Analysis
-
max time kernel
631s -
max time network
622s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
22-06-2024 15:03
General
-
Target
https://rebrand.ly/Rift-Latest
Malware Config
Signatures
-
Suspicious use of NtCreateProcessExOtherParentProcess 6 IoCs
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 37 IoCs
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s) 1 IoCs
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks system information in the registry 2 TTPs 18 IoCs
System information is often read in order to detect sandboxing environments.
-
Detected potential entity reuse from brand microsoft.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 6 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 4 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: LoadsDriver 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rebrand.ly/Rift-Latest1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4c1a46f8,0x7ffc4c1a4708,0x7ffc4c1a47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5520 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5172 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5220 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1312 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5752 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6292 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1860 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6176 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,5140982580441367863,10631833896635587409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7396 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\MicrosoftEdgeWebview2Setup.exe"C:\Users\Admin\Downloads\MicrosoftEdgeWebview2Setup.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- NTFS ADS
-
C:\Program Files (x86)\Microsoft\Temp\EUBDF8.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EUBDF8.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"3⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc4⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver4⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuNDEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTMxMkU2ODAtNTAxNS00RTRCLTkyMTktNTc4RUFENDVFQ0I3fSIgdXNlcmlkPSJ7QkMzMTQ3OEYtNkQ0NS00NUNDLUIzQ0QtRkNDRkE1NzcxNTgxfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezNBN0VFNURELUQ2RDAtNEVGMS04RUMzLTRENDg1NzU4RTA5Mn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtENmp4UGVVbUtmaDh5dHk2RjA3WXhNMWVaREgvVFY2RlFUMmZmRGlaeXd3PSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg3LjQxIiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny40MSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODE0ODgyNjYzMiIgaW5zdGFsbF90aW1lX21zPSI1NjciLz48L2FwcD48L3JlcXVlc3Q-4⤵
- Executes dropped EXE
- Checks system information in the registry
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{A312E680-5015-4E4B-9219-578EAD45ECB7}"4⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\MicrosoftEdgeWebview2Setup.exe"C:\Users\Admin\Downloads\MicrosoftEdgeWebview2Setup.exe"2⤵
- Executes dropped EXE
- NTFS ADS
-
C:\Program Files (x86)\Microsoft\Temp\EUC04A.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EUC04A.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"3⤵
- Checks computer location settings
- Executes dropped EXE
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /healthcheck4⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuNDEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUQyQ0M0OTYtQzI0My00MEM3LTgwNjctNTNGQ0EzNzI3Rjk4fSIgdXNlcmlkPSJ7QkMzMTQ3OEYtNkQ0NS00NUNDLUIzQ0QtRkNDRkE1NzcxNTgxfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezFDRDk3QzIzLTI1NEMtNEZBNy1CQzdFLUMzNkFFQjM2QUEyRX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtENmp4UGVVbUtmaDh5dHk2RjA3WXhNMWVaREgvVFY2RlFUMmZmRGlaeXd3PSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg3LjQxIiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny40MSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODE1MDA2NjU3NyIgaW5zdGFsbF90aW1lX21zPSI1NCIvPjwvYXBwPjwvcmVxdWVzdD44⤵
- Executes dropped EXE
- Checks system information in the registry
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource taggedmi /sessionid "{ED2CC496-C243-40C7-8067-53FCA3727F98}"4⤵
- Executes dropped EXE
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x328 0x49c1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap18795:86:7zEvent162491⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Rift-2.2.1.0\" -ad -an -ai#7zMap16747:86:7zEvent44601⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\dotnet-sdk-3.1.417-win-x64.exe"C:\Users\Admin\Downloads\dotnet-sdk-3.1.417-win-x64.exe"1⤵
- Executes dropped EXE
-
C:\Windows\Temp\{FE3CC186-00E9-4CF1-84B6-487E7481ACA1}\.cr\dotnet-sdk-3.1.417-win-x64.exe"C:\Windows\Temp\{FE3CC186-00E9-4CF1-84B6-487E7481ACA1}\.cr\dotnet-sdk-3.1.417-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\dotnet-sdk-3.1.417-win-x64.exe" -burn.filehandle.attached=580 -burn.filehandle.self=7162⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\Temp\{368FB190-7207-459A-98EC-726B5E13FFF9}\.be\dotnet-sdk-3.1.417-win-x64.exe"C:\Windows\Temp\{368FB190-7207-459A-98EC-726B5E13FFF9}\.be\dotnet-sdk-3.1.417-win-x64.exe" -q -burn.elevated BurnPipe.{B1826D80-AAC5-4C7F-932F-AC1E70354E28} {D0FB2F8D-CA4A-43D9-A52B-9DCF06B9BCD2} 51963⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding E1F29DF12C9E8DFE048C3C864F505CEF2⤵
- Loads dropped DLL
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding DA377653D0D2508509F1F47A8C08CFA32⤵
- Loads dropped DLL
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 73B36A3027B53AC63F8C3D2A0BE0C2842⤵
- Loads dropped DLL
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 9F6422ED44B9E861C15E6FD849A0EFA52⤵
- Loads dropped DLL
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 8BA31543BB4C484F7BC80D492357166E2⤵
