zloader | ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

Analysis

max time kernel
1003s
max time network
987s
platform
windows10-1703_x64
resource
win10-20230220-es
resource tags

arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
12-03-2023 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

krnl_beta.exe
Size

1.8MB
MD5

3701dc535fb395d6a1fb557a3aeec5e9
SHA1

ef517659229ddc6ecfc02481c3953ac9322dae35
SHA256

ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537
SHA512

20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2
SSDEEP

49152:+P1uB0SVp4+KSxyrRUzS65+x+rnxYr9PC:+Pk0ST4+RgRUzS65+x1ZPC

Score

10^/10

zloader botnet microsoft discovery evasion persistence phishing spyware stealer trojan

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

Processes:

RobloxPlayerBeta.exe

description pid process target process

PID 4924 created 2844 4924 RobloxPlayerBeta.exe Explorer.EXE
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader
Downloads MZ/PE file

description	pid	process	target process
PID 4924 created 2844	4924	RobloxPlayerBeta.exe	Explorer.EXE

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Senas Whare - Linkvertise Downloader_r-0kmm1.tmpRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exeKrnlUI.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation	Senas Whare - Linkvertise Downloader_r-0kmm1.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation	KrnlUI.exe

Executes dropped EXE 41 IoCs

Processes:

7za.exe7za.exeKrnlUI.exendp481-web.exeSetup.exekrnl_beta.exe7za.exe7za.exeKrnlUI.exeFluxus V7.exeFluxus V7.exeSenas Whare - Linkvertise Downloader_r-0kmm1.exeSenas Whare - Linkvertise Downloader_r-0kmm1.tmpSena's Whare.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeZeus.exeZeusInjector.exeZeus.exeZeusInjector.exeZeus.exeZeusInjector.exeZeus.exeZeusInjector.exeZeus.exeZeusInjector.exeZeus.exeZeusInjector.exeQuickLaunch_Minecraft_Setup.exeQuickLaunchInstaller.exeQuickLaunchInstaller.exeQuickLaunchInstaller.exeQuickLaunch_Minecraft_Setup.exeQuickLaunchInstaller.exeadawareinstaller.exesetup.exesetup.exe

pid	process
4112	7za.exe
1812	7za.exe
4852	KrnlUI.exe
5912	ndp481-web.exe
6004	Setup.exe
216	krnl_beta.exe
1620	7za.exe
5652	7za.exe
1204	KrnlUI.exe
1580	Fluxus V7.exe
5448	Fluxus V7.exe
1856	Senas Whare - Linkvertise Downloader_r-0kmm1.exe
4668	Senas Whare - Linkvertise Downloader_r-0kmm1.tmp
2056	Sena's Whare.exe
4900	RobloxPlayerLauncher.exe
5368	RobloxPlayerLauncher.exe
4864	RobloxPlayerLauncher.exe
5992	RobloxPlayerLauncher.exe
4924	RobloxPlayerBeta.exe
6076	RobloxPlayerBeta.exe
1020	Zeus.exe
5296	ZeusInjector.exe
3440	Zeus.exe
3996	ZeusInjector.exe
1204	Zeus.exe
5592	ZeusInjector.exe
4780	Zeus.exe
2376	ZeusInjector.exe
5536	Zeus.exe
5476	ZeusInjector.exe
5028	Zeus.exe
5976	ZeusInjector.exe
5620	QuickLaunch_Minecraft_Setup.exe
1140	QuickLaunchInstaller.exe
6368	QuickLaunchInstaller.exe
6888	QuickLaunchInstaller.exe
7056	QuickLaunch_Minecraft_Setup.exe
6632	QuickLaunchInstaller.exe
5960	adawareinstaller.exe
1432	setup.exe
1640	setup.exe

Loads dropped DLL 20 IoCs

Processes:

krnl_beta.exeSetup.exekrnl_beta.exeFluxus V7.exeSenas Whare - Linkvertise Downloader_r-0kmm1.tmpSena's Whare.exeRobloxPlayerBeta.exe

pid	process
2268	krnl_beta.exe
2268	krnl_beta.exe
6004	Setup.exe
6004	Setup.exe
6004	Setup.exe
6004	Setup.exe
216	krnl_beta.exe
216	krnl_beta.exe
5448	Fluxus V7.exe
4668	Senas Whare - Linkvertise Downloader_r-0kmm1.tmp
4668	Senas Whare - Linkvertise Downloader_r-0kmm1.tmp
4668	Senas Whare - Linkvertise Downloader_r-0kmm1.tmp
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
4924	RobloxPlayerBeta.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Adds Run key to start application 2 TTPs 1 IoCs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Windows\CurrentVersion\Run chrome.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe

Drops desktop.ini file(s) 3 IoCs

Processes:

GamePanel.exeQuickLaunchInstaller.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	GamePanel.exe
File created	C:\Windows\assembly\Desktop.ini	QuickLaunchInstaller.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	QuickLaunchInstaller.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Fluxus V7.exe

description	ioc	process
File opened (read-only)	\??\P:	Fluxus V7.exe
File opened (read-only)	\??\Q:	Fluxus V7.exe
File opened (read-only)	\??\V:	Fluxus V7.exe
File opened (read-only)	\??\W:	Fluxus V7.exe
File opened (read-only)	\??\X:	Fluxus V7.exe
File opened (read-only)	\??\Y:	Fluxus V7.exe
File opened (read-only)	\??\Z:	Fluxus V7.exe
File opened (read-only)	\??\H:	Fluxus V7.exe
File opened (read-only)	\??\B:	Fluxus V7.exe
File opened (read-only)	\??\E:	Fluxus V7.exe
File opened (read-only)	\??\F:	Fluxus V7.exe
File opened (read-only)	\??\G:	Fluxus V7.exe
File opened (read-only)	\??\I:	Fluxus V7.exe
File opened (read-only)	\??\M:	Fluxus V7.exe
File opened (read-only)	\??\N:	Fluxus V7.exe
File opened (read-only)	\??\A:	Fluxus V7.exe
File opened (read-only)	\??\T:	Fluxus V7.exe
File opened (read-only)	\??\R:	Fluxus V7.exe
File opened (read-only)	\??\U:	Fluxus V7.exe
File opened (read-only)	\??\L:	Fluxus V7.exe
File opened (read-only)	\??\K:	Fluxus V7.exe
File opened (read-only)	\??\O:	Fluxus V7.exe
File opened (read-only)	\??\S:	Fluxus V7.exe
File opened (read-only)	\??\J:	Fluxus V7.exe

Detected potential entity reuse from brand microsoft.
phishing microsoft
Suspicious use of SetThreadContext 1 IoCs

Processes:

RobloxPlayerBeta.exe

description pid process target process

PID 4924 set thread context of 6076 4924 RobloxPlayerBeta.exe RobloxPlayerBeta.exe

description	pid	process	target process
PID 4924 set thread context of 6076	4924	RobloxPlayerBeta.exe	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

Processes:

RobloxPlayerLauncher.exe

description	ioc	process
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-09990ed6-a147b962\ExperienceChat\Actions\BubbleChatSettingsChanged.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\LuaProfileDeps\LuaProfileDeps\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Workspace\Packages\JestGlobals.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsCarousel\FriendsCarousel\Components\Carousel\getCarouselFetchingStatus.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialChatToast\SocialChatToast\Toast.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\textures\ui\LuaChatV2\actions_notificationOn@2x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GameDetailRodux\Result.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\VirtualEvents\VirtualEvents\enums.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\Rodux.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\content\textures\advancedMoveResize.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\content\textures\ui\scrollbuttonUp.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\content\textures\ui\TopBar\HealthBarBase.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\Dash\Dash\mapFirst.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\RoduxProfile\DebugUtils.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Control\Slot\SlotTray.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\FriendsLanding\Components\AddFriends\AddFriendsContactImporterBanner\AddFriendsContactImporterBanner.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\NetworkingVirtualEvents\NetworkingVirtualEvents\requests\createDeleteVirtualEvent.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\content\textures\StudioToolbox\AssetPreview\vote_up.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\content\textures\ui\VoiceChat\MicLight\Unmuted0@3x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\Collections\InstanceOf.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\Collections\Collections\Object\assign.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\JestSnapshot-edcba0e9-3.2.1\Promise.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\DiscoverabilityModal\DiscoverabilityModal\Analytics\Enums\BtnValues.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\content\textures\TerrainTools\icon_tick.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\Flags\getFFlagSocialTabUseUIBloxCarouselForFriends.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\content\textures\Debugger\Breakpoints\breakpoint_enabled@1x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\utilities\concatAST.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Fetch\Fetch\AbortSignal.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Http\Http\Requests\ThumbnailsGetAvatar.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\VirtualEvents\VirtualEvents\Reducers\experienceDetails.impl.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-aa874f8b-86a611f7\RoduxFriends\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsCarousel\FriendsCarousel\Flags\FriendsCarouselIXP.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\content\textures\MaterialManager\Apply_to_Selection.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\content\textures\ui\Settings\Help\XButtonDark.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\content\textures\ui\TopBar\iconBase.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\link\core\execute.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\utilities\globals\DEV.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\validation\rules\KnownDirectivesRule.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\Expect-edcba0e9-3.2.1\RegExp.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-09990ed6-a147b962\ExperienceChat\getOtherDisplayNameInWhisperChannel.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-09990ed6-a147b962\ExperienceChat\installReducer\CanLocalUserChat.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\RobloxRequests\RobloxRequests\src\response.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\LuaSocialLibrariesDeps.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\content\textures\DeveloperFramework\Favorites\star_filled.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\textures\ui\LuaChat\icons\ic-more.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\NetworkingCall\lock.toml	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\roblox_networking-chat\networking-chat\networkRequests\createGetRolloutSettings.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\roblox_networking-chat\networking-chat\networkRequests\createGetUserConversations.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\TestEZ\TestEZ\Expectation.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\content\textures\advClosed-hand-no-weld.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\Picomatch\lock.toml	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\UserLib\UserLib\Actions\ReceivedDisplayName.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\JestEnvironmentLuau\JestMock.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\JestReporters-edcba0e9-3.2.1\JestReporters\getSnapshotSummary.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\TestUtils-edcba0e9-3.2.1\TestUtils\config.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\Utils\Utils\observableToAsyncIterable.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Analytics\Analytics\AnalyticsReporters\Influx.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\VerifiedBadges\VerifiedBadges\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\cache\core\types\DataProxy.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\DomTestingLibrary\DomTestingLibrary\__tests__\element-queries.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-e5bec545-6ef031c0\RoduxFriends\Reducers\Friends\byUserId.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-e5bec545-6ef031c0\RoduxFriends\Reducers\Friends\requests\nextPageCursor.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\AppCommonLib\AppCommonLib\Signal.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ContactImporter\ContactImporter\Analytics\DiagEvents.lua	RobloxPlayerLauncher.exe

Drops file in Windows directory 19 IoCs

Processes:

svchost.exeSecHealthUI.exeMicrosoftEdge.exeRobloxPlayerBeta.exeQuickLaunchInstaller.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeSecHealthUI.exesvchost.exeSecHealthUI.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\INF\netrasa.PNF	svchost.exe
File created	C:\Windows\rescache\_merged\4272278488\3302449443.pri	SecHealthUI.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File opened for modification	C:\Windows\INF\msmouse.PNF	RobloxPlayerBeta.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	QuickLaunchInstaller.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\enterprisesec.config.cch.new	QuickLaunchInstaller.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\4272278488\3302449443.pri	SecHealthUI.exe
File created	C:\Windows\INF\netsstpa.PNF	svchost.exe
File created	C:\Windows\rescache\_merged\4272278488\3302449443.pri	SecHealthUI.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\assembly\Desktop.ini	QuickLaunchInstaller.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\assembly	QuickLaunchInstaller.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\security.config.cch.new	QuickLaunchInstaller.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 4 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
3488	5748	WerFault.exe	SecHealthUI.exe
2636	2064	WerFault.exe	SecHealthUI.exe
4412	4828	WerFault.exe	SecHealthUI.exe
8	2056	WerFault.exe	Sena's Whare.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

svchost.exeGamePanel.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exeSetup.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exeFluxus V7.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Fluxus V7.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Fluxus V7.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 15 IoCs

adware spyware

Modify Registry

T1112

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exeMicrosoftEdge.exebrowser_broker.exeMicrosoftEdgeCP.exeRobloxPlayerBeta.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

svchost.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeRobloxPlayerLauncher.exebrowser_broker.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeRobloxPlayerLauncher.exefirefox.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\FirstRecoveryTime = 84a3779c5945d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "376"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{7F7E7586-6EDC-47F2-AFCD-92C317214B4 = "8320"	browser_broker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2237f76d2655d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{BEBA5869-5F7B-4A2A-AFE1-B8BCCE04015A} = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url4 = "https://login.live.com/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "122"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "392"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{7F7E7586-6EDC-47F2-AFCD-92C317214B4 = 0114020000000000c0000000000000464c0000000114020000000000c0000000000000468300000020000000542af5662655d901542af5662655d9016f6402672655d901e04816000000000001000000000000000000000000000000a10314001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000050003100000000000000000010005573657273003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005500730065007200730000001400500031000000000000000000100041646d696e003c0009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000410064006d0069006e000000140056003100000000000000000010004170704461746100400009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000041007000700044006100740061000000160050003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014005a003100000000000000000010005061636b616765730000420009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005000610063006b00610067006500730000001800b0003100000000000000000010004d6963726f736f66742e4d6963726f736f6674456467655f3877656b796233643862627765007c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004d006900630072006f0073006f00660074002e004d006900630072006f0073006f006600740045006400670065005f003800770065006b00790062003300640038006200620077006500000034005c0031000000000000000000100054656d70537461746500440009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000540065006d00700053007400610074006500000018005c00310000000000000000001000446f776e6c6f61647300440009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000044006f0077006e006c006f00610064007300000018006a003200e04816006c56b5a820004e44503438317e312e45584500004e0009000400efbe6c56b5a86c56b5a82e0000000000000000000000000000000000000000000000000091b2a0006e00640070003400380031002d007700650062002e0065007800650000001c000000a40000001c000000010000001c0000003400000000000000a300000018000000030000009df20d811000000057696e646f777300433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c5061636b616765735c4d6963726f736f66742e4d6963726f736f6674456467655f3877656b7962336438626277655c54656d7053746174655c446f776e6c6f6164735c6e64703438312d7765622e657865000010000000050000a028000000cd0000001c0000000b0000a08f856c5e220e60479afeea3317b67173cd00000060000000030000a05800000000000000796a69796b656262000000000000000068e46ec9e9e12446b6e7e18c11a9ed3fdff2655a5db1ed11a854ee854b86f7f968e46ec9e9e12446b6e7e18c11a9ed3fdff2655a5db1ed11a854ee854b86f7f9ce000000090000a08900000031535053e28a5846bc4c3843bbfc139326986dce6d00000004000000001f0000002e00000053002d0031002d0035002d00320031002d003600340030003000300031003600390038002d0033003700350034003500310032003300390035002d0033003200370035003500360035003400330039002d0031003000300030000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d0000006800000000480000008a1eacd9000000000000d01200000000000000000000000000000000	browser_broker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000b1e45fadb1f4d81e3781aa22aaa86f64c1cca275768cf14366c9fc02c09ee478627b702b4ed15110680a4f83f7abe0409ee36712f8e7f158b8d7a5823b146e44b63a825c26330e6942052ab8fc5b70d0b8f34b133558589a86a67800dc4690d7abc2fbff4d3a79e1ea10b7c1c2d834997d9c5f504cfd1a3adfd6fdb82656d40b51b4ebe0d005381653cd843dca426251657e2b6694f7c12e6e087469c9620fc7b8ae38e9d6b6105f80da0c77e4b9b8557e39104a99667f701cda1497728ccd26165221bd4d6c20f194d9e0debc5d4bf2746d5f73626b3f867aeddeee8ff25667b83e84ea6a477f5409699dc7a74ec27c5cba918e6c2423637fe1a5a946b6a2a7f1137ba8f0665b27f329de8c9eac753b75c0bec78eb2e28f8856260cb9f65c7a7772f923d1ebd036fcbb80d59197af1b801e389d8f35baa9aeeca1ee35d49644fef9e35ebdf57cdc30bea1699b2f5940b676394810ce242f85439a57ad6e4e720f4adf9f07a4dab7a6d13a127995e053d8676fb4e99bbd9a6dfcc92714e64e70e203426f651837b2f0968e8b77e71bb4a7914f02dabdd6d022e3ec958d39d5e58d8efb03eb14	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-7b56ddc3755a46c6\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root	MicrosoftEdge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PageSetup	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "14"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System	browser_broker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\y2k06.xyz\ = "0"	MicrosoftEdgeCP.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

QuickLaunchInstaller.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d42000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd942000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	QuickLaunchInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	QuickLaunchInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	QuickLaunchInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	QuickLaunchInstaller.exe

NTFS ADS 2 IoCs

Processes:

browser_broker.exebrowser_broker.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp481-web.exe.saesgj1.partial:Zone.Identifier	browser_broker.exe
File opened for modification	C:\Users\Admin\Downloads\Senas_Whare.zip.r43h8jo.partial:Zone.Identifier	browser_broker.exe

Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.

