
                                                                              Filesize

                                                                              6KB

                                                                              MD5

                                                                              7e9a35c032659a1f7e0b0a0b57c2fef0

                                                                              SHA1

                                                                              b776c079a8b5bca7cc99e248140ffaf75c20cab4

                                                                              SHA256

                                                                              3d9e0abde5c9713c16195855ed07ad9b8e8576c5a090125d49dd78119815bbd4

                                                                              SHA512

                                                                              aeeadf68bf55b7fe8c74a195dd4c8e584b1d7cf5a9a3d3a4166956235c6c8c235662bb115bae81bc35481f584527eb3692f8c95b7ec94eeda171f97550ea9da2

                                                                              Download Submit

                                                                            • memory/2184-2066-0x00007FFA82030000-0x00007FFA82040000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2058-0x00007FFA81BB0000-0x00007FFA81BC0000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2037-0x00007FFA83F20000-0x00007FFA83F30000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2038-0x00007FFA84040000-0x00007FFA84050000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2036-0x00007FFA83F20000-0x00007FFA83F30000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2041-0x00007FFA84090000-0x00007FFA840C0000-memory.dmp

                                                                              Filesize

                                                                              192KB

                                                                              Download

                                                                            • memory/2184-2045-0x00007FFA84120000-0x00007FFA84129000-memory.dmp

                                                                              Filesize

                                                                              36KB

                                                                              Download

                                                                            • memory/2184-2044-0x00007FFA84090000-0x00007FFA840C0000-memory.dmp

                                                                              Filesize

                                                                              192KB

                                                                              Download

                                                                            • memory/2184-2043-0x00007FFA84090000-0x00007FFA840C0000-memory.dmp

                                                                              Filesize

                                                                              192KB

                                                                              Download

                                                                            • memory/2184-2055-0x00007FFA81F60000-0x00007FFA81F6C000-memory.dmp

                                                                              Filesize

                                                                              48KB

                                                                              Download

                                                                            • memory/2184-2061-0x00007FFA81D60000-0x00007FFA81D70000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2069-0x00007FFA820A0000-0x00007FFA820B0000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2068-0x00007FFA820A0000-0x00007FFA820B0000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2067-0x00007FFA82030000-0x00007FFA82040000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2039-0x00007FFA84040000-0x00007FFA84050000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2065-0x00007FFA81D80000-0x00007FFA81D90000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2064-0x00007FFA81D80000-0x00007FFA81D90000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2063-0x00007FFA81D80000-0x00007FFA81D90000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2062-0x00007FFA81D60000-0x00007FFA81D70000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2060-0x00007FFA81D60000-0x00007FFA81D70000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2059-0x00007FFA81BB0000-0x00007FFA81BC0000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2040-0x00007FFA84090000-0x00007FFA840C0000-memory.dmp

                                                                              Filesize

                                                                              192KB

                                                                              Download

                                                                            • memory/2184-2057-0x00007FFA81A40000-0x00007FFA81A50000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2056-0x00007FFA81A40000-0x00007FFA81A50000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2054-0x00007FFA81E70000-0x00007FFA81E90000-memory.dmp

                                                                              Filesize

                                                                              128KB

                                                                              Download

                                                                            • memory/2184-2053-0x00007FFA81E70000-0x00007FFA81E90000-memory.dmp

                                                                              Filesize

                                                                              128KB

                                                                              Download

                                                                            • memory/2184-2052-0x00007FFA81E70000-0x00007FFA81E90000-memory.dmp

                                                                              Filesize

                                                                              128KB

                                                                              Download

                                                                            • memory/2184-2051-0x00007FFA81E70000-0x00007FFA81E90000-memory.dmp

                                                                              Filesize

                                                                              128KB

                                                                              Download

                                                                            • memory/2184-2050-0x00007FFA81E70000-0x00007FFA81E90000-memory.dmp

                                                                              Filesize

                                                                              128KB

                                                                              Download

                                                                            • memory/2184-2049-0x00007FFA81E50000-0x00007FFA81E60000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2048-0x00007FFA81E50000-0x00007FFA81E60000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2047-0x00007FFA81DC0000-0x00007FFA81DD0000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2046-0x00007FFA81DC0000-0x00007FFA81DD0000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2184-2042-0x00007FFA84090000-0x00007FFA840C0000-memory.dmp

                                                                              Filesize

                                                                              192KB

                                                                              Download

                                                                            • memory/3132-1971-0x00000000730F0000-0x0000000073300000-memory.dmp

                                                                              Filesize

                                                                              2.1MB

                                                                              Download

                                                                            • memory/3132-2031-0x0000000000330000-0x0000000000365000-memory.dmp

                                                                              Filesize

                                                                              212KB

                                                                              Download

                                                                            • memory/3132-1954-0x00000000730F0000-0x0000000073300000-memory.dmp

                                                                              Filesize

                                                                              2.1MB

                                                                              Download

                                                                            • memory/3132-1953-0x0000000000330000-0x0000000000365000-memory.dmp

                                                                              Filesize

                                                                              212KB

                                                                              Download

                                                                            • memory/4088-672-0x00007FFA5FBC0000-0x00007FFA6170A000-memory.dmp

                                                                              Filesize

                                                                              27.3MB

                                                                              Download

                                                                            • memory/4088-673-0x00007FF64D9B0000-0x00007FF64DC6A000-memory.dmp

                                                                              Filesize

                                                                              2.7MB

                                                                              Download

                                                                            • memory/4088-674-0x00007FFA5E8E0000-0x00007FFA5EEA1000-memory.dmp

                                                                              Filesize

                                                                              5.8MB

                                                                              Download