- Loads dropped DLL
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding E6AE89E16380BDA3CB3C7026CCF3820C2⤵
- Loads dropped DLL
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding CB4A079EA8366F06232AEDE0D713E7252⤵
- Loads dropped DLL
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding A2133ACCABA42BCA8F17389193D626F02⤵
- Loads dropped DLL
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 656EDCA363459F67C1579C9D439764382⤵
- Loads dropped DLL
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 6FC8F1B00370BAD96CB0030CCA7E24FA2⤵
- Loads dropped DLL
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 22FA5AFB2A6B8586A2010C5A851FA8DE2⤵
- Loads dropped DLL
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 2A2005DDDFF7B778176E10ABEC0227B6 E Global\MSI00002⤵
- Loads dropped DLL
-
C:\Program Files\dotnet\dotnet.exe"C:\Program Files\dotnet\\dotnet.exe" exec "C:\Program Files\dotnet\\sdk\3.1.417\dotnet.dll" internal-reportinstallsuccess "C:\Users\Admin\Downloads\dotnet-sdk-3.1.417-win-x64.exe"3⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\getmac.exe"getmac.exe"4⤵
-
C:\Windows\SysWOW64\getmac.exe"getmac.exe"4⤵
-
C:\Windows\SysWOW64\getmac.exe"getmac.exe"4⤵
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 95727C3A583C8309F3C4B0ABFE816D1B2⤵
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 4834BE1416EBC23982A0E8FEA2C2BA712⤵
-
C:\Users\Admin\Downloads\Rift-2.2.1.0\Rift.exe"C:\Users\Admin\Downloads\Rift-2.2.1.0\Rift.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/2a723731-d64d-4119-8214-9781c986c21b/MicrosoftEdgeWebView2RuntimeInstallerX64.exe2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc4c1a46f8,0x7ffc4c1a4708,0x7ffc4c1a47183⤵
-
C:\Windows\System32\GameBarPresenceWriter.exe"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
-
C:\Users\Admin\Downloads\Rift-2.2.1.0\Rift.exe"C:\Users\Admin\Downloads\Rift-2.2.1.0\Rift.exe"1⤵
- Executes dropped EXE
-
C:\Windows\System32\GameBarPresenceWriter.exe"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService1⤵
- Checks processor information in registry
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap15113:174:7zEvent177381⤵
-
C:\Users\Admin\Downloads\Microsoft.WebView2.FixedVersionRuntime.126.0.2592.68.x86\msedgewebview2.exe"C:\Users\Admin\Downloads\Microsoft.WebView2.FixedVersionRuntime.126.0.2592.68.x86\msedgewebview2.exe"1⤵
- Executes dropped EXE
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Microsoft.WebView2.FixedVersionRuntime.126.0.2592.68.x86\" -spe -an -ai#7zMap3103:174:7zEvent13311⤵
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\Downloads\Microsoft.WebView2.FixedVersionRuntime.126.0.2592.68.x86\msedgewebview2.exe"C:\Users\Admin\Downloads\Microsoft.WebView2.FixedVersionRuntime.126.0.2592.68.x86\msedgewebview2.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\Microsoft.WebView2.FixedVersionRuntime.126.0.2592.68.x86\msedgewebview2.exe"C:\Users\Admin\Downloads\Microsoft.WebView2.FixedVersionRuntime.126.0.2592.68.x86\msedgewebview2.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Checks system information in the registry
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuNDEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUQyQ0M0OTYtQzI0My00MEM3LTgwNjctNTNGQ0EzNzI3Rjk4fSIgdXNlcmlkPSJ7QkMzMTQ3OEYtNkQ0NS00NUNDLUIzQ0QtRkNDRkE1NzcxNTgxfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RDUyOUZGNjYtMzdCNS00NTdBLTlGMEQtNERFMEI0Q0JEMTU3fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O2hWZkRqTWRGRzZGZ0tzME56NmVtcllDU2c2VFF2RFBvbW9sUmF5UVhCSzQ9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzE4MTMyMTY3IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNjI2MDQ2NjE0NzAyMTQzIiBmaXJzdF9mcmVfc2Vlbl90aW1lPSIxMzM2MzU0MjIzMDM5NDY0NzIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMzExMTg5IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MTU2ODgxNjM4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Checks system information in the registry
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuNDEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTMxMkU2ODAtNTAxNS00RTRCLTkyMTktNTc4RUFENDVFQ0I3fSIgdXNlcmlkPSJ7QkMzMTQ3OEYtNkQ0NS00NUNDLUIzQ0QtRkNDRkE1NzcxNTgxfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RkZBRjJGRDEtMTkzNC00OTQwLUE1N0QtOUIxNDAwRkQzMjQ4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O2hWZkRqTWRGRzZGZ0tzME56NmVtcllDU2c2VFF2RFBvbW9sUmF5UVhCSzQ9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzE4MTMyMTY3IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNjI2MDQ2NjE0NzAyMTQzIiBmaXJzdF9mcmVfc2Vlbl90aW1lPSIxMzM2MzU0MjIzMDM5NDY0NzIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMzExMTg5IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MTU2ODgxNjM4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Checks system information in the registry
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EFB2BD8C-15F1-47D4-9621-E4B75F1679A1}\MicrosoftEdge_X64_126.0.2592.68.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EFB2BD8C-15F1-47D4-9621-E4B75F1679A1}\MicrosoftEdge_X64_126.0.2592.68.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EFB2BD8C-15F1-47D4-9621-E4B75F1679A1}\EDGEMITMP_15270.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EFB2BD8C-15F1-47D4-9621-E4B75F1679A1}\EDGEMITMP_15270.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EFB2BD8C-15F1-47D4-9621-E4B75F1679A1}\MicrosoftEdge_X64_126.0.2592.68.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level3⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EFB2BD8C-15F1-47D4-9621-E4B75F1679A1}\EDGEMITMP_15270.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EFB2BD8C-15F1-47D4-9621-E4B75F1679A1}\EDGEMITMP_15270.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EFB2BD8C-15F1-47D4-9621-E4B75F1679A1}\EDGEMITMP_15270.