Processes:

description flow ioc

HTTP User-Agent header 791 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

vlc.exe

pid process

5992 vlc.exe

description	flow	ioc
HTTP User-Agent header	791	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

pid	process
5992	vlc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Setup.exechrome.exechrome.exeFluxus V7.exeFluxus V7.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exeSena's Whare.exe

pid	process
6004	Setup.exe
6004	Setup.exe
6004	Setup.exe
6004	Setup.exe
6004	Setup.exe
6004	Setup.exe
6004	Setup.exe
6004	Setup.exe
4344	chrome.exe
4344	chrome.exe
516	chrome.exe
516	chrome.exe
1580	Fluxus V7.exe
1580	Fluxus V7.exe
1580	Fluxus V7.exe
5448	Fluxus V7.exe
5448	Fluxus V7.exe
5448	Fluxus V7.exe
5448	Fluxus V7.exe
4900	RobloxPlayerLauncher.exe
4900	RobloxPlayerLauncher.exe
4900	RobloxPlayerLauncher.exe
4900	RobloxPlayerLauncher.exe
4900	RobloxPlayerLauncher.exe
4900	RobloxPlayerLauncher.exe
4900	RobloxPlayerLauncher.exe
4900	RobloxPlayerLauncher.exe
4900	RobloxPlayerLauncher.exe
4900	RobloxPlayerLauncher.exe
4924	RobloxPlayerBeta.exe
4924	RobloxPlayerBeta.exe
4924	RobloxPlayerBeta.exe
4924	RobloxPlayerBeta.exe
4924	RobloxPlayerBeta.exe
4924	RobloxPlayerBeta.exe
4924	RobloxPlayerBeta.exe
4924	RobloxPlayerBeta.exe
4924	RobloxPlayerBeta.exe
4924	RobloxPlayerBeta.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe
2056	Sena's Whare.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

vlc.exeRobloxPlayerBeta.exe

pid process

5992 vlc.exe
4924 RobloxPlayerBeta.exe
Suspicious behavior: LoadsDriver 6 IoCs

Processes:

pid

4
4
4
4
4
636
Suspicious behavior: MapViewOfSection 6 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid process

928 MicrosoftEdgeCP.exe
928 MicrosoftEdgeCP.exe
928 MicrosoftEdgeCP.exe
928 MicrosoftEdgeCP.exe
976 MicrosoftEdgeCP.exe
976 MicrosoftEdgeCP.exe

pid	process
5992	vlc.exe
4924	RobloxPlayerBeta.exe

pid
4
4
4
4
4
636

pid	process
928	MicrosoftEdgeCP.exe
928	MicrosoftEdgeCP.exe
928	MicrosoftEdgeCP.exe
928	MicrosoftEdgeCP.exe
976	MicrosoftEdgeCP.exe
976	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exe

pid	process
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

krnl_beta.exe7za.exe7za.exefirefox.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exesvchost.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	2268	krnl_beta.exe
Token: SeRestorePrivilege	4112	7za.exe
Token: 35	4112	7za.exe
Token: SeSecurityPrivilege	4112	7za.exe
Token: SeSecurityPrivilege	4112	7za.exe
Token: SeRestorePrivilege	1812	7za.exe
Token: 35	1812	7za.exe
Token: SeSecurityPrivilege	1812	7za.exe
Token: SeSecurityPrivilege	1812	7za.exe
Token: SeDebugPrivilege	220	firefox.exe
Token: SeDebugPrivilege	220	firefox.exe
Token: SeDebugPrivilege	3556	MicrosoftEdge.exe
Token: SeDebugPrivilege	3556	MicrosoftEdge.exe
Token: SeDebugPrivilege	3556	MicrosoftEdge.exe
Token: SeDebugPrivilege	3556	MicrosoftEdge.exe
Token: SeDebugPrivilege	3840	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3840	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3840	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3840	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3040	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3040	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3556	MicrosoftEdge.exe
Token: SeShutdownPrivilege	3840	svchost.exe
Token: SeCreatePagefilePrivilege	3840	svchost.exe
Token: SeLoadDriverPrivilege	3840	svchost.exe
Token: SeLoadDriverPrivilege	3840	svchost.exe
Token: SeLoadDriverPrivilege	3840	svchost.exe
Token: SeLoadDriverPrivilege	3840	svchost.exe
Token: SeLoadDriverPrivilege	3840	svchost.exe
Token: SeLoadDriverPrivilege	3840	svchost.exe
Token: SeLoadDriverPrivilege	3840	svchost.exe
Token: SeLoadDriverPrivilege	3840	svchost.exe
Token: SeLoadDriverPrivilege	3840	svchost.exe
Token: SeLoadDriverPrivilege	3840	svchost.exe
Token: SeLoadDriverPrivilege	3840	svchost.exe
Token: SeLoadDriverPrivilege	3840	svchost.exe
Token: SeLoadDriverPrivilege	3840	svchost.exe
Token: SeLoadDriverPrivilege	3840	svchost.exe
Token: SeLoadDriverPrivilege	3840	svchost.exe
Token: SeLoadDriverPrivilege	3840	svchost.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

krnl_beta.exefirefox.exevlc.exechrome.exe7zG.exeFluxus V7.exe

pid	process
2268	krnl_beta.exe
220	firefox.exe
220	firefox.exe
220	firefox.exe
220	firefox.exe
5992	vlc.exe
5992	vlc.exe
5992	vlc.exe
5992	vlc.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
6036	7zG.exe
1580	Fluxus V7.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exevlc.exechrome.exe

pid	process
220	firefox.exe
220	firefox.exe
220	firefox.exe
5992	vlc.exe
5992	vlc.exe
5992	vlc.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe

Suspicious use of SetWindowsHookEx 14 IoCs

Processes:

firefox.exeMicrosoftEdge.exeMicrosoftEdgeCP.exendp481-web.exeSecHealthUI.exevlc.exeSecHealthUI.exeSecHealthUI.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeRobloxPlayerBeta.exe

pid	process
220	firefox.exe
3556	MicrosoftEdge.exe
928	MicrosoftEdgeCP.exe
928	MicrosoftEdgeCP.exe
5912	ndp481-web.exe
5748	SecHealthUI.exe
5992	vlc.exe
2064	SecHealthUI.exe
4828	SecHealthUI.exe
2380	MicrosoftEdge.exe
976	MicrosoftEdgeCP.exe
976	MicrosoftEdgeCP.exe
4924	RobloxPlayerBeta.exe
4924	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

krnl_beta.exefirefox.exefirefox.exe

description	pid	process	target process
PID 2268 wrote to memory of 4112	2268	krnl_beta.exe	7za.exe
PID 2268 wrote to memory of 4112	2268	krnl_beta.exe	7za.exe
PID 2268 wrote to memory of 4112	2268	krnl_beta.exe	7za.exe
PID 2064 wrote to memory of 220	2064	firefox.exe	firefox.exe
PID 2064 wrote to memory of 220	2064	firefox.exe	firefox.exe
PID 2064 wrote to memory of 220	2064	firefox.exe	firefox.exe
PID 2064 wrote to memory of 220	2064	firefox.exe	firefox.exe
PID 2064 wrote to memory of 220	2064	firefox.exe	firefox.exe
PID 2064 wrote to memory of 220	2064	firefox.exe	firefox.exe
PID 2064 wrote to memory of 220	2064	firefox.exe	firefox.exe
PID 2064 wrote to memory of 220	2064	firefox.exe	firefox.exe
PID 2064 wrote to memory of 220	2064	firefox.exe	firefox.exe
PID 2064 wrote to memory of 220	2064	firefox.exe	firefox.exe
PID 2064 wrote to memory of 220	2064	firefox.exe	firefox.exe
PID 220 wrote to memory of 760	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 760	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe
PID 220 wrote to memory of 3932	220	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe
"C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe"
2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2268

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl" -aoa -bsp1
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4112

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl\Community" -aoa -bsp1
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1812

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
"C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
PID:4852

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:2064

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
3⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:220

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.0.403840132\683308030" -parentBuildID 20221007134813 -prefsHandle 1656 -prefMapHandle 1644 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be679522-f8ca-4666-a3b0-1e21cd525357} 220 "\\.\pipe\gecko-crash-server-pipe.220" 1748 1ca0822f458 gpu
4⤵
PID:760

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.1.146928741\1790902392" -parentBuildID 20221007134813 -prefsHandle 2076 -prefMapHandle 2072 -prefsLen 20969 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b94b55a-0203-4495-92eb-85e2be31afd3} 220 "\\.\pipe\gecko-crash-server-pipe.220" 2104 1ca08615e58 socket
4⤵
- Checks processor information in registry
PID:3932

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.2.210082545\1693878986" -childID 1 -isForBrowser -prefsHandle 2920 -prefMapHandle 2864 -prefsLen 21052 -prefMapSize 232675 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9ea7624-1d0c-479a-9c2b-12ac8e2beb0c} 220 "\\.\pipe\gecko-crash-server-pipe.220" 2808 1ca0b224258 tab
4⤵
PID:3748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.3.1394623334\1946653601" -childID 2 -isForBrowser -prefsHandle 3272 -prefMapHandle 3268 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27ed337b-02b7-440d-9aa4-279ea23fc3e2} 220 "\\.\pipe\gecko-crash-server-pipe.220" 2260 1ca09afb258 tab
4⤵
PID:2016

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.4.1345732976\1291352675" -childID 3 -isForBrowser -prefsHandle 3464 -prefMapHandle 3460 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a77735d3-5e24-4287-b406-7569aae80b0f} 220 "\\.\pipe\gecko-crash-server-pipe.220" 3288 1ca0a066e58 tab
4⤵
PID:4660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.5.1949320111\1590317565" -childID 4 -isForBrowser -prefsHandle 4932 -prefMapHandle 4928 -prefsLen 26702 -prefMapSize 232675 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {424e82dc-ac0c-4611-a9ff-750ff9d7e340} 220 "\\.\pipe\gecko-crash-server-pipe.220" 4940 1ca0d74af58 tab
4⤵
PID:1792

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.7.1597163157\249455947" -childID 6 -isForBrowser -prefsHandle 5136 -prefMapHandle 5140 -prefsLen 26702 -prefMapSize 232675 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {675aa356-0084-4140-a5a8-99b362ef35f6} 220 "\\.\pipe\gecko-crash-server-pipe.220" 5124 1ca08859e58 tab
4⤵
PID:1600

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.6.1876251299\1546926983" -childID 5 -isForBrowser -prefsHandle 4844 -prefMapHandle 4800 -prefsLen 26702 -prefMapSize 232675 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d423329-a26f-4fbe-93aa-a17856550ca8} 220 "\\.\pipe\gecko-crash-server-pipe.220" 4780 1ca0885c858 tab
4⤵
PID:2196

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\EditStop.wav"
2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffed3d29758,0x7ffed3d29768,0x7ffed3d29778
3⤵
PID:3200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=480 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:3228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:2
3⤵
PID:4124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:4060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:4980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:2180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4400 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:3864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:5276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:3508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5032 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3720 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4980 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3128 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:3600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3584 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:3848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5264 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:1144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:3644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5140 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:5080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5152 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:5432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2592 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3328 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:4660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2400 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:2792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4812 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:2900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5136 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:3428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5640 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:3496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4996 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2204 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:4448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4184 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:4980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4424 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1612 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:4372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5824 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:4132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:5096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5404 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:4292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5256 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5672 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:1256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4696 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=2496 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:3600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5664 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6472 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:5544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6236 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:3480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=972 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:4660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=3364 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:1328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5672 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:2700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5852 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5364 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:2160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5108 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:4100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:5728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5676 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:5064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=4432 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:4324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=5144 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=5616 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5508 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:5068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1728 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:4944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:1128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6216 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=6632 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6620 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:4744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6764 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:2616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=6840 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6796 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:3892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=6316 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:3600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=6660 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:4644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=6604 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:4836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=7028 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=6184 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=7116 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=7152 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:4104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=5760 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:3740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=7140 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=6532 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:4884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=5756 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:3500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=6552 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:2064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=6372 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:4968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=7028 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:4160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=6896 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:4984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=6668 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:3296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=6300 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5260 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:5568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5160 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6992 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:3668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6192 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:60

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5996 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:5024

C:\Users\Admin\Downloads\Senas Whare - Linkvertise Downloader_r-0kmm1.exe
"C:\Users\Admin\Downloads\Senas Whare - Linkvertise Downloader_r-0kmm1.exe"
3⤵
- Executes dropped EXE
PID:1856

C:\Users\Admin\AppData\Local\Temp\is-LBNDE.tmp\Senas Whare - Linkvertise Downloader_r-0kmm1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-LBNDE.tmp\Senas Whare - Linkvertise Downloader_r-0kmm1.tmp" /SL5="$80276,10376221,1235456,C:\Users\Admin\Downloads\Senas Whare - Linkvertise Downloader_r-0kmm1.exe"
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:4668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:2220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:3440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=6852 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:1700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=6444 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:3440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6628 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:5744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1492 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:4228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6908 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:5200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5892 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:5188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5920 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:5844

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
"C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4900

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=1c1d562e2b76ffbba00795ff3ab1415e381b3d0d --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x6a8,0x6b4,0x6bc,0x638,0x6ec,0xc2f810,0xc2f820,0xc2f830
4⤵
- Executes dropped EXE
PID:5368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=1660 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3236 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:4160

C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:iWn0uThK-V3Lh00o1UgV0kaIHTSgQc7gKjBAI2TfA0AgQjCs1wKIenQyB_D4CvK8Plsk7QhSH2B-phyX_S0DdOsMbuVzopLiCnTB3-IePbahT-BamS-AFYs5-bf2D-kcpl0NSld9SAG0em_60xp3aVbYn0WNKx_TYl5QOkmHmkaqgpMZ7FKEY0fmCZP9cPeKw2GT3ViJdrzbsjH56Mr6q6yDURDlQY64RsydPn0m4IQ+launchtime:1678655755827+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D165328547396%26placeId%3D286090429%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D4bb425da-0f27-45e1-a566-7b3a63296838%26joinAttemptOrigin%3DPlayButton+browsertrackerid:165328547396+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
3⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies registry class
PID:4864

C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=1c1d562e2b76ffbba00795ff3ab1415e381b3d0d --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x654,0x658,0x65c,0x650,0x674,0x65f810,0x65f820,0x65f830
4⤵
- Executes dropped EXE
PID:5992

C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\RobloxPlayerBeta.exe" --app -t iWn0uThK-V3Lh00o1UgV0kaIHTSgQc7gKjBAI2TfA0AgQjCs1wKIenQyB_D4CvK8Plsk7QhSH2B-phyX_S0DdOsMbuVzopLiCnTB3-IePbahT-BamS-AFYs5-bf2D-kcpl0NSld9SAG0em_60xp3aVbYn0WNKx_TYl5QOkmHmkaqgpMZ7FKEY0fmCZP9cPeKw2GT3ViJdrzbsjH56Mr6q6yDURDlQY64RsydPn0m4IQ -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=165328547396&placeId=286090429&isPlayTogetherGame=false&joinAttemptId=4bb425da-0f27-45e1-a566-7b3a63296838&joinAttemptOrigin=PlayButton -b 165328547396 --launchtime=1678655755827 --rloc en_us --gloc en_us
4⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=5764 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:2040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=6788 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1724 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:3476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6584 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:5356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=3096 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:6548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=5452 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:6512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=6576 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:7060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=5536 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:6748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:6840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3364 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:6892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=3296 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:7072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=107 --mojo-platform-channel-handle=5804 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=6552 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=4296 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=2380 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=6508 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:2296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6492 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:2928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5936 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:5264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:4732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4880 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:4128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4896 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:3356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=117 --mojo-platform-channel-handle=7100 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:5760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=118 --mojo-platform-channel-handle=5984 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:1
3⤵
PID:2352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7036 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:6496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6484 --field-trial-handle=1752,i,9108232220373377441,17999498565818930449,131072 /prefetch:8
3⤵
PID:7028

C:\Users\Admin\Downloads\krnl_beta.exe
"C:\Users\Admin\Downloads\krnl_beta.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:216

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl" -aoa -bsp1
3⤵
- Executes dropped EXE
PID:1620

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl\Community" -aoa -bsp1
3⤵
- Executes dropped EXE
PID:5652

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
"C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe"
3⤵
- Executes dropped EXE
PID:1204

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Fluxus\" -spe -an -ai#7zMap14940:74:7zEvent29851
2⤵
- Suspicious use of FindShellTrayWindow
PID:6036

C:\Users\Admin\Downloads\Fluxus\Fluxus V7.exe
"C:\Users\Admin\Downloads\Fluxus\Fluxus V7.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:1580

C:\Users\Admin\Downloads\Fluxus\Fluxus\Fluxus V7.exe
"C:\Users\Admin\Downloads\Fluxus\Fluxus\Fluxus V7.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:5448

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Senas_Whare\" -spe -an -ai#7zMap13738:84:7zEvent1472
2⤵
PID:4604

C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\Sena's Whare.exe
"C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\Sena's Whare.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2056

C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\ZeusInjector.exe
"C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\ZeusInjector.exe"
3⤵
- Executes dropped EXE
PID:5296

C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\bin\Zeus.exe
"C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\bin\Zeus.exe"
3⤵
- Executes dropped EXE
PID:1020

C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\ZeusInjector.exe
"C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\ZeusInjector.exe"
3⤵
- Executes dropped EXE
PID:3996

C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\bin\Zeus.exe
"C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\bin\Zeus.exe"
3⤵
- Executes dropped EXE
PID:3440

C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\ZeusInjector.exe
"C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\ZeusInjector.exe"
3⤵
- Executes dropped EXE
PID:5592

C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\bin\Zeus.exe
"C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\bin\Zeus.exe"
3⤵
- Executes dropped EXE
PID:1204

C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\ZeusInjector.exe
"C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\ZeusInjector.exe"
3⤵
- Executes dropped EXE
PID:2376

C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\bin\Zeus.exe
"C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\bin\Zeus.exe"
3⤵
- Executes dropped EXE
PID:4780

C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\ZeusInjector.exe
"C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\ZeusInjector.exe"
3⤵
- Executes dropped EXE
PID:5476

C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\bin\Zeus.exe
"C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\bin\Zeus.exe"
3⤵
- Executes dropped EXE
PID:5536

C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\ZeusInjector.exe
"C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\ZeusInjector.exe"
3⤵
- Executes dropped EXE
PID:5976

C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\bin\Zeus.exe
"C:\Users\Admin\Downloads\Senas_Whare\Sena's Whare\bin\Zeus.exe"
3⤵
- Executes dropped EXE
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 2484
3⤵
- Program crash
PID:8

C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\RobloxPlayerBeta.exe
\??\C:\Program Files (x86)\Roblox\Versions\version-7b56ddc3755a46c6\RobloxPlayerBeta.exe
2⤵
- Executes dropped EXE
PID:6076

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 000000000009035A /startuptips
2⤵
- Drops desktop.ini file(s)
- Checks SCSI registry key(s)
PID:4980

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 000000000006037E /startuptips
2⤵
PID:3736

C:\Users\Admin\Downloads\QuickLaunch_Minecraft_Setup.exe
"C:\Users\Admin\Downloads\QuickLaunch_Minecraft_Setup.exe"
2⤵
- Executes dropped EXE
PID:5620

C:\Users\Admin\AppData\Local\Temp\7zS4F5FC9A4\QuickLaunchInstaller.exe
.\QuickLaunchInstaller.exe --install --prod --offer_id=67 --campaignid=12683973252 --aff_id=1001 --url_id=297 --source=GSN --partner=QL210301 --search=5 --homepage=5 --theme=games --type=Minecraft --brand=QuickLaunch --browsername=QuickLaunch Browser --campaignid=12683973252 --subcampaignid=default --wcoffer=true --wcpartner=WC210525 --thankyou="https://quicklaunchapp.com/unlimited-games/install-completed.php"
3⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Modifies system certificate store
PID:1140

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\x5zsu2an.cmdline"
4⤵
PID:4952

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1903.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1902.tmp"
5⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\qltmp_149274335\QuickLaunchInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\qltmp_149274335\QuickLaunchInstaller.exe" --nanouniqueid=1678656021132 --noff --install --prod --offer_id=67 --campaignid=12683973252 --aff_id=1001 --url_id=297 --source=GSN --partner=QL210301 --search=5 --homepage=5 --theme=games --type=Minecraft --brand=QuickLaunch --browsername=QuickLaunch Browser --campaignid=12683973252 --subcampaignid=default --wcoffer=true --wcpartner=WC210525 --thankyou=https://quicklaunchapp.com/unlimited-games/install-completed.php --deltams=5568
4⤵
- Executes dropped EXE
PID:6368

C:\Users\Admin\AppData\Local\Temp\7zS0E8A2C75\QuickLaunchInstaller.exe
.\QuickLaunchInstaller.exe --nanouniqueid=1678656021132 --noff --install --prod --offer_id=67 --campaignid=12683973252 --aff_id=1001 --url_id=297 --source=GSN --partner=QL210301 --search=5 --homepage=5 --theme=games --type=Minecraft --brand=QuickLaunch --browsername=QuickLaunch Browser --campaignid=12683973252 --subcampaignid=default --wcoffer=true --wcpartner=WC210525 --thankyou=https://quicklaunchapp.com/unlimited-games/install-completed.php --deltams=5568
5⤵
- Executes dropped EXE
PID:6888

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\e7jsp8ef.cmdline"
6⤵
PID:972

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7339.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC7338.tmp"
7⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\adawareinstaller.exe
"C:\Users\Admin\AppData\Local\Temp\adawareinstaller.exe" --installerdata=C:\Users\Admin\AppData\Local\Temp\7zS0E8A2C75\Resources\master_preferences.txt
6⤵
- Executes dropped EXE
PID:5960

C:\Users\Admin\AppData\Local\Temp\CR_6EAAC.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\CR_6EAAC.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CR_6EAAC.tmp\CHROME.PACKED.7Z" --installerdata=C:\Users\Admin\AppData\Local\Temp\7zS0E8A2C75\Resources\master_preferences.txt
7⤵
- Executes dropped EXE
PID:1432

C:\Users\Admin\AppData\Local\Temp\CR_6EAAC.tmp\setup.exe
C:\Users\Admin\AppData\Local\Temp\CR_6EAAC.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\User Data\Crashpad" --annotation=plat=Win64 "--annotation=prod=quicklaunch browser" --annotation=ver=100.0.4896.75 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff61f68eb50,0x7ff61f68eb60,0x7ff61f68eb70
8⤵
- Executes dropped EXE
PID:1640

C:\Users\Admin\Downloads\QuickLaunch_Minecraft_Setup.exe
"C:\Users\Admin\Downloads\QuickLaunch_Minecraft_Setup.exe"
2⤵
- Executes dropped EXE
PID:7056

C:\Users\Admin\AppData\Local\Temp\7zS09B1C725\QuickLaunchInstaller.exe
.\QuickLaunchInstaller.exe --install --prod --offer_id=67 --campaignid=12683973252 --aff_id=1001 --url_id=297 --source=GSN --partner=QL210301 --search=5 --homepage=5 --theme=games --type=Minecraft --brand=QuickLaunch --browsername=QuickLaunch Browser --campaignid=12683973252 --subcampaignid=default --wcoffer=true --wcpartner=WC210525 --thankyou="https://quicklaunchapp.com/unlimited-games/install-completed.php"
3⤵
- Executes dropped EXE
PID:6632

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3556

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
PID:996

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp481-web.exe
"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp481-web.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5912

C:\4e0da1fa4c84c61a03bb957ad73365\Setup.exe
C:\4e0da1fa4c84c61a03bb957ad73365\\Setup.exe /x86 /x64 /web
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:6004

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:928

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3840

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1848

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3040

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5136

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:6052

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:5748

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5748 -s 1664
2⤵
- Program crash
PID:3488

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:5640

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
1⤵
PID:4108

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
1⤵
PID:2144

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:3928

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3840

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:5208

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5956

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2064 -s 1700
2⤵
- Program crash
PID:2636

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:4828

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4828 -s 1664
2⤵
- Program crash
PID:4412

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3568

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x204
1⤵
PID:2272

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- NTFS ADS
PID:2644

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:976

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5352

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:2352

C:\Windows\System32\bcastdvr.exe
"C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer
1⤵
PID:2688

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
1⤵
PID:6988

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
Filesize
2.0MB

MD5
4dcb85eabda1e00acecbb79e167b39e5

SHA1
eb3e1e090bdb55f6b3c16fc8732a4ec06feb8565

SHA256
bbd68a289156ddc9ea525e2290693ce61dad679d14970fa12d6c09ccd1fee1ec

SHA512
667d3749d450fa7f967f6d1662f6e5114fa54207f149efc0074bf851175140c25d10f1f68b9f92fb0f358a5f6f7600e5bdd3ec5e9e90f070f9b762eff02a95b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
fbab354013f22bda4e6b9b30404ff61a

SHA1
b23b36d993d4c87f3969b853e20d354a09c74c94

SHA256
ef46d0cdabc081605ce6dd5e5ffdfd4cf7e1fd0c15e0a6061009e08fbd2dcf05

SHA512
e338985644a5a4af0043c2e8a35e55017e7554559637ccedb663c6b74c75f2203d514adf483ebb5fbbc1b681a0d57fc22d4043f8c173ab1b831dd71216591439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\449ee23c-d4ec-4514-8945-8cce9f6db254.tmp
Filesize
5KB

MD5
5c7efbba14b6922c3879c0a1f8859278

SHA1
178cdd771326086cdc2ed374aecb99d967228def

SHA256
15697e9b0a2dfec61fc3ca20d04738b651cd3230ecde14d2664cb4f98f7f6b04

SHA512
765ad351a56ad49ad2ee796c0790020be3d5af8372d4b030dda2770d7d9dd5925c48791b57b9e2d755d5c6fe790530c1403941516978bba38e26a92b76c9843d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
Filesize
47KB

MD5
bb8204b36608582165b50708380e71bb

SHA1
b718705e245d95f5efadc3b39741a9a4f696496b

SHA256
0c8b2b1c039503daf4c49f6917a8d1d4d7e14b5fdd407f6731c001ad05cfc291

SHA512
c16e185ab4bb6c05a6cf7018553c5216e2f99b79542eb48bf3b49bd48e29539a5e554dde1984d2f2abe1d7ab58f96eba160aaecaad6e9d1c5a97bd50cf9ce1b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
Filesize
280KB

MD5
ce1b84f0d306f713b07eeee00da63a9a

SHA1
e846e656d653a4fdde1d654dd87e07c22956fc81

SHA256
f79494b0d2806088400b3a464cdec3dbbfff86d951fabb691c648af415e6983a

SHA512
fd1480033c305219f8f8eb552003fef5e0b150588a1f130185d9fe8c1f7cad210b64ae28fc63337c0d9545d7885ae4ca321622569826e55b93f30275127f1449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
63KB

MD5
8033fed1f312bbb913b8cf605b68a0b8

SHA1
bd19063c08b669a51b8a3b2c9601cdad9545d911

SHA256
9802c3206b624d67ebc8e6cc7ead579588fae49f9366453d5358c0903dd7589a

SHA512
629fbfce802cc13faceb5b1703142f072c6162137f32e02d514a4270589f6f74b23eb014790229c15dadbf4f7796da1ac8cc04eeea12eac203c3d10848e99984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
Filesize
37KB

MD5
d90cb261f4a509d886611473296e188e

SHA1
23551f9039c8b855b496f017c8f75b32f6e56671

SHA256
ca6c7cdd1e68e9f251fbf58e0b0ad9e883b38979e264c3cf4125f603b21c8bb4

SHA512
1cca6c9490c8f7adca7441ffea3e7445309d0c52fbaf7252e4c3c73525e00233a8173536c031747a55343bb86e96618d9c96afc6e4f8d25b0106729cca5c8031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
Filesize
67KB

MD5
2d47f5c6b062393c64c101346ec1fb95

SHA1
4bc07218854fef99102f696c552c38da8b101566

SHA256
db720a7a6877fa92b25dceb805b71ceaa5ea1b439e1fbf3b4d4a99eb46b6a563

SHA512
fcb43168367a3da652665b21e34780b7f1ab59da73f6d462d5e2e3501c9fb00537af75b1c9737e25fc0ffcf23e37133ee5a32730009b9da8269ab340a7edf81e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030
Filesize
2.3MB