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.68 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff6570eaa40,0x7ff6570eaa4c,0x7ff6570eaa584⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D8F95208-0FF6-4D93-8303-1718B9EB4CC5}\MicrosoftEdge_X64_126.0.2592.68.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D8F95208-0FF6-4D93-8303-1718B9EB4CC5}\MicrosoftEdge_X64_126.0.2592.68.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D8F95208-0FF6-4D93-8303-1718B9EB4CC5}\EDGEMITMP_A2370.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D8F95208-0FF6-4D93-8303-1718B9EB4CC5}\EDGEMITMP_A2370.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D8F95208-0FF6-4D93-8303-1718B9EB4CC5}\MicrosoftEdge_X64_126.0.2592.68.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level3⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D8F95208-0FF6-4D93-8303-1718B9EB4CC5}\EDGEMITMP_A2370.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D8F95208-0FF6-4D93-8303-1718B9EB4CC5}\EDGEMITMP_A2370.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D8F95208-0FF6-4D93-8303-1718B9EB4CC5}\EDGEMITMP_A2370.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.68 --initial-client-data=0x22c,0x230,0x234,0x21c,0x238,0x7ff72a86aa40,0x7ff72a86aa4c,0x7ff72a86aa584⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuNDEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTMxMkU2ODAtNTAxNS00RTRCLTkyMTktNTc4RUFENDVFQ0I3fSIgdXNlcmlkPSJ7QkMzMTQ3OEYtNkQ0NS00NUNDLUIzQ0QtRkNDRkE1NzcxNTgxfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezc3NkUwQUVDLTFEMjgtNDgxQS05RjlBLTFDOTIzQ0JFOTFBOH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjYuMC4yNTkyLjY4IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MTY5MTI0MDU4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODE2OTE3NTIzMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg0OTYzNTg0MDMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2FjNmY2MTFiLWVlYjctNGE0Mi1hNmQ0LThjZDcxNDI5NmExMT9QMT0xNzE5NjczNzg3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUtJJTJmQlk1QmZtMlJENkhDMnpyZ0FNaExBdlBXS1MlMmZDcEVldzJ1eFJOYXJFelhxU3VOOFYya1daOWcwczdCR2ZRT2FGOU0xRkolMmJZVEMlMmZEdElGRDFMNlElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzI5NTcyNDAiIHRvdGFsPSIxNzI5NTcyNDAiIGRvd25sb2FkX3RpbWVfbXM9IjI0NzM4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODQ5NjQxODU1MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg1MjE1MzgzNDAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg5NDQ5MzkwNzQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI4NjIiIGRvd25sb2FkX3RpbWVfbXM9IjMyNzEyIiBkb3dubG9hZGVkPSIxNzI5NTcyNDAiIHRvdGFsPSIxNzI5NTcyNDAiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQyMzM4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Checks system information in the registry
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuNDEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUQyQ0M0OTYtQzI0My00MEM3LTgwNjctNTNGQ0EzNzI3Rjk4fSIgdXNlcmlkPSJ7QkMzMTQ3OEYtNkQ0NS00NUNDLUIzQ0QtRkNDRkE1NzcxNTgxfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0NFNzFBRkUyLTFCRjYtNEE0Ni05RDk4LUI4NTg0NDUzQzY4QX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtoVmZEak1kRkc2RmdLczBOejZlbXJZQ1NnNlRRdkRQb21vbFJheVFYQks0PSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjYuMC4yNTkyLjY4IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MTcwMjY2MjUzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODE3MDI2NjI1MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg1MjE1NjgxNjQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2FjNmY2MTFiLWVlYjctNGE0Mi1hNmQ0LThjZDcxNDI5NmExMT9QMT0xNzE5NjczNzg3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUtJJTJmQlk1QmZtMlJENkhDMnpyZ0FNaExBdlBXS1MlMmZDcEVldzJ1eFJOYXJFelhxU3VOOFYya1daOWcwczdCR2ZRT2FGOU0xRkolMmJZVEMlMmZEdElGRDFMNlElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzI5NTcyNDAiIHRvdGFsPSIxNzI5NTcyNDAiIGRvd25sb2FkX3RpbWVfbXM9IjI3OTIyIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODUyMTY5ODI1NiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg5NDQ5NDg5NzYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjkyOTA0MDQwMjEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI4MTAiIGRvd25sb2FkX3RpbWVfbXM9IjM1MTQzIiBkb3dubG9hZGVkPSIxNzI5NTcyNDAiIHRvdGFsPSIxNzI5NTcyNDAiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjM0NTQzIi8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Checks system information in the registry
-
C:\Users\Admin\Downloads\Rift-2.2.1.0\Rift.exe"C:\Users\Admin\Downloads\Rift-2.2.1.0\Rift.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\Rift-2.2.1.0\Rift.exe"C:\Users\Admin\Downloads\Rift-2.2.1.0\Rift.exe"1⤵
- Executes dropped EXE
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\Downloads\Rift-2.2.1.0\Rift.exe"C:\Users\Admin\Downloads\Rift-2.2.1.0\Rift.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\Rift-2.2.1.0\Rift.exe"C:\Users\Admin\Downloads\Rift-2.2.1.0\Rift.exe"1⤵
- Executes dropped EXE
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:App.wwa1⤵
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\SystemSettingsAdminFlows.exe"C:\Windows\system32\SystemSettingsAdminFlows.exe" EditUser S-1-5-21-3169499791-3545231813-3156325206-10011⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x0 /state0:0xa3802055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService1⤵
- Checks processor information in registry
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
2Image File Execution Options Injection
1Component Object Model Hijacking
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Event Triggered Execution
2Image File Execution Options Injection
1Component Object Model Hijacking
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Config.Msi\e58ecb0.rbsFilesize
55KB
MD5d0d73ae28e9efcde8ca675989916f366
SHA12c97516758818ed14fdaa0afa5725d0e4d020739
SHA25619e625d34f5f8d874664edf6e4ab9b4587eb07a23e5ef8e030e4f5062acb9c1c
SHA51261869f146b146e3eca10f923d180df2919a321bef9eb99b7cedff9c578c7633246e97085e536adc44f51885f38768d3146bb9b41a99d41f78d14c1b79f2985d5
-
C:\Config.Msi\e58ecb5.rbsFilesize
9KB
MD5237490bdb55da917b5a6c9b88ba2a2cc
SHA10ec284d1dc5360559d7f754abcc5861972c9bc0d
SHA256e7f24db72f3ace8bf6e10687f0ca9b191256af929160b8bb69a913d1bfbbc710
SHA512657d4c859d98ba8356a64b849fff54821dc934a62d496519f9d4feb05afa72ea088436005039fd3242ccb221a36b736186994d33f6086b916b3cf93663b6020e
-
C:\Config.Msi\e58ecba.rbsFilesize
10KB
MD5577c3f999caf7ef8435b782978f7b940
SHA1dd47a769d56884ff67bcbfbf7210909fe825d296
SHA256d7944c0d55444b119dc22b936c1cf2d874848c306f0d2deab22c93c3a8f92502
SHA512fe439569411b3b614f17a0321bdc1154b05460ea647a05b25e8e15a9362f5c450f05064348a0dd521baadeeccc5eebeee973aa8f12bcc0415cb2682ad35dcf9f
-
C:\Config.Msi\e58ecc0.rbsFilesize
66KB
MD5f68c6e28e1d9eb9f366932a774246e7c
SHA177c1f06db91db83d863647b27525260c1ec02dc0
SHA2565fab0d13abecc0421fc126628f09cccaa423e26d49172dd2f388dc37cecfc34b
SHA512171f203b543d0fe9be046914a3676248ca5a66e1d5658de65796c02947e63ea06d64019ae491179d1434b6511cf45d752c95787a5b04b0b2660ce95cf27cb3b1
-
C:\Config.Msi\e58ecc5.rbsFilesize
10KB
MD5278a7517bbe5cb4bf02514cd18ea2d86
SHA1ec05bc2214aea35288f4e177fca2213efd7d999c
SHA256db57296843b5e4bb2c5b753e131fa24b0664c98e86dcb35479516159e970dfcf
SHA5129b0337c5986c4bc85e1a7593ffdea1c25999923d2cc788374f0ac36f555c94520fb2a85c23f3615ddcff52f364b1349b62254d035aeae96ae55165da8c4b9b6a
-
C:\Config.Msi\e58ecca.rbsFilesize
10KB
MD53e89b3ed354885cd39493ca511cc8943
SHA1fe7164afe9319aeb8103251b67ee0e331fa542e4
SHA2565570c9e67a752b19e13a9c93ce0202ba9ab909694d38721e5544b2655dcff822
SHA512f8493de7f76044b13c8a82866f32ae4bd27ae5cf65a45b3cc9ab0fdd946c7e4aeab46f0efe6f377e56832327bba89dedd221af625bb5ccec93b955f72d4b765a
-
C:\Config.Msi\e58eccf.rbsFilesize
10KB
MD5175ad2bbf5f32683b2cb9cca599e3c4e
SHA102c77973087511d2750a44f1478c2ff1d459f439
SHA2567d94fc697f40aeddd7a28368ae219e6decf760efbf5d2483a6a0082d5c4a66ff
SHA512a4c3c4e411616743241788a0f824c13358ad7903d91341eee13c49a2b76dcd7f8e99f4c29ed005d826a985eebe12bf93692d67ae7f09898d68eef1a4b3b8c17e
-
C:\Config.Msi\e58ecd4.rbsFilesize
10KB
MD5f4a0bd7b72caf26c9fd0281eafab7734
SHA1dbb28b956719ca47aff9518a4e3cb6587b2c634f
SHA256f60014e88e11f6a5175760ae3a74ff37241002ff97e535ad451520449de74c61
SHA5123ab8d66d9ec8a878b5e89bec8f9b1c5d193f3dde43589bffb18df09667e8f539e8b60cf123500424fed74f6e9aea631b4c28760c1158fd6fa75288853ade58bc
-
C:\Config.Msi\e58ecd9.rbsFilesize
35KB
MD5c7c0fdf854da1351eeafa4a92ab5d90e
SHA192b30b6ef8148408a183f446b1c870ab26a09745
SHA256c9e9d16013b75b1c43868ad38b196f85f32fd35200a7c7a4acc237495e56fb4a
SHA51252532fb3120f8f7964ec70bab577a69c795add1c03db76a9500c42225d929903203146c37265ed93283f9cd218cb2617c3cd704f64041dda6ca6f99a1b7d247f
-
C:\Config.Msi\e58ecde.rbsFilesize
82KB
MD5e78fd6c06666f337488c62d2e65b2f87
SHA120a2c8014deb77732d841bea20a84f1137212ca7
SHA256c62dc43adea182029adf372bd20d5f0e6e4339884c4810fcf023cd386ca5c9cc
SHA512e49323236ca729935db4728bda4fa4ebb42c3b2f08ecf4ed1905783bce8578bfa6b82df6e41437067a0e73b2106b5f5cdfeae2dc13e2cfe3ec6d13c3076e3b6e
-
C:\Config.Msi\e58ece3.rbsFilesize
30KB
MD5e067bd3f949613f6b8852f0878124e0b
SHA1583aa3a94ddd48ab16ab54c237e077dd0f11b101
SHA256045ba5050464744b8838c874542ca48d7e51d36edc540d8b864819a596c319a3
SHA512dc7526a0f16944bdf24017f192def3798370ac15f7e97b96804c6678643f95a8e92aa7299573c97ddf7da494f9fa207e7ff7a52078b0e7c791f5fc4d576b7a4f
-
C:\Config.Msi\e58ece8.rbsFilesize
71KB
MD5cd5e84f28af2ec2f03e51fe8295fb275
SHA1baf01ce77e05c47127274ba53b582ed8d5cc63c8
SHA256388b36a3ebd4fa61e1d0fc6875200ef8923c0187bc06928ddb51e4cb5f0f5815
SHA5122e3b14f2ee881e1ba4604e6c82b9bd177b9e0fa85cc253ea1b7f2b57bbb702858d6102c2afdda350131a334a8cab3b83f8afe3d70d71d0199e21cea275846a65
-
C:\Config.Msi\e58eced.rbsFilesize
10KB
MD5a38849f65dc00a0491f8b2f493446171
SHA14a73e31643025d12fc6b92ac897c3bcb22cbfb27
SHA256824b51209569e9f2564673a7f2503ba7f7010694caca7d20b20de7c87a642d17
SHA5125ec68d6f4951c6a0c8853d160858d03d1af59e532cee632c28af369107a64d602f5d5c832f39edc45229a8092c7bf29b377c9a0a208cdc4c00e614bdb66236df
-
C:\Config.Msi\e58ecf2.rbsFilesize
382KB
MD5b4df02cc8e9e75b3253bce738b369567
SHA104892dc5715dee5c41e2a52381124e1838fc0660
SHA256d89d014f18c1ad0c02f3755027d6bafa65c4759e56c0d43daf60212b001ad078
SHA51236c265fefdc3125a01286b5ca9c88f9b3eea6baf400a6fed2c90e652133a45cc70cf93c1eb8ef2af36c604bc8d5c337be59cb171440f367073aa3b3159c363d8
-
C:\Config.Msi\e58ecf7.rbsFilesize
38KB
MD5ec8793f7d5c1a4f8f7207cc37c287bfb
SHA104c071d2434b1affc96052fa8168ffaadf7c029b
SHA256ca64fa31b992658b97c4c389e3fceca2f8ba8b62ae17e0fd57aa4fba9b40bd49
SHA51259523fe78f3986375ea9b8dd025719ae4bd993b3429be4d2338e355a06e7deb4b69dc594469ba8580f0326d4e4ddc5f2e21f4ea23ed09342dfa868635a1b6978
-
C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.68\Installer\setup.exeFilesize
6.5MB
MD505e320ae544022adea3f8c441646765d
SHA13c6266b8a8c0132a97b2785bcb9ae7546ac02cc9
SHA256e1618f31f476932871871ebc6e63d57aad643b74ea892d3d305e4125df1e6f10
SHA512c1cf5c001ddd6b3b3c68b697f8ec9f1cbd48b5881f9fc805d74eb14a13eedcdf71e958ca1b790353a4edc64008558295741cfb785e0a3824a8f3a62bc985d387
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D8F95208-0FF6-4D93-8303-1718B9EB4CC5}\EDGEMITMP_A2370.tmp\SETUP.EX_Filesize
2.6MB
MD52885270a83008fa7c8aed1932eda65b3
SHA1640892a2a112432afb50082f65f7b640bf1b76b9
SHA256542406852cfc0b13924336093ada2e15d905147508c4d4af94b837a0bac615a5
SHA512afd12f59ab41efb9ac576a5b8e8ef1d6c391574dcca5acb46005c8d2ba81b3e7fd94374a5dde629976cdd2f58007fb53f99447a949f0f2bc35f0c8634dfd9ae0
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeFilesize
201KB
MD5e3f7c1c2e2013558284331586ba2bbb2
SHA16ebf0601e1c667f8d0b681b0321a73e8f4e91fa3
SHA256d19616ac12d3d536c8fbf034513a4977c88ef2d1676d358a2358fa051c8a42ba