MD5
120bce5f51303d34ea3635074d5d3ebf

SHA1
1bd5dc87c2788ffe578aec388cd048930613a2da

SHA256
28e904fd216f1fa26962fa9ca0be1bf2bdb1043b72fad7fd56824aa383d4a465

SHA512
f9c300ed468bb9c202658a819902a90cf4c89e9e9d56b56ea7280f0d293b83bd8ce11e28a71d0878ba4b069c3578b2595089dab8d84387299ac977acbe27237b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a
Filesize
94KB

MD5
9b6f6ec18ebd718538c6a029a454e65a

SHA1
65cdf127a5d2559388cd62ffc156d1df74123ce2

SHA256
c8fee58a216845e37617fef53792be31ca1629ceef7c6d816f320b78b17b39d5

SHA512
87a0fac245a71d6848d1ad4472bac771d6e52010b146ca817263e895e78f654bcdd0aec9ad2413dc3462f75a507e1175613d218da0b5fe2e2a75171aad305646

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044
Filesize
65KB

MD5
aa8e02a9c85c5f80837bec453632d463

SHA1
a7c3306c122450da69f1a81a6f7c7ba105912b39

SHA256
61895893e4879a06921f75d5d37d545930afb6130d16d61168aafab6c492c3da

SHA512
5f6b08ec46f544310f790f92160c72995436f90b1b30032afe8c4972888278eeec6e69b0ab68ca87789be013fe9ec7cf4b7b06daddd214bf28ee22697a0d5426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b
Filesize
1.6MB

MD5
cb35df486e62b396598edf241ada1f22

SHA1
71a5569db0f561679192a59d8f0383cdfe6b3251

SHA256
98e140ad30f7b66ccac1dc7e0caa5059153f7acf2e95624b33091b298ee659df

SHA512
8138f0988ba87c6779b11771bbcbfad4175af8568d3dee02c817b9f7f07b45a303b351516a8c73128e0c5ba486d4d55fd8624cba4064aa86180f0ac819cf59d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005c
Filesize
22KB

MD5
a34c77847d7a957a99edaf10a7deaccd

SHA1
1619cedec658842283a7a474adba2efdcb0d3598

SHA256
ebee5d0011bcd484c4e7067822a1bcac208a0d03a33fced5c6a222666df67350

SHA512
afe20d031816081eba10587141518fbce91ed5f3b44fa002a593f784603d4b2007c89713cd6d9ef3eee3ecb8b53a57ecd078826ba0fcc5d02f2b7de814dd1b7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063
Filesize
46KB

MD5
54ff2ed724f6055fd2f95b8b0c52a5f7

SHA1
8be29c50a6f491014ad920729261f87cc78ece2e

SHA256
d91288fee44f1a4761b5d15873abebb586f266dd8e6ff32dcadfdc12b58425ef

SHA512
a49ee4ad79ebdd57169db9661c504cdd6254d9cf6b3e193b2db8d1a0bf5dce71a67ca67e1c2bc5d0a9a036c00b38e7fd3dcafc633ebc44032f4d6d8c60d1ed28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000086
Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b0
Filesize
107KB

MD5
12daede73dbe5160df585b647d8becbf

SHA1
a9e0cfbd153cee8d9a0690871ad9cbaadc3367a0

SHA256
3dbce01674c2185b1a63bac0a9d0bb20fe68ecaf864fe19a76bb4c130c59f1ea

SHA512
109a7e9b427492f379e379f2cfa45fccf61afa879a02d481ad8f6cf374eefba1abce5009f6710a138938a85135d8afbbfd94905bce3ec78551f2ed409d1abb1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b2
Filesize
160KB

MD5
67145d1dd8c7201ad506c8734df41708

SHA1
9f10d87858deb8ee394d47a6268494905ee9f0c0

SHA256
e0ebeeb232953726660519b937e1cadaf1cb2461e8c044044ff2e9a481f085a0

SHA512
cbf26927e90100331eb8cb94bbf4da6ab431e7dc4919ca6068e672cb07b2d938351d502770433707e98bbc506297fa221dced4fbaf3af92d281da7d18f80c95a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d2
Filesize
48KB

MD5
ec5d553ed1c592ef6c64daaa94194358

SHA1
647f0de2ba6b511ceab755fbfb84a0cdf5d0ac6e

SHA256
47825a900e347c3ebe2ed17dba529d293ca8a3016faaad7ac8b3850df2fcf9f0

SHA512
2bd6127cb4ac72949bd136cd47b9646533e9bf224846a5cf7f3390d22b2d4c16873d12d6079e333e62a74c5e163842547cea631e12e7dd610cbfb39c908f999c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
8KB

MD5
455aa6ffbc4148e9f42bd4a4b9c69138

SHA1
1404e5aa1f4c2024c8b133b2696985c6f884c228

SHA256
e4a4f1ac93dc4aa7f99588a289cea3316f1ef08fcd20bad42be6d0ce7434c276

SHA512
707efc353af4d6007ee26830d6c100077e6fce8ae325c481be2d8bde4e7cd39ad06ea0ccda474bd6131146d77b8f15adc808adeb9fcc3bd86bafd9715e312c29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
36be5851882ec4f15cccdc1d3e0f9497

SHA1
3c3306a0e893417fdf941512bb72e8c28a3a6116

SHA256
4073a7d240deb6739e0919f59d6ea45ef4581428e0842edfd5e9064b0e64e4d3

SHA512
411a867ebecd9c678865d020be4d352bd6357a8bf2f11b22b59df424e207a4677eb3f33150b3eed7a02142e1ce019ed844db049e70037cffad883ddfe5ab20f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
5348d2b05139fb334d80d5074d015ce5

SHA1
a8062cb42459597c8d825208deb45bc659db009f

SHA256
83809f22feda5caa35ae098ae38e0bb7ac1f4e1c51670822e5559bd8dc994c85

SHA512
3aaf4f05671ca3f4f3127a381e2a70f37cb059b8496a6d786a74e396db160f1e1b0470448f7ccfec2eef4c840920d4547a9f1fea0ea5741ae1b39023c3cbbcdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
ab05ddf16b09c0f246dd2b23d8270b2d

SHA1
de8f0caf9c95e077d198719e31c81a2f39879f77

SHA256
28122387ed89bdcebdc2dfc996d3dd993ba4f8c4cde71da203e7aad3ad76bcfc

SHA512
a13363f32354a7fd4824890ce390c92741f5b86ccd6cfcb4f360bb7a5b15e6f25024aa83c0745d68ae461af4d8ac9eb6df58b8637901bbb7abb2bf59e0195f02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
ce76d8e2e65afc589e3544f5d4a3583d

SHA1
81e9ed23e4f7bf6ebb087f8a597f53d83dbb1e18

SHA256
43f2584aba27c0b52a1e155edc8687644bd87ab43572037b8a10241afba82117

SHA512
45450f738d69834957d62829123939ec9fc78a10099747cd40efabdb702d67a8df5018739c8e8fbe177c137d449dc368eede0c3d0ef136087c768ffead5deae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
Filesize
264KB

MD5
51f73568474c5fd77f70414d43868eb9

SHA1
dd5c4fd35874dd5853701c07456bde39baab735e

SHA256
5da196503ca6685372dacabfab5a6cb27d684efd74e16acbc1b2b9a182f139ff

SHA512
90f7b6e9a8c9f44e069559121c095bfa7a6a74f7714227f7bb116a4a6e11dd602d126dce1c958d6e7012c49f8560a96494d75b1db0ced3d5467cb1b279cb4e06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_googleads.g.doubleclick.net_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
19KB

MD5
f4ade2dd75e13bb99fd1ef9f3c17a508

SHA1
1cead2d51e7bd9c1b18fe088e35028bb9b91b251

SHA256
ca292597f3d138b947b6232d1093bb706d93cb6cca7b3ae168adfd8f1211fc11

SHA512
9467df765796b2dd9035066148bdbea8dbbfb0da823953860a6033f699b832fc1e6dd9d8c0292d992bb8f23881aa6a700f938dce71e694f6e90e7e5318e15fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
20KB

MD5
5552ba1ece59904247ace90fe78db9d6

SHA1
81553f5bfa78f1741222ee3bb792d9cfb47c2705

SHA256
b1dbbfe5a38935178115fb83c97b4221d248d1bcc3807c2c402352d2d1898a75

SHA512
1eea96f80cc38be39c7bf7a8021df19d30aba35070ddfed9fbe4402180eec527cc4bfef7238d4f9fe845844a9dbd861787a18e6247751f8acd67f8b3089ccdf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
10KB

MD5
c4e85b596d0a0bfe3f184b2544021aa1

SHA1
b3daf6acf8cedd1b84fe421470fcbf3cb5064f17

SHA256
30ac8763eb98dbecf39785a84137c08280ce9b608965ed9da33b685c8dcabe6b

SHA512
391c05b5563aad56d030a942acc61ccfda6cb4d2f580715d64fe048a909106011591a1037266ff24735081d95c1bf10db5eea04fb1676b2a0964d313d0551996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
8fca6dba7a44309527cf58ee9e46158f

SHA1
2688b4611633da0cfb26f3f97a0873c87b570768

SHA256
fb9862dc60ce62c3c2aee40128ea9d31f8bb2cc65f0bcf82d1217eed4a1bab64

SHA512
002e03010312f30a5bca14cfd3ed0cc6ebbcda4601b4c0dffbe2190937de232d07a87f8631d7b10c92fda5d827f07201c95e81eee203d89c4040fecad99f9149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
16KB

MD5
aea145c994c6600ae2f934bf99dc1d83

SHA1
2616d2e42727389095ad77da329d6ccabba45c02

SHA256
82a79cd9eb745df2da72eb21ae79d8a2953424bef47bcd0e4627f42268761cca

SHA512
6d3cf6f9d86b4978375111d7962df9df335498c5e34f5c65f3603365ec111728039b975540d68c2f86fd0994228e425d5406f63ae4996a3f69999b16783b8df5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
fac5e9b163950d76ea2430edf8ee8d25

SHA1
bc4dc678f4fe26299c8247b34ffce66a87863ad8

SHA256
a676c319bc2b44140e0d647c22ff01cda6cb0766e4866331a4ef51ae530be63c

SHA512
b2e32e2525bd45bcab259e62e1e9368065505cabca2a6209c96eafa78b25fc0e968c6a9f7a9d1533a0e958a74aca181e80b79cb677a7642d12b538208e29da13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
b86413b8e48d41a0c19bba0d891636e5

SHA1
3e888f702d0d124030b9b0fd667af55377cf8bf7

SHA256
bf418a81745a051dba4f14e92a6fbca7d631a341341ddf16834c32d67344bfac

SHA512
50bfc2cf612196715349f0006019c7e9662a3b127f0f57bc402da991bb1c43c810263a371dd499baa52da43ae65dae94e361a947f1333628a524fdae2613eb8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
22005b740b46b0f6820fa9620e42ac9e

SHA1
dd4dea214e259a94012b2bfbed837941312636c7

SHA256
2a0437bc0512cd868bd27d6fc615d69d034282a8ea7f8d9eef56375a8f5a1568

SHA512
b4720ffddece1daeac5bf537a2e656b626a84253108ad95549b1547377cbb568a8791605f9f04f0e3fd4e43e05528e781c5ffabdd808b36fe87a4e76824b019a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
7720ad19f59259bdb31d9b2dfb0869f1

SHA1
a383c7e2dafb9d9b06bfc1cef37776cb98ebf3ef

SHA256
b1a40716cbffa81885fc0fadeb0643ae9c14e44b88500ff7edbe7f6f01fec866

SHA512
633ccc59ac7a2d0bc4665aad5695db5f4e56b61b49aeb59d3af33aab4d1980cb2d2d15b31157126f7ead0367bac8a6b406bb77f5c24bcb6cea9831592b66d560

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
9177ebf2a2357f1c05014e5b1e91ac11

SHA1
84245037a3c35799ae11c8955c5d59eda25e8c77

SHA256
5ef9d8af115e6538b890c8a4c2a6ec9ecabd6a979663b44e5221809ba3c91328

SHA512
1d6e9571c9714f72037a0fb14a153dda711bc27dc2eec4f93bdd209e8a50ac945d462adb6474b6c8fd2439d9c1ec223cfa164c5ac01db6b3688fa2d66440c1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
fb76a85dd6baef0ec6821aef966430da

SHA1
8e60467362e122828205f324ed7d89fb2fc4343d

SHA256
178cbf18a744527d58c0f83bcbe3dc918bdd47822c734fb83f69f796b522db36

SHA512
7580d2e93b70832333a678b747c29423660c41418efd5a76058f360a396d840c9c8840e27cc51898fa9701f92027b84f6e55edd210cec786bf521a0216e873e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
9a424f5841ce25f2daf67d1a3539a9d3

SHA1
c290765694cf7cfede77b1bbfa1cfd1d6de024ef

SHA256
5593fe46ad2347e269d9b79649e366ca6b76fc08bf94748f8382d87f6faf94de

SHA512
e41a81000fbef5ad59bd1ea012e2e631ade4e29113aac927ca8474cfa42d2661db2f4ca520bc6261a1e284b03b1257f46f380ce2983f51285aa211bb4c1f028a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
e7e63fc80a6d581059b06b69409ae71a

SHA1
7e148dad4c9ec423b48578b7d1bfd002680d798e

SHA256
65a25d699b7659ef195522fea7bed4477a7c3f41c94391cea7fceaee393dca1a

SHA512
c27bb6cfe4398c732c99455b8a59bc2482babfcce9f7177b0b17f9f84b069424266ac1d85820967eb7440398b4c21d31785cc52f3d3b33352fdf61443bdb6ddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
19e97c8bf97cd3647a5e148c0a47c425

SHA1
af7173ca27f983c7e4dd34aa6861e61ce4e69ce2

SHA256
dd434f40fdd0013543ae4b00f0e7885a831d9110edd839b5d25f5e8d5fcb227c

SHA512
7858bf5551afb05c8c397c4f0ed14dca257071230e10936e84b79f9cba171bb20760739b30a8fb6c0fe4dd6ec830086db8a4dbbc92aace196188cbf6b6f2a7f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
285998b8e635fde0614454e2a551da86

SHA1
a8625a5797560ce086b7293739f587abfc7d7571

SHA256
5f48d1bc48620e92b74f6f993a0733ae55747ccb378e9c438993f4328008373d

SHA512
82a1361f8c20e1d686c6545768678e156ed83e5edd033e3c10ef4dba2a63538b3911adb04c012e5b9c9f0ea17e63b09d277ebdac1adcc974be499adb489cc36e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
63ae8fa2ec9dde6bccb4efbdea911fcb

SHA1
30fab5e1538b260a8244795bf7a9ecfd85da2067

SHA256
63b283cd901f44bca641ba840054876fe2dd392f504fc5c387e407e820c3ccd4

SHA512
e4d9bcf99dfc9ea396dc93a4dbb363dfc3f9307ceb759c302f36997772e578c56eb99b71e6e2dcde564b90c292ce3c0882141199c6b90efc8f3e34e91a1754c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
bbcaaaf493200da386b13e23b3926a13

SHA1
0e797b817911362547321a1e7dc8e3f2be949e0b

SHA256
a172b06761bba6b8119664c8ea56569c9410a5d1c55f65997a0bb23e66ab6c98

SHA512
602249e1e4d9da50681c613a54d18d830f3b1f781e60c8c0f7286f32964f0cb157e18bfe742582923d88f9ea2da7a101d24b79ed69514f7d52fc2424c8277d4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
b849c60fb0ce8f92f7704f818ef8ac4f