SHA5127d4fd7ad06b05d79211144cbaa0047bdb4910212565b79f292a6bea652735dacf69435b24c73bc679cbdad4207f6352726eb297a1e7af4f7eef14dbc8a2ca42d
-
C:\Program Files\MsEdgeCrashpad\settings.datFilesize
280B
MD5518dca930d227f5d4f5788b689a27bd5
SHA1b2a2321780d1fc41336007d48eace52d0298a1be
SHA2566bad15c73a7856aca6e3d16e88af433c8c3ffc31a3180b2f5903c39500524d9b
SHA512a400d24fd3d16da38ff30f5de2fb5402d11d21fb446c343fd20b0dab76f45200a41f5d94859d27485bf44e0030c4498fe5556b9e3df2e9c53023c1223ce9e822
-
C:\Program Files\dotnet\ThirdPartyNotices.txtFilesize
31KB
MD53782925318a682b12aecc11fe37cb4d1
SHA197adc7d7e8f0fde6fea76e1420c008a8b1b87c7c
SHA2562e3b2cb5cb57ff44310801dd46e51dab1d35d9cfe196a9709ee8cb9c6f8e4d4a
SHA512cc99f07fd1971fe732de4bfff4a83be6e10464708e8b37c8b5c2cf840d6ef36e4b29d6f80bcc6ad498859cc92d5ba2265b6e7f408ffdab08cacaea69fcab3929
-
C:\Program Files\dotnet\sdk\3.1.417\MSBuild.runtimeconfig.jsonFilesize
155B
MD556760d60ec78f1c116391ee4a1c7e45c
SHA11604011dd1d97e29c4a10325e90d4de63dfdaf8f
SHA25674b192ca1ce54a9c42314959187bab0f575978d8e991730b404a47ead30c314e
SHA5120c0f4078e19f27ae213cb5c5810eac4189681635cffe87e48d711a75d034ed4d5691ea1cc5759167e2b2960da057cb6b476d7b2d716ea8ea41f6b2baab771651
-
C:\Program Files\dotnet\sdk\3.1.417\Sdks\Microsoft.NET.Sdk.Publish\packageIcon.pngFilesize
6KB
MD509e1aea3b3b37c1d1df0cac1526db117
SHA162e90259673547dcd6f96724457102bce993a21d
SHA2563356b59b6d9c24db3a22398c0fb3430724052fe75ae5e8430ee8ede2fb713356
SHA51212d5aa8bea27ad6a1118bee3b1185dbb952197dfa4465e141d3b51090364db7d7ab7c2add6463a0adc318410faf1c3783c69b35e08cba0285571c59c0c7aab25
-
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.logFilesize
197KB
MD5464c447ad232e3d3ce447446d954faaf
SHA12db16b4d0a80d62fe4eb7098bd961451839f45d2
SHA256e4703bed0c4c3f85d987d70db62cc28698c91b61128e6e883c01b1321257f3c7
SHA512711ca48f84c17812f81a128f87914ab1d4fe200a901bae0fb8265e503d0ec0e82ecd7212e942f8b1db337c35b57861dcbc67371ef1983db03cadcee40901aa17
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023Filesize
17KB
MD5950eca48e414acbe2c3b5d046dcb8521
SHA11731f264e979f18cdf08c405c7b7d32789a6fb59
SHA256c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2
SHA51227e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD5b58553ff6bce4c4ba776f478e02e9dea
SHA12cba867989c77ecf3cff66869fa0a4e7247bc6d6
SHA2562f3469af602265d9f0ece56e5f5aa9987b02d6e73408310f8f538634b44bb3f4
SHA51241ddb877a1833b3341548864a42c9871208eeca8967708233f672c881f56534a9cd045799cabd9a52fc51801923639c6f58608ee7f9001e29745fab7fb4644c8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD5299c131ab1485e09c70c37dd07a0641f
SHA1f790160b021060856f3a8869fe2cad4bc6d2a992
SHA2565b374aaf9b4799cbb97901ae691401aba8bf868559718bbb1a4653f6b822fb47
SHA51203f34841701ab4c8059396a0d4442f799b1b33414337c0a4601bc9f5df08aaca753fc26d8313999a0a74b1ec2d25e1523e93503142bd47afeec35c74f3df46c4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5d82044c2171690501c76b7e8c1b20b7b
SHA12b4f9b4c70770b0e898689edc9658103c1bcd524
SHA256169fcfce579c4dac2db9b71342a2861c889ff156c8ecb28976c2bc5158ff7b5d
SHA512150d0d385eee74d34f767fdbd7ce112c712ee30a8b2c6465ef6a7b0e0ff962d718fd6ae0bb934eb5afc024b1eb3a6c2cca4b08b7a392fec978a739ed60a6a446
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
419B
MD514d13fd670cbe6db2d3f3dc8fdc5fdbe
SHA1bd6b2fa4a30cafb9951dcecbd0c4d00e901abfed
SHA256a52513822ea7b5675386101972403f44f719b7b3bfded5c317a2632f181ee26c
SHA512f2e8f5ba5b0c2c5713ff3e9752993fba9e552cc8e62f0a6accca54cf0e30f49974af49572ff8f8aa1658fe4c920554703872ff3fb204a257187b5b420aaf37c7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD50beba3eb17a3bf0ae422492b42171351
SHA1ad437de1e8b97ebcaaa31aa9d2ce3fb98c27e297
SHA25643087273b5c6caf61b0a884ad42a62fd5f5c9ccfe861169e1d6aaa96e1085af6
SHA512cda11f24f1f1fcbd896774916b62a00a83cc4dc6c455ea4c401900bb9f2a624fd44dbcae78179819e1f1033ae6994892c5ae3bb1e39c065c53b2c26e55c6222d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5afa5bfc350fbd1b6bf5a4dbb8301cd0f
SHA1aa81ce171dd5ed60487b1928e44ea84a0abebd81
SHA2565d206857b2bf94e6085399c661e3a74291c350182ff9c354397df95bc9a24fdf
SHA512ab697bd862bebfc0cab153c46ffae8184d4af9cf27941b6f0ff1fc3dc773c81e3eb01e3f974968a4330cec4bfbfdb0d85ca8c318d8804e698d4a5b45eb9c8b19
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD51a182bc5ccbf74c86598243d2da88817
SHA1367449844a844df56a69e729c49be00b3179bedd
SHA256000ac5734f63445ac26aaa8d1af056010172a75eb3f6c78bede73ec75593e83d
SHA512f3be5f37b3bc4ddb386fcd28d64f8a6f8446d40e7242493880b11a1f408c8f4d90d8bb3091800585b32d4826f3f069a40e3ab28e1efdd4aa5bd69d03c0279dbe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD53b510d090b3331ecb6d518fd5bfd3883
SHA14ce831e06634234bd15606ad068129474f327447
SHA256e93567e2a9519a4d7ce7c7a47b44017e4ff0c09649232f1bea871b7d2c23f848
SHA512784ddb7f068d738e17d182c6aa49fed9497573bb719df6f65a13328d4df75b6811154a98e13c15102d7fe9320abe29aed802ac283fc761c5a39ac75408760dbe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5518390246860f1aad1804f733deaed5c
SHA129bf0a1c7ba36d556949e889c53ebdf3f6e640d2
SHA256b53e21f6c4cf1c9ddc870c7fa152558daba3bbe0f198bb5f4649be04c4821f89
SHA5124fef384fd25dce931b93f87186d838afa5f5f5a4285386689f08dcd9a6cda4e1f5c39b1a6e3640ef978d471c6ee9e4e6b69c8d857c49f8a079f40f534ed25d02
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5b9af97cfe46fe0ef02dc1884c1dc47b2
SHA172a64d06e4b6542823fdff993026df0bca2b4924
SHA2566a786b60010b193bd19a7118bcccfc19933f0291d12e757867cbb7a72d0336c2
SHA51295340763303767ca6e176a764256e128a7ad48296a92ef760d99f945c32d105f65b69b29e244ae23206b93b1aae34abf25c6284d11417fcf964f765e2a2624cf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD55b57f4d9d2d00d0166430b6199757afc
SHA1752f4840b18a1c9511925b0bd0b93635decc012c
SHA2567df6b264fceeff197bfb78c7c3187f305fb098c6be3cfcf1ca5aee15c93e8632
SHA512c3bf6df96aaf4f45198801a28875cb0cae5965509a865f35e94d00f83d10436cfbb24471bb8a7416d5bda763afd75a31a752af38e14341586064e8934169cc81