SHA1
b9f9c29a31b2801cef3f8929a671f1ec5c6c2f3d

SHA256
cb85c3ce956f82796af275d3f8b62dc1224b44a950e949467789adfc483c2c20

SHA512
369af9f64c6549c107a1e9d9c0db82d168cd2639514f0b8387c9411942e0ee0c6e8dee028dca777700a2a37ac67e49c6ff1db580d2e30cd4fa6608100bdcbe64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
53cd72022e21b09721d5fbfbd6db15fe

SHA1
54f0cd9f0932d98df84fb54bbd88a3b29387e18f

SHA256
92a70e53fbbcdb1377c32effa18100a28d550d25b70e36ee1c2bc71d47e3ff21

SHA512
e033df3a7ab9d85ec0b76f584a4d5d9a5e378ce7a6b60f3ac787d92c84c473a7b6c12eace57644825e8df3a39036436a5f4a3eb7deae81fee85e31df49e633c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
ce16c07d28e820bc3d113b3c9b704739

SHA1
5b0bbe2983e567cebd340c2056975a0c11839765

SHA256
5c05e27864d6e16359f3f1d92f30773d7d46d13b9be572928e981fbd081a7cca

SHA512
44931dec988699a6b306199db9899a7c1c9119fc0eebca9c083048800c1b3f30be3bddb19f8d412b29637abf752d5f12cd28701b8cacc73a2a3445472ec82d7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
eb07140878dfb7b47b6f3f446081f986

SHA1
484cc7964a54123b17d425722d4658fb38ca2cde

SHA256
e6c2df3a1ec51d63718349ed65c6f38c629fbf2c2f3fe8c97507f29e7e3e5fac

SHA512
4562c561e5604df7b779cf1230013c1c30faeed4906cc9a2409f6d4c922a6295b7a277293d28b3108b63bc22e02b24991c935147f36e76453cce6903536f2688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
4cd9b42596a17553c218dcdad8ab0b11

SHA1
c6cc96fca33fda44871bbf862583cc8d5a50f509

SHA256
891c6c5500ca782a56cec0695cc52c1cb2b815c5a3299e1683dc6029bb4b3ae7

SHA512
ed5905689ae5da0f23baa58f858363d4cce1962089567c83b4e24a82c758764f5ef06aaa7d66d4a70cc315d7bf9c09c76e62583b1cd1c9c9794ef8fc2cf2352d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
41a3fd5bc20057a3b73bf6fdac47575b

SHA1
2834d18384ac9d193981ceedfce74032e73a6e93

SHA256
3b2dda5820cd1d367f31cfc35d1b9b685de228beb0dfd1f94066ddd8574339a1

SHA512
4c3777fd68d88bc61a20e56f49f303861c4a6631b572ee73ed91f562065a6e6311b3bf3cdac48d9ce71f207b76e7b05e68cc72a2ea8940415d3a4a63b42b1427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
3296cc00503deb48b78aea0f9e3b286e

SHA1
a45c998758a4aad8ddb258d4645a8c5447241931

SHA256
0e5c639c6cfdc28509eedea9abd041d158e56ccd7aaf3bfdd456960c94657d92

SHA512
1fca723312e64e841b2bfcd866065bc1f738a3c56f9d4c2aeca4997c46851085ba9235a9a3b2f14a63f2a86222062d681fbcc22fc07f833c688aa8ce2e4ad702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
1c61cae72a32a22611a24c70f7c5a471

SHA1
89c49520eaac440c294a2ddfde48af62894c13c6

SHA256
2c7ddf20e987a767d844f53f953009f51634bfc151a5a527ef4385b580e02d64

SHA512
bbbc8f1e26e194d322c30d12530f742d37ea43559b071e6200f70a246e144f87af3702ca9bbc443b66e2ec7608443f4d2ca2d215d871369aa7bb3b91250e102c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
066d0c4ba80031088964a09d0c30f7c2

SHA1
6b97a0f431c28ededdc1484367a91a51ca3ca3ff

SHA256
aa00757d78937cf81eba90cef523a5f462c114912d04168bb5431506f91ef1c3

SHA512
f9c7aa8b771803dbdcbb4611c1522aeed5c386219007cdcaceb4f83722334badd114bedb29f80121e9b903abf8c4a621d33f249a02cfb30e8c13fa9f2035b128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
e7150dd53898123b8b2d57117e55ca50

SHA1
bebbd7e8ca61b4b5468f0454e741626611e63efa

SHA256
4662dda9d4f5564775f2b5d569d22badf0e79b824791036fa3219fe34fa8b584

SHA512
bdf908976fcc41a32c4eb0d436b9632054304d04a33e3d62859f2560cb97899552cd47ee7068c269f726bfc8fb495fcfe87f810fc58a28fad5e0147107489fc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
be7797cbef41b43baae078c0820c8157

SHA1
f10b419c66ff268656476fdd4e6051bd512e76f9

SHA256
13fd701494e0989369f04847ee0d9e979d595b07400035528b8670aca19a148b

SHA512
24e7ed0cb38c7257d150648eefd6fc9ecf89d40d4917cb53ef5362f094368055fba6c9241a9cf57c11d963ff49a462e4101e62502089644ff7ca7f43b828d8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
50b330a7afebefddf44692a9432a4c66

SHA1
d5664e3b73f66c99422c879899cbbbf21d27b0ea

SHA256
10aca41a03a180a290c1de374bddcc5c90da52af19b41ed1bc01d0b0e1e90bc6

SHA512
752e812509daf9709da55747ff0418a520420e90166898dfbde54b9bf45e2838f0b9c76cd9a4a8a96b8401e01a034e367dbfa2d2c3841d44d0758da14e494b5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
769050dad1c1c8a910d9a3b66013d0ee

SHA1
6019b21ef72c48018eae3e11b845e58b153a197d

SHA256
8bfd99e5208159c7e3a46f1812a812f4fb5945c148574363ed6837107bdb08d3

SHA512
b1f3a4d220c5b4d9aa3b4a7372c5517ba29c3c5bd67a95798c33857354621367151c9ddc547ae49cb73fe19b6cc4069be4d174bc95abe52f1d2530450858a79f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
4d4d1d64f32c9d01db28638122d035c8

SHA1
e931efce8bbc1a23b902d4c272b770a1ff60bae2

SHA256
f596e8f2e820f09228666f932f519637a507fb77d07925574f7059c6f977e4cd

SHA512
871e63d621711355f8e428f035b4b9ac1a4fa77e3a8d8447df54d32ab77a28b72be3328373b4f9f63dc2f536ba9b45d82468fb71e3cb9e4c1fcf71a521724452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
db6122f9fba686442c4b8925272c45ca

SHA1
18327037b9079e9675ea90bbebd2c3615bdf0921

SHA256
f9e954969f5a89f11a49c948a7039540f9b616ae6c21843ef0edb99cc9f25b6f

SHA512
b4c85e004414b5e749d05f6144bed9d8f53ce17cb36d74aa1a266b440d93d6e6da23313881ab47efa35184bd69b1a3f41148e89284ea8334f7882f7049bdc555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
90c1a5b89c8a5104697f929d7b6a2ae4

SHA1
f9659c3573fe0638d1d4427cbff5a6fcabb62500

SHA256
ffd26ee4072a7fbfdc278d0c3d47b0aafc6f7cbfdd34150407e08a0e7b894f47

SHA512
53d3ad73f4972fce2d0d3ceff20fd8dc76f6805f4fcce3b40029a74cfce8afd35acb11840da77c7eb7f7dfe24f799e871fa6c3a7e6941938e0f54c97787e713b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
ee6fca6dfc1d5d53a03077d802c0397c

SHA1
90d8b8cef65dc666cfc1e9affd0ac88b83f9e592

SHA256
d40b35e464a5d70fbebb5bdb69faec82d252bec3da567cde6c78961fa9824e96

SHA512
e6381d5e442e034230e8b4037e1f40c7ae92a5091a51a3c965da973ee34ee50b01b3cd1de6f916c2f16d65d345121c91d160d96452c0bc1d76b263c02093e057

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
2813cbd203d9cb13222be9e10869d122

SHA1
3cbd679a5b2eed8922eac0554beccf7a2b192fa2

SHA256
0210529073920208dbb47640422e4d1a5c81588787074972d5ae963144b09c0b

SHA512
081f1dc96fe2a0eaca16dd6f6c2128afad78b5775817b77dfefea73742c5efaae0fa28b959e43bca248ce26e0665d64e0a8c53d2ae40fa1ae135b06c264d55ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
8b9a2ef040b0d54a0ca95b0d40d61cda

SHA1
f3f2bf62a1bd83bfecfff6041122efdb7ef70297

SHA256
76bede64ff8524343d9371b6b46035abd8f308ff779d8eb6659e32bf09037648

SHA512
a79108aa345ef5eacc9361698ba6777305b83114d7c1d11a864dce488369031ea3c77810ab7ca94dd8bc625b22c4f2d2f8e572396f129690480ac0e9eaa44405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
717fee9f305c96d6b8f608af0d656cae

SHA1
9560ece503ebe498acb78258d8d4188845487de4

SHA256
bea3cdb40a497fca6f8158510b2602ef7f70cb5d0d676d6c189392bcce4c7340

SHA512
29b588809c5db14643176d769ec4329121cfd4c3b5d19958824111a7e7ea58c9351351662fbd5c71633ada3febdd55abc7e914d3837c3f0bc58ab320e11fb1c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
75f1e5f731a45a90cb0624a7b14ee608

SHA1
050c1b159c0d2862f1269c7e6a00bdc7a8be47ee

SHA256
6f62ae37c388eb1d6b59c3564bfe84ab4cfaddd504a3214dd51db467984fb2bc

SHA512
22b50e0a59f4c6381dd05c308c4a69f30f4b19b7e3e6b4194114a043a5d3edb2c62fdf80f7347804ca8fedec83a9432a410f1fbcc2a9cde21be2a40663aff5cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
ed8981a496c40200a8bca0575d776053

SHA1
3d09c961dac419c6f31a231cd1bfa81055c36811

SHA256
12ab8ec3ba5ca86652729868d3bf6948e2f5ba9de4028cf55b97caf4338d32fe

SHA512
5bfdb72f056955a2d9790e42b0b30590773f9bcb4f07236b5b3e876ff4d3307c0e3668022c96437ba4eb4291fef8c59134cc87aaf23d8014746d169ab7ec1153

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
a5ec5b5b4da165dca5fa06dd679f47e3

SHA1
4b1d6b7af190e725dbc85509111be8c195082afa

SHA256
c855dd1e14c6b8910446645069ee2f9a27a3548ebfd8a5ad5c4bba4d73977576

SHA512
328180b47896c24fea4858f21c4ab8995f6b1613844d3240d19d9f8a7c6a01550366a22b546392184a886617c69d044364bbddd844b5209c2a6ef726bd6b4db0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
43fdf1a8e7c25663d19f504676969440

SHA1
6d151186d2d3f5b3d326d00c49e91fa3d21fbb9b

SHA256
5bed99d6f85b97c171f81cd1090f5a3460ad5f51f9c9d41a3ed8353b32aedaf7

SHA512
d134a63b37c8b6b83b00a8d3d827e82772783a80486a6f53d82a169272a4a1af998aab5c506738813989405a31a92e85944ecec82d0f73af3ef412b6911a2632

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
fb287031b0882d6ec59e3e62a7940510

SHA1
50f5e71205f8e8a10b53cd27997101ce9765325c

SHA256
590bf667d17e4fe21aa3f0c0acc95fac1093d4ae09bd46a131f9b6cdbcd3197f

SHA512
7f9434416fc163ed7857c92115c842fa1dcfeaac6e2d47f295fab673517afefee5150e744a13e22cc0b21e36fcddf7e1c79a4148eadc5d537d1e398546c5113b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
e310ccddb7e78dc8f9ddf492744217cc

SHA1
079554e6f39bab4ca297073db6365eabb3fd3f61

SHA256
005cc52616bb4667ba2976a7f17a23b9b3f8e4cdcb946c4ee0cb33696cd90768

SHA512
dd930cfda4998d830d23ec2e3e38a56494e76c6008b80655e3905ee87c7a60d5394c99d23027b1c7ed3d46d69713ce3ee38c4574b5aab21a693c98e4b22ab147

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
f57618f352decf73669f494d9a31d4d8

SHA1
715199a25cb440f395cc0bfa3ac9da9424c929ba

SHA256
f13f9c09f3ee6f7fc66a8e92658d6d1699d1003e49d47ad0315a61bfe7c62014

SHA512
8377eaf0721053e030c3638ebcc3d681c531bdb0f8aa784df640c072580b415188354efaf9e89f04be6b257e669118db6a186ad34487cbabd792722bdb7e9bfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f07fe936f97075c4dd6b31df83cf776f

SHA1
ed878445cf18013fe91b1ff818bad03d1877e1dd

SHA256
f30b03ceb3864d1c8a9da62c6810406c6e88fd25ede38c7c4edd321c36e05f95

SHA512
b2cc46b2ee4a9bbce7ca5662591727d653fcc8f24d0a4f98172807383f8241fe754bd762f0fc395b4a12c8b1029b1ed2861b663ac30b388ca1ef9fa7cf9ba183

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
d215b08fb9bff51dc9b9217f49400c31

SHA1
faaf3236f54e7d5cc42030d6bae4dcb29d9c6b1e

SHA256
3b87ec52d8dbfb5d55d2f9e58143ff07fd08d6697abde1c35517cece95b1c03b

SHA512
fc5d3b31620b0c7efe6319bc283845fd01cd02d473cc63343fefad976268278bbb8c0f9f276a4a67c297d581361a9257c9adc437eae6ababbb0ecfee3782a06d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a0a158ceb48e3e625f200c8df6cf966d

SHA1
e5a5006e93a21a8e7f39acad16bd72fe0bac7f33

SHA256
8eb75ae9a31fc4dcf7ad38fd4e122c5162edcad276abc0e61b439ae1661ff2a3

SHA512
9fbe1b207e471fb984063caf845a29150ae468f6e5fb5b5414ae0fd2a72364349a1afd9cf1e679f792981efe7a307a760d35f32ddd77e886a8ae87e9f6ddae55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
0a2c3f507755b0c821b073645324e89e

SHA1
769e9c74dd0576470762ee8761567ad7250bdbf8

SHA256
9762129b879e885584eb4bc1e06f3397011be00344e04214a0ab64f19d75def6

SHA512
906cfb60b883712e85f37fef5a92dbf0cb026eb5f4aa135a1bcd6b8131799b9bbe8540ca15148e7fba227a148cbf89150b188b6634bbc92cb310f1bb4a4120fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
8b9337edd5c5c035d571dd46efccadb7

SHA1
8dde5dc91b4b0b5a95786c5d8b1c260a14ce5d36

SHA256
86ae2cb70609633de2cfe39cbaea5a82ed7a18e1bf015408a55bac0e7b9882dd

SHA512
7c89b3eaacca3b5f976dc05af1cf14d002c2530a46f106d7aa28b1c78a5436b66018d60e7073b0bd205436a34efc68d050323bf99974436ed8ac08f5363379ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
8191a452919b24f72f5f6a468d198f91

SHA1
5a2f312c57addce9ac672f1253b8b2400de1d3a7

SHA256
ed9bd3fb71f57317da2800e69c006f99a1266c0db86c087b4108b6a6df170ad8

SHA512
b44af348c6a7a125fb1e6926e9d0954ea4ed2c39d50626350a7c260eaca9ee5fa4649e91ad5e59eaaa904b11753902a0bb0d6be33240278e1096ed788028e59a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
e7884c2d4b3905e6a52ca6ec343cd627

SHA1
ba6a439c940f24472b557f73116a18f27255b4b4

SHA256
a69df8c8492c63cddcf76f8dbb9f07b3b3e8cc1299f5f2a57a72356a34851ecf

SHA512
32cc275a79014fc9b5cfec82e37c893ac3994ed7c02deda4d945b4898d5b56ff83d48b4e3d2e8258f4bd8714de2be5dcf546cdcb050cddf6c4d308ebd6bec375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
be677d187b8c4249655b858ceb76af54

SHA1
d175d0bef1e628d962933f91c4a6a857e1193b75

SHA256
eb5538b22c5216593b33485ed92e2665322921e0aa1fcfd88e5caa31071cfd10

SHA512
32aeb1730ca3abdfb605be13823b799450a8dc523597b827ddd75f411b15febb8472e0aba7bf9471ac9b3abcebfe7f0bef7edff71266ad2a65de0ef0bbc09a34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e14f026da0704495a95a5c3361cd2980

SHA1
d734404c427f46a22620526c4b5ef4e8f242808e

SHA256
01bfc3ad33c87fea02a4ed2cd8f2b0f9fac9d282e1084422bbba93a8a74e1e48

SHA512
d66b907b7b85f81531ff43252deed851715f15479412023fe5339626b4962db678399d1650e274a810843daa0c1115706fdf13af82e481f1ad536f93f4852867

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
6733e17acd89868b41db0c6c232548be

SHA1
1d0b54314388dc1f647f429c7d2c610f0e11df0a

SHA256
3e2238c3a868aa43eae073c7bb166c6e6d2969342b90c5c50026ec2c6cf209d0

SHA512
dcd6dd14c49a4354c67dfe45c03529f7eeb02d570c5b7ac54548785f0c513f3af2deb6c32b01abfc64741f2843f3a53f950c273914f4185706cf0f13d4b8254a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f5d25700850772ee82119dea84a8874e

SHA1
c91642da3402e5a47e4ed2d120c9a5beac0c2f1e

SHA256
49ce5af5a5d1bfc85d3ce762f57d60e99e08ad2aaad335217050791f5c7dac2a

SHA512
3693c4f5f442e7fff8e9e0765c2d858128a766b5a945f75380ab366e72e34c3853c0843c713447bfa40be8cf0857b0a0dea9bff64c1517196005a386e6037818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
a2e2ca3528cab277d5930cd1411a2c15

SHA1
dab912d8ae62dfa4ba401d65c20234dc3d282e19

SHA256
061f503a4e5683eaf41afb493bcda4d7cfbb065d5580c57fb15f5e09eff574cb

SHA512
07dacea90da0c8324430e6f226ce69e89e3a0d8d7a8acced2fbe4b3a3d3c2bf049ebf4b27f7e3fc8d7c6d02df4d417bd9d203b3133298930bd8d8d5835da86e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
efe98d01614f27cb5910f9c1f4982ebb

SHA1
dcb4678be08866c249c3b65acd9e3ea66cf855d2

SHA256
0a0874f9bfe0688953c0a5e9188e7c1053d54af9283a251bbce9938567cc4bf5

SHA512
4c00a6534e23b04fa33e9dc88b52a7a98b334792f57036bf09c153b76d00dce66b38636eba5257bf4e23fa6246cb2d1af15ecbb3b6cabe2ea04bc52be1ffb9ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
6f2eb7820726de74de14c939412565eb

SHA1
40fc3ac4011fcc886f9b30e03dae65adc6ca4da9

SHA256
a6247d4d3cf41c62534beb15120a85c0781f346439d088015a4446e686b9c819

SHA512
aec3920f7ca128ff75dd331966069314d4871405347c541a5ce8b68f0862ed5a4237b99e81f94004cdf01d30daa96a086a86319c5de9f100bf70f6322cef1801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
3aaa2b57ec32249fe41c6d588f39ea7b

SHA1
71579594aeb937806d4f4d8e6bb8f0cee91a007f

SHA256
f23ae55691d513964142585dead18931d1cb672ef0870c61e7a24be8aac45234

SHA512
0b2d40744fee09b6094968f46e5985ef245ab0d5cda5258f39de18529224dd9fdff30d63f3455a6eef23a831e2bdb8d77657be3eba4ff20613c374889c86b7f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\754b3e20-f867-4e52-8841-91cd7b7e7f53\1b09fc554e51876f_0
Filesize
401KB

MD5
f7d9e237abf688f03f3beb5fea2dacc5

SHA1
a9f03eb69de80b63ff97b3d8de9878be2b1eb6fa

SHA256
c286d26fc25f659bf83a2f0647768e939e2a4efcb89416847741e8b17848699b

SHA512
e74baeb6469e05228c3533facfff55985fafe6496eb805893576541670aa7f6e92ec7f7b941f3d4639ab1920063de22ce8c2a6281e90a01ce7ffa6a172616f75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\754b3e20-f867-4e52-8841-91cd7b7e7f53\aff12cf500ef7bf7_0
Filesize
116KB

MD5
90c31dfa25b7bedae969be83b45ddf1f

SHA1
2c714d1f119377621aa716cb23fbfd56041677e4

SHA256
f24fc5e566ac12f02128318cc9a27a1814465ca21ee4ea46ea8a18e723749382

SHA512
a2c7d4e7c0963e384165daf727f0fa3a249ad62ce838d5b8ae8f0896470eed1e91b7973700265cbbfc18d0f16e3355c58e8a0dc51a7ff11c59b35cbe28fb6165

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\754b3e20-f867-4e52-8841-91cd7b7e7f53\aff12cf500ef7bf7_1
Filesize
261KB

MD5
32a72871b4541b23cd2d66f5a97fedcf

SHA1
1d87a96461eefc1a6922ecc199a6b594b2251465

SHA256
38b82bc72c753b0eb12d7c736167278097afc2c87fa7ad186be4cf085de3cb84

SHA512
3ee76c5a7533510a6739b6e618d3ce0e3602d882e627bee84ef98cfcf6c5622ec1c6f6d660044f0b399f4cd541d66928ddb36b972bdb7f39a9511b5c11e4a359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\754b3e20-f867-4e52-8841-91cd7b7e7f53\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\754b3e20-f867-4e52-8841-91cd7b7e7f53\index-dir\the-real-index
Filesize
624B

MD5
e5e541d76b4fcc4711c20093201e6eca

SHA1
2cab027fc6e8ac961d0f6b710504f97593312d6a

SHA256
05a5bdc0826495abf6f4c5f320cd606e29034aefbcdd638ad554cde8e8a86173

SHA512
b6cdaf2e22f30cb8acee5aa91ecfd86c08449513e4d0fbd6798e3a32e300135395f0fc46a3843891c5aee75230718a11235377a8ed10e79a3ace98737912d22d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\754b3e20-f867-4e52-8841-91cd7b7e7f53\index-dir\the-real-index~RFe5cdd09.TMP
Filesize
48B

MD5
04b36d49848b623107c0f2cb11616278

SHA1
833f903b059a2e8c912391b10b527b6be038c0cc

SHA256
af5e6439e48975e37e230573cfa54e528a0a1b39d3da2d888462ea3d7d7d6102

SHA512
f7fda719559454cd61f281decdd4932371c2964812ff12902297a279181116bbbfcd180bba9c4125b73d181ccdbcf778770591d6d68d9eef0da4ae6fb9bd27f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
189B

MD5
5f59001a1cc6c669fc1e8854adebc19a

SHA1
7b88df62f9110fc0446902c3c42fef2b7527e8a1

SHA256
429e771b8cd228c47f729c34513b7f9c4c1f5d3b2456e5739c2b406d76c9ef9b

SHA512
534e7a0f8f3a4d82e20d5d51e3c47a9688807831df345acfe760aa3e3c1a5eec54295ee5734b525f1c47cd82e6d09d974de829256f652b27f262a3ed693567e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
189B

MD5
1509f5b3fd2673ad46d235020cf72e33

SHA1
2e9b1151558d8b1cd8130c0b8cff28522dd91c8c

SHA256
0fe4727c0336a89e28f01a2805a7d8b06973e9e2b439e503d4320d49819a2752

SHA512
554ba56da99552b979960507a57d0278a8f13fc8085d0a00418a66374595a33a75c9d08bbde7a8e40704f60beac159780baefe73190f9b9a82b2215c2548b0dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
b6f48def1ad0dc727f479ce8ffec8a6b

SHA1
488a3d7c23f20d7c90d9cd3010d31836d67b4028

SHA256
88b9c140ca5cdbc682401e0cd009ef606ef17510c596d69c12b629f720543aec

SHA512
ff657c31fa12c36894ac6002bbc33c3263739b9727aa255687ff9299087d47b2a6b390cd0bb6ce588b992c245e497f5e9178de97bec3c72a2d696160dd9f3a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
129B

MD5
48e0f549e98d97a6411d96cae0f93aea

SHA1
d53411a7e1663e0a5370351a05a7b1e902107d59

SHA256
d95b83f77d0379a17ed5f0392ad7e5e7384b9db0160b2c26aca95ddac617e668

SHA512
16dcafa69dce75dec8c57cc4b5fed43ad084c7f47a70634c7806a6324160d419c8800a2b8a12bbfe3b0775d2812152b0dfe1c9861caddd60f378db606f598c31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
189B

MD5
ceddac54e912a23f4710e23384cfba3a

SHA1
4dca71818c7956752417458150027e796353f843

SHA256
0d627797fb3dea038d7b7532febea03fb9d5ac64666229f8c4dd8af03b1ad994

SHA512
8ca0e77977e717d8811b76c83f975bc5d88f0044b9e8860644fb92e0eda8321832a12d0b46c335e40dcb6a03d3d8ccc50131e8b73a9ad8a48a12a0d254f87600

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
125B

MD5
62aca50c764f5fef3dededdf06c9b211

SHA1
6a4e9469ee069c21078c54693981a8a823debad0

SHA256
98825ba0a8ace8bb9e1e6e84b4719ef63e997d52ff25c31d8ba98182f4065608

SHA512
e62a925c336809d3f35422813384bf9747778095575148344809cc8b3a06c2bf58e48a17e38555db8fd8e82667a81eb4f07c563fea9fa648076dea8de9699b8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5c8034.TMP
Filesize
120B

MD5
9663f7b04e9797f1aaa27d10dac35f0f

SHA1
288da222f41d2458d5ae17ac73baa8d9fb77b0d3

SHA256
9fa99948e4088da5f259b335eb9cf341218421cbe5fac2093f911ad614521982

SHA512
65b0b72b1dcc5c2f86c72db2f5f9a5b76f91904ff34da6c0cf4c26cdc2293a1bd56507cb96c0c4ff4f78db1e98d2eab2500b76c3069c3e1eacc791c7644cdbb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
Filesize
14KB

MD5
e58894ba112b55abebfae9e8f93c8b53

SHA1
8a38174f06890bb2dc2e44149122ae0b8b5f1b5a

SHA256
e15137734dc1036c8ffa444576177cfd8905bf0d3264a138f1ae41e5d222ae8b

SHA512
dcf2288a000b7ba258dd63f3267b904f51e5ede17fd0d5177ddad4a0dc669f8476b9e681a1f0dcc7e461e975a4006a8ac8d710b3a4f75ac31b03bd8b38533e00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
Filesize
7KB

MD5
f53929f82cc62aa9f090c7f47405fa05

SHA1
0a1f766466e5708b09ba7739f06d4db98ee4de03

SHA256
264bd0c44f7946ccc440bb2b6a745e7d249cb44c950f7aae1e2d1de7a7d941dc

SHA512
c1397f32959608b80b8e515708e2199c76dbb41a68ea70bee549fcdefbd445f60d8726fb727895c4425f9ed9cb914cc4bc5a201075d415efa6d4b05404c46932

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0
Filesize
136KB

MD5
17a136aaa298c67ce2a6dd0f3356a6ff

SHA1
ec2c63baa63c91ebb54d045e471573b7acf28504

SHA256
0b3d877018d42c316074ac2d1566d8a570ac8a7a0d7a0af5f58b6ae23de1b615

SHA512
479b834b1f9bbbecdb3241e13bd909957ba2b0ce30063b6dbc46e4bf0c6fbf6c2343c750304c075cfc8615c1cb48e96c8da910a2bc5cc460a7e3c7054e4324f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1
Filesize
334KB

MD5
845867d5bf2e8f84a6bf1f2cb07e452a

SHA1
b79d54d15b777eeccc59145d3ab58f96da7f25c8

SHA256
bb977e8dd327145b9c6c234febf3a5b867849bf70414f76e814e31692e190ede

SHA512
4e92f2826880fab0c84685c4ff719d451415f55c8d1a7174e5c653437d2e06a4a6a69eb9800033297895d96963918b2f06fb2c8b8126b33ac7630a8fe47803ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
120B

MD5
75a9e9844d2fa6332f0d1cee133c61ea

SHA1
01a2e1baf466ffea6ba52c8a6fa4ba91fb0effed

SHA256
0dd0add748c1b8bb394a948bfaeded1fa6c7ce6b7a433c9f5529cd3bbc4054a1

SHA512
70e7bd4601487fae940a5c2c6549f6fd0e4b347cd60eb7433b5f7e030185cf81a7dbfb7238563fd6e4fbb3fcebc3338acce4f0d226691961e2b25a50c807388b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
9f65a851c5aeaf99ab3de015fea76a9f

SHA1
b55c221933e1666ccb07242a009466d9f515948e

SHA256
cec091b0ab36a13c2f84be4ca9b4e6e3580a51efc6b8821cd65800817a5efe35

SHA512
d67133750adc10e959169a08ab1bd8e35ccad2802002af81e19b47f9075220b7ef1f4dc76b70e95eab2d4882e7daccbc5aaa3eb9d4428c895823bce7a18ab048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b1fe8.TMP
Filesize
48B

MD5
8ce261bdbcdce185127b3c7abcaef903

SHA1
c56367af2985f803abc0f9148c587bc375afbdbc

SHA256
e514c78afa9ab9bac1345cf1a65ea3a33335b8b7a4e8950aed3041013b50973f

SHA512
2a041d9f43c48d386dcc4d614ad8664ab03f567423a50e1636c61a1ff2d6e5111edaff8e5008dc8093c7516f050d1859c4d749dc4e0cd2c0a64f8b0ab7fe90b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
e82cbcb4b07ab466d6b8a0de46f5de2f

SHA1
851703910980600d7c947f3f33875ab60afeb1a6

SHA256
3d2e52c4ce0b79a6d58f149c621efd0602c02bfcd1ba898991557365a7451ae6

SHA512
8d20ea4b83747450862fb73e3897bc983bbe035b3c231ad1f8a87cde1588d2354bcec97d95ff81876581e28dc7af1edce79f808cfac2f97a6435181e021ca605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
b25c859d00b80866e9de49f2a7177786