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5ea4720ddf1990360676e933f01a56dc9
SHA196cf320dfa20c81637933498fb8f46eaeeebd446
SHA2566de30d04ad78c1a916a3fe41684a131fd3066345f2032d2df03f2f4f278c46fb
SHA512dfc1253f0f1f128d5f79ebf7189557ab143bba6500f01606a81f1fee6d22433ca9ba9385b78f730ba386b0fa6ac3ac425b308c120de5cf3fa5b0d2d58bcf3f9f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5de4484e2b112460610beb930de2bf1db
SHA132e96bd2bda9cb8fcc8c532c9cc30cd91cbc42db
SHA2565a0cd41c22dd4706b7d2d31b047fb098b31c64c1f06426c7bbd212322675e43c
SHA5129560241c5a3c083a055e3803531cad000874b8aa98cfb1fc9c72d1afa197c815e7329ba2f87b219535a57c0618815102d34ca3b8e2809b7822523c15aa32ca75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d5b70669739b05ea5e19b9bb7fdabacf
SHA1187a4e3ace12ee01ce11e76da4a20ff7c47f6937
SHA25617df4ed0640598b4df2d8e350d550130d309ddac6524831b97808d8c7ca2e2e8
SHA512d26a1aeb90005babc062d226ebe58975fd21d58bfae5f6472e11957d69870c82c6e1bc65e6f49340755ff6c8bd6a9403940548da52a912a5f171680744b7794f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
72B
MD5a4a22197d5fe861993f4ca6fa062b0f8
SHA1f097bcd9b3b08e2162518231554080d9a9472a58
SHA256cb5f9616b241ea58ac7b7c67f60f71c500bc07cc80de6740f064bc096dc6248c
SHA5120dae26028e8f75826834da0ca50ef092afa056e3c420c1826017d4067d038ff13e6beb305fdd98598c64c2755939398516cc4619e6a8a38fa057914e66f96375
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ab44.TMPFilesize
48B
MD54e100706e4904daf4599910c031b6d39
SHA127c9c8bc2afad1e019379552eb1cc97bb0bcd267
SHA256773f98999100a739c41b841ab81928e9e547b29a55234551d065f421dd120c80
SHA51255453001fbb116e0dd8d6a99dbbdccb28dc36bbab7e4fababf5502a179e81fb51c5e9b5d2938768b117dce24b4421fa61d8dc653f09e1989b4e6354083c4d302
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD52435fc9c9269a02e5f8ab77c7c07ec4c
SHA1f7c3d0e58bdb84b60451efa29531f6cd28b3643a
SHA256480262ac2f1676bcfa9eded6c4fc6e195082563e9b523d22f60cff3db81a2ec0
SHA512f19852945abcd261a8c7942508b1884b6df019c0c92e4aaf70e5d004112fee9f2d9f499b44cb669b281d57906af365c5f69f07577ff6521c95df7d2558490ceb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD509ca89f98214aad632705a15f3793c8d
SHA1cc351ae35a14abba94a71b24e11d20dd93711e14
SHA256ee7953022736deac97881db2f8b7e26a9cefd1cc4cfdb3294347a9425304b99f
SHA51235926d055a5e86914d2e1f540c2d4ed6daa537e216991cf136a2f85f6bfaa1b00b0e565299765b9a5f96f1ded76f45a281c9cbd4efa410e4172dbd21402c3597
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD539a7bab32cf474b112b6e571b67e45c0
SHA1bddc4bc89b75ba02f4beb80bdc8cfe0108ddca34
SHA2566e772738658854b8013d4988e85e19a7519a54ebd7cb59de5be16b5ce461bebd
SHA5123ab9a36f9aa1277810bdf049f3555c1057d7222e08b92bc9d6111e2be046c58677be1d8b1fca608260b9901f6195710d064dc174ab8917ac371d3636efe16690
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
371B
MD50cef451b029aea5654d1f32cab6d25f3
SHA16dee23d2ad979507546949398ad709780d2a5ecc
SHA256e3c70558d333053e0a25cd99f9a4c61855944ad0f53ebdd4ec85dc306a4dc293
SHA512aeb2457380c76cb4ad66dc189b2be13594b5da432b0680b888b2b7241506e604764861b9a964b33ea544b9f2e9cab597b1a0ed7c47260ddb72a1192b5abc74df
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5825b3.TMPFilesize
371B
MD596796501fb797566929149becf8243f5
SHA12532cb0b85905136509f22382a6acb4cd90282e3
SHA25699813f3dfa7911805c99f57f214818f72dbd474e71ecb349f490f0746777db56
SHA512685e6488e88b4da1f65728ce3e959fe3d145a23c0c1b6b40e33c2d5a21fed32e87e0ab91a97a4b5f0a2aee435673af0164a71857f9fbfafbcacdfa3babccb6fc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD51bf34d92850a2fbc6127cee4b884403b
SHA134efe278c8145fb502d5c6f7bf2382d8d26f5abf
SHA256e799a914557b2e56cc0b982b5aed379ab2cb989be8aa54726b2ad7acaf03aef1
SHA5127cac51bedc2651888c0df6979656197a04692a676a7dec6052bf4ae65e0f29efff6cc01221382bff597973e429c9f051675021acb78a9faf4b061f5452b9fa0c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD58378cfdfec157f601f4b509bf1d03780
SHA162e63a459519328d1de0fc310da88bcc5fff6325
SHA256b2d40f4d29967eb09fa9e614ce99039200d678b4565be220784d0d5250790ccd
SHA512e8af2031e16aae42ceb9a0f3c38df5975bf51aa8139b586d3bf1233cbf242c7a77ba999b8e5445f46fdef946980b9a715ce605febd16051ebff6e38e5d932f3c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5a0fef964359b09549ba91d17d4323a93
SHA1d9097ffee0af9a5f749192b97bfaadf3de648020
SHA2567cb01f05809700e087b0d4e5cdf850dfbec799d3ed2d1583561b4fdbe9c63506
SHA512c09b38472efd64112b78d42e7c00426a7157eceead359b6627388b39cfe1ef93b314302a43105c523311c9eda0d3fde871c5f270035a0fb62b227f7e7afc4157
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5a62600622dde70c55df03f99824db30a
SHA1aebca412fad6ac05c129437443a313e328050017
SHA25618ced5c76e3d92f7c5054522669e6a2c02607285d83c87079d77822779f00315
SHA51220e79804f6f53ad41914442d24a53169f30884682b862045932c33b7cd82bd06511698cff939d49a615b354583d4d3e79b77f3995aa7ce9c9a284f04b654e2fb
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\10KQH7L4\account.live[1].xmlFilesize
13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_Core_SDK_3.1.417_(x64)_20240622150529_000_dotnet_runtime_3.1.23_win_x64.msi.logFilesize
3KB
MD52e9040d53b4760fcfd1e7e689088ded7
SHA1432e37e0e9905942fdbe4dbc969599e3fd35492d
SHA25657569983f2322c69735300700703cc6f46ad5997172eb0f1422775ab1ef8865a
SHA512708329b94d716680c091cc94654d8b7771ddde34be7ecaf96906dca5aafb05914bf5f03433b2fc08aa6de04262950c85f6d54e2397de88fee760adae434ebdc3
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_Core_SDK_3.1.417_(x64)_20240622150529_001_dotnet_hostfxr_3.1.23_win_x64.msi.logFilesize
2KB
MD597d938698a9c0b2fd2d3ee3f3a9953c8
SHA1ab66066f185ed9765dfe253e789c5c949d51498e
SHA256157f244e791784343034b9029b58e7f289900139b78817a455699f67c7b19b43
SHA512ae0afd41ef0d26d8a2384aaf4e5c375474a498e13a7d15d3846bbf2c063b0ef20388f27f3d2f87e60f1d91c8d7eaf4b8ec565d3cd1d66b09eecd9c4d92f621b0