SHA1
7c70137968f793d962286656f31087a83df753fb

SHA256
855899d1c3e4d7ef6c1b861cc1a1defcd2df4394b62be19db76c2534a31929f3

SHA512
4b0dad20de653d66aa35c693b134bbaef1fdd832e2910097c33e087382ce8fe27eca37a0dac95bcd6e9371d75323c11ae201f18a2d742e29a25161dd65d6e23a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
eac424833677f532f650ff9deb04c92d

SHA1
b867c58afa923bc821e33d544fcc632f56c65b9b

SHA256
99ef483380e2891ed39541db385693a63fcde59647200e3359f6271206cc3a20

SHA512
2563e49836d738876b9c03ce4ef1401314fa3fbe3a5c4cadf497a042b164b86099e25bc77748e4f17ebc45e7444614d809d32d2e8dcda50f092f5ac7275ebc4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
d379ca9f72f0cae4ec7a109e563213cc

SHA1
6a0421aab4d74ff7bac41353ab334c7dec73641c

SHA256
57d5eaffc188889f8b25df601b828d4f866141d1d80f79736db56dae3afec034

SHA512
a5bddd6159411305624c9a7d1aa207f3c52fff85046f52ec71714156c54972818f47ce9dffe72755bf33bb58bc6de2aab542ba26371c795eec844d90928842c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
83da414c5e7b30e4b83eb0dae8588000

SHA1
738841d48f5832eac4c9c56ec10a3788ad2ad6ce

SHA256
f9b7186a6030d7697bc8bf8386fed5d50286d55627148a00d67e40eee65c055d

SHA512
c78fd5e4f63ce3920fe3e3f826d9e8479d613a86a909bab4cfe7db3d404edb872120968f1b4c22eaa3885de547f661444128dbed550b38fd6c06401cea388b5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
1c7ffa53988e81ddcc676afcad4dc147

SHA1
e899a2ac6ada6ba58a17e406c4458a8d4cd9f25b

SHA256
06a9b84032788e2694355e3c27626382ef0bd76a3b9de16023a5e0c88c0898e5

SHA512
b42f3657b730acb9c468a09fab85b0a5c3a6e045ab7d6909c77b1e199112951837f6ad760e9f591153165f6bd9c2036a33c854a44de9ebcc029cc43854e6b506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
7f4a0c3253576c7ef38e4927ce748865

SHA1
e4a9d7f22b314bc4804191053c841102e722011d

SHA256
e52288b3273f511314e496917ee47cc37234c8f358519cf8287e9ca0fa7b4053

SHA512
a5ff5966d9a9422272f61fb8b443ce03e7c2ad60745a0266c31195280f4e13c83771729baa21d08025b0fb9752e7fd73938b1f17f082ad7ef9b3e7b536eee81a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
fb292097e371384b91e6fbc1a3d39db4

SHA1
e332e130bb413194d43259e665b58af0743851cd

SHA256
5f0318b7a71654a2335b96e1787c0d5871e0f4dfbfdec3d7e25de6e3a1b909de

SHA512
7d35fdf9da21bbb0bf0ba5b53f79fc6e7178ecf2c19d5bd85b1e018c2caee9d4db0c6bfc0c124d9b4e3591c398a70eb659a8e1a69a6ac41b9e6fbd32c4e50b15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
fe472d7ad8472fe827a7f8905dddc5e3

SHA1
5de358cf4cfa988ac6bcba665ba92e00091c3245

SHA256
0e21b03f35ad8b2cc6ffc3eba07b1eac1746841f8a723fbb03ce5409bb0372ea

SHA512
83d2830aecd763ac1819d7f5aa2b092d47cd61f97decc559db36231ba21b319232b7c2a555aee14225ebf58a0e18d7fea83d2202be0818be9f6a8eff2f57c3af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
0a32addfa628145cdefabaa383a79213

SHA1
907ee7b7c60149557be88ad162ffd0e04d12db5e

SHA256
f1daaacc1e76025987b23ade0fb4e521e0349553238703161dc9f471cf3b781e

SHA512
cd6f38d44d04ef25804fd64be0c7494815cc0ca8720b66fa16805edee542617fc06a87c967ed934fe403fe7ebc34f10d5fa914425d76a56525abdff07717e70b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
2dcb4ba0bb52688ad1dfaeb3238e0507

SHA1
7ac60cf8c9718c76e27db68c21db6de460b68671

SHA256
ef6c4f134670defd5b98994638bf668f9c98edecec349c62940d69a9fe705295

SHA512
7ad4a5ceb2d32b9f8b5a741c97d3664515ac17e803502d371daca765c838b367018b82021feef2c88e390604846ad0e31060efe8448d166a235ff47d8802148f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
1ac356bfb56e6d71cae59f2578951eda

SHA1
01ce58f6fd5deb32dc13913737dfd7710299af88

SHA256
b09546d2ea3361b72dd7855a46078e9ea5fca1e70065da507b2eaeb8dec71247

SHA512
3ec3f47ddb6a102e9de0aed9292df39a327bf14593a914be9b55f29f67c90c01195c278d0f84d089a745281a322d308c65f5a1d931dd68e1b793254073ba893c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
4f65b259db8b6e8263adaa3e3d000c45

SHA1
1990679731faed71fd4a61fc1f47545ec44228ba

SHA256
407b50bc01aec31dff741e0143dcbe9b59bbcd770ac1e40c4f7bc20343e9adc9

SHA512
073800625902fdee156987028bfcbd46ef3e4324e39a36f03e3f7fb692b760b67294bc71f3d4ad01429418c9d7215d051a9473b684cb455a220b977dfbc14365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
b72a973cf055495d17b7ea34aef4eb88

SHA1
b4fcc003f07814194f14379f81a6d490e850ce42

SHA256
66af1317dd3547586e7dd3891a8c5872ec98407075eb593d54f66b5f71d8f1d3

SHA512
5d07394c2b3bd7106076300ac06e27ace2ec7775c408464121955454c40b00fc8e9f0b48ca46c6d2b83660c63c3ea0c28d61df690be595aabd6eb87ea8486313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
120KB

MD5
99e73a1c2da6ef7baad72471310397b3

SHA1
99b929a22d1515b4906e30fded4e27d5c3d0d7d5

SHA256
a4e1d512da237fa3cb5ac202c747e79fbabc2dba8aa2f88342a048d88ec6ef41

SHA512
47e8f3bac861cbcdd3813fecbb45579b9317616ebfe2a2bb939ff517d722d92ad12c7b0dfd299f216bf9f94ecc68b8dc850ea478067f7398d2245e8f2296686f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
113KB

MD5
1a54a9d639387ac74803cb4fce9d3f86

SHA1
3f72596c1abb2d23684793f41fcf647d29d3590e

SHA256
18ac59a9d86584172e1f5a253db9045e715fc2e0acb58fa791191e31e73c5777

SHA512
5d92a0e89d6dddf2c0f60f3a5318043ad372b72e75d1ff5ea7f4f5addebcd66957c95d833b66248fcf19e0ae10a1b1aa7fe6a2891619e1dbe094aec0fbdc8dd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
116KB

MD5
bc69a5696c83c5ba7b256be725e861f4

SHA1
66e4c8508c1897b5df5d55ff3e984142360d5290

SHA256
452008b4b9bde3e1a2991a070e281d1c41a7bf504b8275ca2dd476b7c8013fa0

SHA512
d1bbf24174ec44a2b8fc7cf611f5c82c1b34356444954cbf18e19a4e3a9f06c7b8dc02a5934a9bc407ca3f15833c7252a544097681fbd024d04579d20319266b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
102KB

MD5
ba4a1e50673a58b7f38ad1e2925eda4b

SHA1
754065eb345ba5439b464b6e52246f912f853957

SHA256
b8212839fa51c3914f003a690d9870906bc322cc8ee1cbdc9ae0b0db65e1e76a

SHA512
554239b637a7d6fc724ebeb5890028cc8ca23b8f2e9b1384c30e14b3aa5469de8a4c356833431ee461fcc9d50902db98f2789c01e14c5ab9e3ad6336af50ca45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
105KB

MD5
0b5f725547e3a5f4197dccfcc9f66f08

SHA1
c7f2592d2565a3f660d1034dd60a2fe1e4596ace

SHA256
801e4cc45c88713943737fac52cc0a771a90e6ce697509aa5292063958649426

SHA512
5263de6cc51384fc6df64631b948b64cb77692d70eab597573f124ccd89b613c7898492da11a6328c4140bec18ab6961479ba9deac4a637bf2c171126fa1785f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
107KB

MD5
31acbef43743273dee9d29f947eea6c5

SHA1
4dd0d224ba231e8ab7c7140ddfb96723bfb38080

SHA256
182d819dde5973e0426b8557728a4f87ade096fad6c14e742b684c4661d3751c

SHA512
00b0629e41637f185502d55f00ed325b91bdb87f9219a2ed8951f025f5dee236cfacd858820c459dd63d1aae0efbeb52c18c464e037f9a77b24fb5e8fc3c53e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
118KB

MD5
cde44c99692ce49c12b9d1fad1e55531

SHA1
c433cad7abbf66e3e57c13756f5db1d7310c5ce2

SHA256
2bf6643fd87f2ce7f94c27d7279af812a01db4537c03c659dd457b3c743564ee

SHA512
e0255c3a83f2869caf0146751738049f21aaa09f63a872ef6266e059fd1881e04195b4136ca3649dbc39d3f5595b051b72a34b0ea63e80b46b4c16b993c9ac84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
112KB

MD5
0cf7edb0fffa97fada970d5ea1494db4

SHA1
0fe25c847e938e5447924eaaa12f4ff76dcc49ee

SHA256
6f84593829ff2aef8d781232d845a4ab7ff3d8b34b6bb96d88282a4dd51c2489

SHA512
4a025cf55785c69dee9b81620ced00282a3334b0501b471af92ca13a39ff5b1bceeee133a08e0c691adf4ffcb7c2098c883b9841314c25e173150f71aa3c2c4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a16f4.TMP
Filesize
94KB

MD5
e0117b34e910d5dc311c935f5f49530f

SHA1
a713c148082dfd64c2a28453ce800d1a786fdafe

SHA256
75df3a1d86bedebcfe11968b61f93f44f8fd845a33b6716074019c61cc768274

SHA512
c6043d4655360271e0429e6b3b16d0c89ce4868d0d3b67a3593ee5e7094f275bf33a5068a9e41178ceb49e7026366bb442289bfc771ce56a370f7673b39f90a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6RO0PN6W\WindowsPlayer[1].json
Filesize
119B

MD5
4d97f0a252462876a77020f383f89095

SHA1
e518d6008945d34d420d219c02d260d99d138941

SHA256
f54594af7853726c5491706cdb16d7e34f354d7f56a03ead58d562bf69563da2

SHA512
ec5d636dbe37276677f9341aa23a6470cdc7126643f78ba886318a7c233ea48c0c560fcd3d7e90c10babcc62cb57a076bb4948667c407c240e22034add28655a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6RO0PN6W\edgecompatviewlist[1].xml
Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPF1FF4.tmp
Filesize
503B

MD5
d835884373f4d6c8f24742ceabe74946

SHA1
20002faf28adfd94ca98cf6ced46f14334b53684

SHA256
9b5936f4006146e4e1e9025b474c02863c0b5614132ad40db4b925a10e8bfbb9

SHA512
f7cbb374bb33e07c89ab322543a335d7f15f192cc607867d6c468caa66a9c462a76fa687d7e77fad6127e94ddccd8c20a056b85378d74841cac0c2b687092fcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPF22EF.tmp
Filesize
279KB

MD5
eeecfd25aa59329d9b5b9245b7554307

SHA1
c33fc4d1c1209f3e34247d2f80c5d429207cfda7

SHA256
db478625bd620fcc1ecf6bade434d173fe7742e9e3b1b04f536325e2ccb46f76

SHA512
3773fd89904baf801b52cc5b99aa727a72f07051ce74b63117ddde01976f905390e641501bf7efbaa55fa2d8accc33877b60b31c8394065479c05f740e41400c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\activity-stream.discovery_stream.json.tmp
Filesize
145KB

MD5
7d5c63dddb6976a3c519c2ae03d5721f

SHA1
debfd56420f296b803741759ecb859fdc9b79d69

SHA256
e07462e95c2a865e1c695029b2e69a130a00951ea9d402f11b97d1612b4e4ef8

SHA512
8f5dffc8fbb7461e8d524d03c46faccb88361d2d455e49270605db93630df5ba1b887b940ac6376af9abbfe6cbcafc57388edf71e9683b3b642b2f24e73a9d62

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FOWAORPF\Senas_Whare[1].zip
Filesize
39.2MB

MD5
adb3a21d38455951797f0ff1ceff6d00

SHA1
d5ea3d7d1c79cbec11e94dfa991f49be51e5eef9

SHA256
75d4e0346489c9ca341cd1fe7078120a8db0b67ae9ae3461dfbbe19fefb10f3d

SHA512
eded426a57ffe22ec9b263d14c69007e043f30d1c79c8016f2642c433ff8bcac6f41c6673078209d9d844a81f257eff5e6c151b8c067aba17b8f5cbee7d5d958

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FOWAORPF\ndp481-web[1].exe
Filesize
1.4MB

MD5
0f774e364b59d81f9396b075da92c10e

SHA1
8b5c78682e0fcc358dc37a24a8ad8e46847db1fd

SHA256
c46aa513b122786e133064af1b8d59293bcdedead298c6087f17d03a2ed096c5

SHA512
ab60a1f72a66d7cea5c85650d5b6fa182a88a5014549c1b94114b445b91e22af51e9fbf2693c967c7a7bca1a93f75a8b7673e371ec9037344bf095752b9bc214

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\TSO4D64J\dotnet.microsoft[1].xml
Filesize
1KB

MD5
e6b1c2106c91db77a45cdde09b6f6644

SHA1
1fe084174f96b89dbfb33044d685d3bd998f70d5

SHA256
010b9a3efa2a11893a3bc5a00d8dbc3ba28c01a0f017510d0727fcf009efea3c

SHA512
2913fcb5eef636fc2903731be9fc2b1361323eccd40ff2c6bffed1419dc7b1c2e9cf9742844d62d16e59d1138b61bd79f4c0c32acd07b2ef164dff739a34b897

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\TSO4D64J\dotnet.microsoft[1].xml
Filesize
768B

MD5
c87f1b6a5f92c4a1474191d3f230f3a8

SHA1
3f6d244c52cacb8b20242ae5c01aaa8030a41e77

SHA256
5d94aaa1ce4c9e1c4dc9047f1784ec5346653c1c65c91ec3472fb3fdb5144ffb

SHA512
d44c5ceaba94200a929116aafeaa70666ebd164dd94d126b06ffd791a3f63aefcf038882f3f8252d71d52d8663af7e70b11c8a77ba00e1f6b2a50c1985c1cdfa

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\TSO4D64J\dotnet.microsoft[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\TSO4D64J\dotnet.microsoft[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\TSO4D64J\dotnet.microsoft[1].xml
Filesize
691B

MD5
04590ac712673e5d19c5f3dee109dee6

SHA1
69156e7667276938a100a297ec66d11bce526152

SHA256
d5223c8ad106662d868855a8241bfda214730f8ee28f9f576dab6598ad7b9b06

SHA512
1ca40970a019cf7291cf7f4da0260eb59d6b15e155fa9082505bf45ac097f7662188a302827850b7cdd24aed7f59315cd5001ede6db1c60ea7899ef4f1d30d8a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\HMSF7DS6\favicon[1].ico
Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\R1NE57MT\Ico_esquina[1].png
Filesize
1KB