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_Core_SDK_3.1.417_(x64)_20240622150529_002_dotnet_host_3.1.23_win_x64.msi.logFilesize
2KB
MD56a597514dd09ef62b41c6a2223053a45
SHA1440267b8a5c4af1798cec57f4d20443a5e96cd55
SHA256999aafff897ac14224d245a3f7cbfde92dbf83ed1de58d9359d037ee081b6449
SHA512c25f8257ed6c2a12589be5e03af7b51dff3e32463b6d1c2661600cedd98654e5fefb071d2bd16dfdce7d54f5f4026531d19a508800b6f8eef27dec6c5b74f904
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_Core_SDK_3.1.417_(x64)_20240622150529_003_dotnet_targeting_pack_3.1.0_win_x64.msi.logFilesize
2KB
MD59a44b9dc31d53b78fea4d97703ccc61c
SHA1403bf2b16fd3f261a32ca38e7a083310d685fc03
SHA2561a7e7a289381a76d54d2f086fe2d8d0881636d1f5cef54ee43d8fd0f5ec281d9
SHA512a0e47a152784c837a9d331421ebbb70c084a262cf0332dc2708ef35ee86d08562756362436a9c21a7b70f29935f1fd40f8333858f7948f456a386b5d18f8c230
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_.NET_Core_SDK_3.1.417_(x64)_20240622150529_004_dotnet_apphost_pack_3.1.23_win_x64.msi.logFilesize
2KB
MD5869c51605ec6703a0e7ec4e840dedfe0
SHA1063624748725375d968e13db55e014a7afcccd3d
SHA25695d775ad873341a71b88e2ff3dd28790753f0b2a1e9e3ba4ff0e13b19a770790
SHA5125ba5a5e799d23de7200ef70c31e2de47764fcc62e5c86fb939a98ed476e2694a9c8c561515677aae095e500ecd189f476fc2b43cb14b133df4e1884bc5423d08
-
C:\Users\Admin\Downloads\Rift-2.2.1.0.zipFilesize
7.3MB
MD5fc332b7d4d15da6be0615be37e280789
SHA15e93ce41c14a784734c381ca49385a2c57130995
SHA256837ec0e9287fcb56331695971c618ce18f14dff0107ccd5749bd51c75bccc6d6
SHA512962ab673d36d3e3856fd3ec5de3671eeb9c11039e34d988b98765d42f6b75ab460ee83ad32d6bd39e21ecb01b6a0758caca19956a7a33543e25810497ddaea27
-
C:\Users\Admin\Downloads\Unconfirmed 456478.crdownloadFilesize
1.6MB
MD5db7fb67fcec9f1c442de25f3ad59f50c
SHA1b600aa26d1cded59760304c6d77f4ff75722eabd
SHA256c227208854734bbd38c9f74f39034111733da5c7ce71515b1610aedd79417f9f
SHA512c14ec7d252a6f201dfea476d302fbc5140713cb4ea7bc8d4e610bfd806b3fa3c141153e2e9b8cb36255fba1fab4d4400ed83f5f5c1228d77d77bace41d5de7fe
-
C:\Users\Admin\Videos\Captures\desktop.iniFilesize
190B
MD5b0d27eaec71f1cd73b015f5ceeb15f9d
SHA162264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA25686d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA5127b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c
-
C:\Windows\Installer\MSI2645.tmpFilesize
202KB
MD5b2052adb8202ed24034dee4cc7bb8515
SHA19cab6ba0a629f26a0031ef7aa47f7a25eb7093cb
SHA25620056d3a5c6115fae1c4169cd5e236897215b340cb1feac71ec8297191db76b9
SHA512f8ace80d9042f9a66c5db6f5caa4e8237b4fa88b9e3fb25845313b531e8b9e38b262f5a4c74ece0d273cdc2e0017af0b046744d620feb36c2ae81c94ea1a022b
-
C:\Windows\Installer\MSIF26A.tmpFilesize
225KB
MD5d711da8a6487aea301e05003f327879f
SHA1548d3779ed3ab7309328f174bfb18d7768d27747
SHA2563d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283
SHA512c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681
-
C:\Windows\Temp\{368FB190-7207-459A-98EC-726B5E13FFF9}\.ba\bg.pngFilesize
4KB
MD59eb0320dfbf2bd541e6a55c01ddc9f20
SHA1eb282a66d29594346531b1ff886d455e1dcd6d99
SHA2569095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79
SHA5129ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d
-
C:\Windows\Temp\{368FB190-7207-459A-98EC-726B5E13FFF9}\.ba\wixstdba.dllFilesize
197KB
MD54356ee50f0b1a878e270614780ddf095
SHA1b5c0915f023b2e4ed3e122322abc40c4437909af
SHA25641a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104
SHA512b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691
-
C:\Windows\Temp\{368FB190-7207-459A-98EC-726B5E13FFF9}\AspNetCoreSharedFramework_x64Filesize
7.4MB
MD5d34d4f1d159116e71a7e1872f04cd21d
SHA1a97e6da8ebfb7b76308d2f455ebb45558d5d4fd4
SHA2567d811d61fd5e7d4ddfd36d74c840251763727a777e97e7bccdb0cb490bf97c14
SHA51271094f94f1f23a8388802673d580fb77d428c4e4e7a238e8d028610adcccb05b33042470f7b00d184de3acf3237cb7a8cad5bf8b08bab966713bb269f35d0886
-
C:\Windows\Temp\{368FB190-7207-459A-98EC-726B5E13FFF9}\aspnetcore_targeting_pack_3.1.10_servicing.20520.4_win_x64.msiFilesize
1.7MB
MD515e6242bc595221796db260f2272d6c8
SHA156459d67eea54046252ed6bc20c12feed8ac4049
SHA25695c883c38b35bf3118fb7ede1940d7b29216e2c85ceeddaea23d898f02cf1d35
SHA512e033b62e1750d801a4d2158e5a0fe64b053b582467a0e361acd24d58f298c2a53cce880dd0dbe8209965200fe9c7ff4eea1d9c8b96b3118bb1256f9db157c7f9
-
C:\Windows\Temp\{368FB190-7207-459A-98EC-726B5E13FFF9}\dotnet_31templates_3.1.417_servicing_015931_win_x64.msiFilesize
2.3MB
MD5b579f4236fb254d81cc95d765820e6bd
SHA14b26c4489851f2a714d69d79e1b3638b1056849c
SHA2567f5bfe739426cb761ce0faeab459af18e99b5a09d85901c8b61cd6bcd18a33bf
SHA5126d6d476973ca54a8e28e8c5d88542153f26f2858657327f4b0900e77df7dc2a0f051a37dc3ba88cb6e884e54c0fdfee7a6bb2530f46dea9933440e4b2a8e238f
-
C:\Windows\Temp\{368FB190-7207-459A-98EC-726B5E13FFF9}\dotnet_apphost_pack_3.1.23_win_x64.msiFilesize
916KB
MD5a5d8e81fd1eae020ecc975d3f2878236
SHA13d4564cb9ed673ab54d294b57cdad9eb2be2f74a
SHA256705649e276ac73c5f0b6eb91c364c896a4cccb75d74076ee2731a48e6462c482
SHA5129491f7e4d9c299a67f12a42c3b455809650f3c8d5b0e139413c7fac39e99e8502024bcd06da35e5267be204578d77e68091609daafc04db22bf569c52dd430a0
-
C:\Windows\Temp\{368FB190-7207-459A-98EC-726B5E13FFF9}\dotnet_apphost_pack_3.1.23_win_x64_arm.msiFilesize
884KB
MD50443c39c5e8a534248196e431ec4a0f3
SHA1d0613deffe00af434a8be442aaa0f2b9cb9d880c
SHA2569c1ac294893d07c9113ca253511af0efe8dd285d4ddc76bd11892420a5e25a52
SHA5129cfcd19e26468d677e421b5aab7d834a0588e2b7c55559a0b09c16f36b8e305e229460ca995c932b766a06682c5f0b5db4baae44e9371d084122b2c895ee040d
-
C:\Windows\Temp\{368FB190-7207-459A-98EC-726B5E13FFF9}\dotnet_apphost_pack_3.1.23_win_x64_arm64.msiFilesize
884KB
MD5d24647a56bfcc464f349994dc23f33ac
SHA14a889768ed3f37ad51463a4b1f428be00468cb26
SHA2564513f2d16e37c56cf6ca702338548ede3edff3c98c6e8beeae7745484aa41e55
SHA512065a99915bd1812917b98a323d276b331be8436c2f5e11e89b196945b87bc0bbd544b5caf039513670bcd483f1be7891cb61fb6f97caa6ea2e20abcabca28138
-
C:\Windows\Temp\{368FB190-7207-459A-98EC-726B5E13FFF9}\dotnet_apphost_pack_3.1.23_win_x64_x86.msiFilesize
880KB
MD52272ab912f4e8b99030d8921b2cee8f3
SHA1a10267cb8e5b416350ecf745e7ca51481f84e5e6
SHA2560a8820aa0387e94a7a88eea93745274ab61f1b3d2dae13facb6f92909e5333ff
SHA51231b2ec049bd6954f74a654aa55ceda93147ca9f83ab560be2ef1997c2dacc22cac53dc3a6328fdd4ec3350b32c693a29e07b71a68d330043ba26909b3a0be478
-
C:\Windows\Temp\{368FB190-7207-459A-98EC-726B5E13FFF9}\dotnet_host_3.1.23_win_x64.msiFilesize
736KB
MD5aceda5df5ce45a37b8c490c1f0d01dd0
SHA12c6a116000797a07d6816d7bb3ec841f11a1a9e3
SHA256237715d70986cac351308471e9c3b1a0280112aa6a95589cafc64d3b6c97370a
SHA512d7a3e0a7c317edbaab3b447f9d17c5a11d15b745a3c389a679bc9c2a12d87695ef20131f8ce857821280bb71f9770e2b0b28e3fb8872cc1a5b006fc5f5f04415
-
C:\Windows\Temp\{368FB190-7207-459A-98EC-726B5E13FFF9}\dotnet_hostfxr_3.1.23_win_x64.msiFilesize
876KB
MD5bdac47081ffc5138218a4b915292be40
SHA128e110d0341135f83f9a387835f6a9ce2e166963
SHA256e144502d8e1a0e48149d9108e601a916a6c0bacc6580a412d95d385b1c0f67c2
SHA512165db17a407f3dcfb0c97175c355b8621f3a8219d1aaf814bb4d377f7ab389674d8968aa1206624f1aaa2542580a900b81550ced9a2cde7fc6aee4fcddee456e
-
C:\Windows\Temp\{368FB190-7207-459A-98EC-726B5E13FFF9}\dotnet_runtime_3.1.23_win_x64.msiFilesize
24.0MB
MD56c0ea403d3fb2a8aa34c888d11e7fbce
SHA1e87c87c7e6d3623254a89c1d73e05bdad930e252
SHA2565987cfc1c25822049c0efc632971b79ca0e7c6c63831f59dc2711853599799d2
SHA512a2f4f2f4dbd96a000337a8709178267a4ce0c4ebd270f562a0ebc8247f18484ba9327f30fa0e576e9884c3ec055423b25d10da582dbdaca27c48838ddb26c2a8
-
C:\Windows\Temp\{368FB190-7207-459A-98EC-726B5E13FFF9}\dotnet_targeting_pack_3.1.0_win_x64.msiFilesize
2.9MB
MD5ad23a50ee625c2d80c0034df504978c0
SHA17f3aaf89187d5af92288e90777cee6ffcd7c48d4
SHA2563d5db01fa2190c57b265d499fb5bd7d375e458878821bab4e0b878ce8f93ef5f
SHA51227f02dbe49094f2c691aede8eb4ec81cc76913e3626a8bd181ef83f2b01b44a42862de1f6471ec844966608e04b070860afb5cff92cd2e5b59000104c6f3fa83
-
C:\Windows\Temp\{368FB190-7207-459A-98EC-726B5E13FFF9}\netstandard_targeting_pack_2.1.0_win_x64.msiFilesize
2.2MB
MD5584af811f7462070bd3c37d1b57f3583
SHA172444392f17cb5cecfa7c913fbb2706b5c01c242
SHA256d270e7f8f29ecf30bf4e06d21663ec1a36cfbd8d535cd1a4d011d693e646506f
SHA512ba4cfe9fff8516de39333f6d71a3baa2c3b0d1f0d53b0bc7cf4be70b8c2245a9653485f6eb2d85e36574dcb1dae9bbe4009a2a315f52b5a3710d479115cdffb2
-
C:\Windows\Temp\{368FB190-7207-459A-98EC-726B5E13FFF9}\windowsdesktop_runtime_3.1.23_win_x64.msiFilesize
27.3MB
MD5b4152fb7a315afa33b75af365a28ab64
SHA16fb12e36cdffc4d6267d8678c9eb5eda513771d3
SHA256c40965dad99d9833a99ad145d0d6c7565e7de5d9eac9aba911ea126efcd9203a
SHA5126bce164c2ab5805904214e2bbeddc4e4d276781abf88b6c13a3b35b55c82657b94c29ccb2da1d2e770ce2001d29524c14813d15ac3f1277f44bb00cf5431054e
-
C:\Windows\Temp\{368FB190-7207-459A-98EC-726B5E13FFF9}\windowsdesktop_targeting_pack_3.1.0_win_x64.msiFilesize
3.2MB
MD59752caa84adad4820351ff015063e781
SHA155a62e73daceac6272a9a8f997bf39d477910f84
SHA2566c00f3386f793b1d5274a51686547d24277e9233725f1a4fb67401f008590ee7
SHA512eb564ebe082cda495fac4e0a85651c642b859994e7e79de463bb32145a96a8d251a28515c3a5e985f6bed44adbdf04c83aba6bcb6683cb7a1b6f2cf4b3b89cf6
-
C:\Windows\Temp\{FE3CC186-00E9-4CF1-84B6-487E7481ACA1}\.cr\dotnet-sdk-3.1.417-win-x64.exeFilesize
606KB
MD5dc89fb275eb58a4925618726851b9939
SHA102c5e7c78307a79a3e661582ce13fae6b8367a43
SHA256cacb138abb59d520baa3dfa4d9132f4f3a9cbb042d617ecde2d691f76804f7c9
SHA5125dac4d80f25a35e9b106cd8b5126f02401d5ae437847d84e66df41c26a8aef8595f8eccbe28022ed64952960b3bfa003dcd2badc3f137a71607e67400b03711a
-
\??\pipe\LOCAL\crashpad_4476_PXHYONPMPEELNIFTMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/892-5871-0x0000019705CD0000-0x0000019705CD1000-memory.dmpFilesize
4KB
-
memory/892-5870-0x0000019705CD0000-0x0000019705CD1000-memory.dmpFilesize
4KB
-
memory/892-5863-0x0000019705CD0000-0x0000019705CD1000-memory.dmpFilesize
4KB
-
memory/892-5864-0x0000019705CD0000-0x0000019705CD1000-memory.dmpFilesize
4KB
-
memory/892-5865-0x0000019705CD0000-0x0000019705CD1000-memory.dmpFilesize
4KB
-
memory/892-5869-0x0000019705CD0000-0x0000019705CD1000-memory.dmpFilesize
4KB
-
memory/892-5875-0x0000019705CD0000-0x0000019705CD1000-memory.dmpFilesize
4KB
-
memory/892-5874-0x0000019705CD0000-0x0000019705CD1000-memory.dmpFilesize
4KB
-
memory/892-5873-0x0000019705CD0000-0x0000019705CD1000-memory.dmpFilesize
4KB
-
memory/892-5872-0x0000019705CD0000-0x0000019705CD1000-memory.dmpFilesize
4KB
-
memory/2324-6074-0x0000017474E10000-0x0000017474E30000-memory.dmpFilesize
128KB
-
memory/2324-6181-0x0000017478150000-0x0000017478250000-memory.dmpFilesize
1024KB
-
memory/2324-7054-0x0000017477780000-0x00000174777A0000-memory.dmpFilesize
128KB
-
memory/2324-6188-0x0000017478360000-0x0000017478460000-memory.dmpFilesize
1024KB
-
memory/2324-6217-0x00000174784D0000-0x00000174785D0000-memory.dmpFilesize
1024KB
-
memory/2324-6259-0x0000017478EF0000-0x0000017478FF0000-memory.dmpFilesize
1024KB
-
memory/2324-6182-0x0000017478150000-0x0000017478250000-memory.dmpFilesize
1024KB
-
memory/2324-6554-0x000001747A000000-0x000001747A020000-memory.dmpFilesize
128KB
-
memory/2324-6177-0x0000017477E20000-0x0000017477E40000-memory.dmpFilesize
128KB
-
memory/2324-6334-0x00000174793F0000-0x00000174794F0000-memory.dmpFilesize
1024KB
-
memory/2324-6336-0x000001747A680000-0x000001747A780000-memory.dmpFilesize
1024KB
-
memory/2324-6515-0x000001747B680000-0x000001747B780000-memory.dmpFilesize
1024KB
-
memory/4524-5366-0x0000000074500000-0x000000007471F000-memory.dmpFilesize
2.1MB
-
memory/4524-5382-0x0000000074500000-0x000000007471F000-memory.dmpFilesize
2.1MB
-
memory/4524-5433-0x00000000009F0000-0x0000000000A25000-memory.dmpFilesize
212KB
-
memory/4524-5365-0x00000000009F0000-0x0000000000A25000-memory.dmpFilesize
212KB