MD5
7af8fd88e7c773b40fc08f7c9406d990

SHA1
612e720ce99a404ad0c8c5881f18505b21404dc3

SHA256
3cd80b8a1629ef2af05b9a3431e15fc7313703e644e79432708a7c9f33e7c64e

SHA512
94bb924acbad29824da4d001394e399f3b4997a957fed9d39ba1940df3ecbd4e5c8088635cc551490a114f9fe67241fdfb7da846502cb1b69f49655134c0f1d2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
Filesize
512KB

MD5
0c23858f4eca211162f2f5e7c5ef1266

SHA1
1453083a3a940282fe0af0a44c632d5c68793ff5

SHA256
099cbbdc7fb109b2e3a7f9aeccc286bf47e10f1ab954f9be784e596044642a16

SHA512
219a4ab62d0b6de2f173a28d36e2499ddbf8a43afb30dafb84b9da8072bdb924088560bc65eb10c9812268acfd8a3b3b74acc74dab5faf47e7db76e8590980d2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\x7u62y8\imagestore.dat
Filesize
17KB

MD5
5f5f61d0adf6d7bc1ce2cec7bb2d71c6

SHA1
23798bbb0db3f7d7d5c8353667a05b58c0a58614

SHA256
ceb685f8c2b44c49fca49db5c63b628db24b87d4817dfd545ed59f966190157c

SHA512
a8a18792c2ffd10e12456b1cf6e439e8c79f495623deecbd63d2c186d387e3d7af64111908d2e77940d07a5c70d8e7f79f401ef9f14a6ac5d5c800d537c96832

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\Windows\3720402701\2219095117.pri
Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\63LMR0YA\alert-info[1].svg
Filesize
726B

MD5
c7db49644f6bf1f50b3190ffba0516ed

SHA1
5bb312a0b6357ccb7e93158ac0f97b4e249e4696

SHA256
2d891fb5984d5f421055da7f5d7e4be525df4c973fdc4366057bc9dfd82ce281

SHA512
9b7f127443d517223a2a2cf6131a777f56aae3cd21dbcc1e87d847a0ad42e8c05a7f13347fec6d4df0582d486a57a9dc0d8121e6ca38371549f53e396cf6463a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\63LMR0YA\at-config.1.4.1[1].js
Filesize
5KB

MD5
72dcd95e1872e4e7dd4debd9363a3f23

SHA1
73e8f9c4dd8812ebc9c54abed3e50b68f21ad7e3

SHA256
d83130d74d82a31e8a653378f0051d57ef560bd85406c85404c0f7bd9801b0bf

SHA512
12c49158f980c09b5cf39becea6506126c9077639991607c6066a9906d5be39eff6d8b4c844ab3dd398d17131f5e00638e52ad7e6a272ca38ea6f2e41efe00a3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\63LMR0YA\ms.analytics-web-3.min[1].js
Filesize
136KB

MD5
6a5b990f8696eb7a67ecfe6b5b3cab0b

SHA1
108bbd600f0237e62112db3969c6f02be0a1c7cb

SHA256
8a13eda4650628c3b24edd6b407cfedf1821188701430545bc17ccf7fe0083ac

SHA512
ceabc9380d2e4166dca101fa8e7ad7fa7b176182a04294b41584c7c3a93c28510c2fa7633e40c0959c7f39382a6b0706f10c6ff87068c96e2f5b15f1353f6856

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\63LMR0YA\open-sans-v34-latin-600[1].woff2
Filesize
16KB

MD5
603c99275486a11982874425a0bc0dd1

SHA1
ffeb62d105d2893d323574407b459fbae8cc90a6

SHA256
4ffc35ac4d5e3f1546a4c1a879f425f090ff3336e0fce31a39ae4973b5e8c127

SHA512
662dc53798ccda65ee972a1bb52959ca5f4c45066c1d500c2476c50ec537cb90a42d474d7dde2bec1ea8c312cc4a46e1d91ffb610130c2dc7914b65aef8a2615

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\63LMR0YA\open-sans-v34-latin-regular[1].woff2
Filesize
16KB

MD5
e43b535855a4ae53bd5b07a6eeb3bf67

SHA1
6507312d9491156036316484bf8dc41e8b52ddd9

SHA256
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

SHA512
955a4c3ea5df9d2255defc2c40555ac62eeafcc81f6fa688ba5e11a252b3ed59b4275e3e9a72c3f58e66be3a4d0e9952638932fa29eb9075463537910a8e0ce6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\63LMR0YA\wcp-consent[1].js
Filesize
51KB

MD5
413fcc759cc19821b61b6941808b29b5

SHA1
1ad23b8a202043539c20681b1b3e9f3bc5d55133

SHA256
daf7759fedd9af6c4d7e374b0d056547ae7cb245ec24a1c4acf02932f30dc536

SHA512
e9bf8a74fef494990aafd15a0f21e0398dc28b4939c8f9f8aa1f3ffbd18056c8d1ab282b081f5c56f0928c48e30e768f7e347929304b55547f9ca8c1aabd80b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FOWAORPF\ai.2.min[1].js
Filesize
118KB

MD5
8783a27f51204a804c5bfb96bc481b6b

SHA1
c50d7bbbcc3f69798a387a68fec4fc65f80ab763

SHA256
04c0e76669750440eedbda5b14314f0c3f3f28fb7f6dc719c95ef606af8f8ca6

SHA512
3f0a6976265346eb2734c8763884955befaed66b77264aac9e8656edeb932a12b62d2a6effd65928d8fa58018e1630a4d08c6ee2623d7bca29ba85cd54551f0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FOWAORPF\at[1].js
Filesize
102KB

MD5
6b56d2bd5139bc5c00f412cd917a3bac

SHA1
7ebb960a86d15ba09b075265c6c098b9cdafc624

SHA256
cd976ec1ad0e64056080f75bd5bb81cc61b544c8f535ca2ca630a7f4aa5fda5b

SHA512
e716effb9d5b6bd49394e972d7307da7068bb03d536b975e03781c3ac9425117cc27e6a24a7aaf71e56f59341dce179184c88c3d4533fae99379a1c1a9e9f222

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FOWAORPF\bootstrap-custom.min[1].css
Filesize
230KB

MD5
16335268dced275f7835c0d517c796e1

SHA1
0d4a1a56ad98c4b4b01ca9b7e588209fe87e7249

SHA256
696afad1ce7654d5bdf749422fe56e3b985a6eafd1348932619859e7ce504760

SHA512
6244612be0287295c48d733bf210223dd5b79707e372b966d1f2d3c006f3ad375184f0ea38d4a67ab937e12477920292c10bbfc5ebf5b8942b7744ed8ae06c61

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FOWAORPF\culture-selector.min[1].js
Filesize
308B

MD5
4147b3bfb0a145eec758f0cb7292cefb

SHA1
8e02467706ce768bc9e68fea2a8d01b49513d631

SHA256
8f6f064a7a80641e434afc35b14fd8a01acda68f2ac01097e7dbbf0623edeb20

SHA512
49a661a2009c172df348aa83b2342f5cfdeea58026710bf139f847c1d9e6728b20a865bb81a980492186b7dd210ed1202c01a38757edfe77a4efa4945cd82477

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FOWAORPF\ndp481-web[1].exe
Filesize
32KB

MD5
31ece8f8856abd47e33f408b54d6f4b5

SHA1
7b03b156e50058474c140290f74621b9842cff06

SHA256
a370bb342fa4547d89fd038143a91e27fcf2e8d330826e64e036ef5b2dc3fac1

SHA512
74f60279ac0b828431b3c5045e73ac0d3f2ffd7d8ee80c57ae4e6f918ae25b17d73ddf2595c5bed577ac375558053009727f349062464b62492f7a51e17f1554

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FOWAORPF\open-sans-v34-latin-700[1].woff2
Filesize
15KB

MD5
e45478d4d6f15dafda1f25d9e0fb5fa1

SHA1
52cb490cd0ee4442ede034085cda9652b206f91c

SHA256
d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72

SHA512
2ac423249ec837efa35b29705f55a326dee83f727e867269b86005cce144ca8d435f7412bb0bc9babdb9ae17419e4a0314b2923bee6a5acc96c9909e9eb48645

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FOWAORPF\space-grotesk-v12-latin-700[1].woff2
Filesize
11KB

MD5
514360ed1b78e71aabe58ecd08f36706

SHA1
1062c179ea2f74b5db67f9d7822c556ed25637dd

SHA256
751851e72654508ca07678c61bdacd91b772d725f531dd8a6f62e6f941e11ecc

SHA512
1827c1a0189570e775bdcd07657e720e0bb27c2157ff46307cba551eaa16822645e388321081eb13cae7f4d024038b5279cff897a4c86c0ecd4428e60a5dac5e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PZJF5B03\RE1Mu3b[1].png
Filesize
3KB

MD5
9f14c20150a003d7ce4de57c298f0fba

SHA1
daa53cf17cc45878a1b153f3c3bf47dc9669d78f

SHA256
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

SHA512
d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PZJF5B03\alert-promo[1].svg
Filesize
1KB

MD5
b119b49f7f799d680e0ade981c8c36e1

SHA1
b2134ee3d8a4669c4b93225c0b987be0c78b6e6e

SHA256
2dc041b9b132cef3af67e03ba98fa1b72a9e877699e7a1f4277e00556c78ada4

SHA512
c68439e082f0979de042cb8e6ca5fcf08f1debf62133272a8580334867b9a3309a023441ca315b604ab6867ea3b9efa8e8185067e288fd2c46e65a8eaafe2a86

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PZJF5B03\analytics.min[1].js
Filesize
892B

MD5
b4a1847f1be996c08716d3b97456d657

SHA1
49113ee2989496eb1858a45ffaa319863d8ccd69

SHA256
8a80172a7d4c7c65ad596f52ecc105d61c0b2b60368277fb4729767f54fec06a

SHA512
b0e4ab27c1db23cbcd13bda3bf488293985d76de6c4f51b2be140c7ca8562a0b8280360b2e628a097f7e5fe94508759aca5bec037a1b3d7a73d2d7d16fb63b93

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PZJF5B03\cda-tracker.min[1].js
Filesize
798B

MD5
a3827d5909344f41d270fc8475f7733c

SHA1
bb6cb83e4d2080ee02ea366699f487c7362d4934

SHA256
bcb1104af4aea1ba4be65f0e9669e2f5382df316635226ade340f6dc15f2866a

SHA512
5cbb021d1f0bf0b13583b966ed5bba971b770d3331f062beb2fd75b0d2d380c10bf62db64167f3e3b94f6f5bc05cb160e7d5dae8a5d85d99ed75181040764d18

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PZJF5B03\main.min[1].js
Filesize
31KB

MD5
b9b13a437cdee66d01ab9cb18d85d3e0

SHA1
6614ec983dc34b78eda8a8e3ada837a503541a92

SHA256
0d56c5660f9a5afc4b544798551201d14c6d222b658bb1bb0e3f40ca04cb7bb9

SHA512
987cc6da7ac9e739b70572464917b464c0f90b3ba795133d852d7eddea3de89db8e880a3fc05745f1f964e5770d7ab9736f50d241e3577705c80ecf088fc888d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PZJF5B03\override[1].css
Filesize
1KB

MD5
a570448f8e33150f5737b9a57b6d889a

SHA1
860949a95b7598b394aa255fe06f530c3da24e4e

SHA256
0bd288d5397a69ead391875b422bf2cbdcc4f795d64aa2f780aff45768d78248

SHA512
217f971a8012de8fe170b4a20821a52fa198447fa582b82cf221f4d73e902c7e3aa1022cb0b209b6679c2eae0f10469a149f510a6c2132c987f46214b1e2bbbc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XI7GG3W5\74-888e54[1].css
Filesize
167KB

MD5
ba0d5ea1fac178bc129be5c94eebc013

SHA1
cdf9036d0a2cc4b57a278e48bce971e708e39aee

SHA256
cf186f15996f1f201512c3576307588ecbf1e4d62daa72aa678b8222d6c652f8

SHA512
a31ed800df0244da91ef08d8e2b262d8b9899ec5f64218e6a233ac9f178df15e642aa7476aa87c1f18228a64507850e2974025b77f7071c2e821d50e3c3ca08e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XI7GG3W5\a2-598841[1].js
Filesize
134KB

MD5
2cc02dc1fb567abe4b05d266eb06d922

SHA1
6dcbdeb8033539e29ca4d11975bee63bfabbfdad

SHA256
14bc892aff22a1998743df7de326750231ec0592917c70c5a9e5478fea456409

SHA512
769ec7d320b0b5ebfe2affc562078f0de8c21a6157af32f50f577327d37c43fa7b121d09cbd2bf27471c4356e90b1d96b10b73aa31410532f3fc46255d28a315

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XI7GG3W5\clarity[1].js
Filesize
55KB

MD5
33101fda12196769c5173acf6c98a7f6

SHA1
b9a477f778e5856be2b0d692f60266e8249fc6bd

SHA256
99b523edd72385876c466fc061393829b08dec3aa544963373b22a08fb97784f

SHA512
a3b7a93c579daa179d3e7c0ffbe37ffcd703a7d21a19b797dd94df469b66c411d1b6e9bf995e5c5114980f011ff780c21d40e0374399dfa382c597747b62071e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XI7GG3W5\cookie-consent.min[1].js
Filesize
986B

MD5
276fadd25103db9ea780c1ab25dd42c8

SHA1
54483dc13e60306f87a0e4a4b16b47ffac51e097

SHA256
c9cb2eed50644985e9f73a6897d05d94b80b8c317ea3bb5524c28a16683a63f5

SHA512
174919bc2b37c379531819d3b2fea5097181b600b68b746afb8c52131db2bc05ac6d6c97821fe35f1c4018fb2b2982dcc1d542c568ed3bf0cff71e32b9408eca

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XI7GG3W5\dotnet-framework-runtime[1].svg
Filesize
42KB

MD5
5aaa8c37cd59979b920cd21c4a50a38d

SHA1
0ee61e3b2d58513b92cf4c6b5114c1beb55539e7

SHA256
db6c6f42e1d56092fb2c3d317968077cb29435139274faefbf4ab7681955bec6

SHA512
0fb4c45db9f29963fce195e79b4e9963e57a50ef0fcab74466d6034834e0099f1f344a8569973d4c1ece05d9b70b5938b42ead4fabaa08de7d24c911df28c235

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XI7GG3W5\general.min[1].js
Filesize
174KB

MD5
0a51551c9a5fe36e372fc39eb9bf0b3a

SHA1
6c76d69df786828afad990a0144b5d27d56e7863

SHA256
124fceae66250916650ffa507fc9c2773714f98580b7110f98d20103cd983794

SHA512
7c1e3542d04731f54ccb0888fd3b30c39e97e01e0980508bee856cf4725aad04e987a629ef23d95b8c264216f1b825c1c58920e34b79800bdcc22e761b85e388

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XI7GG3W5\mwfmdl2-v3.54[1].woff
Filesize
25KB

MD5
d0263dc03be4c393a90bda733c57d6db

SHA1
8a032b6deab53a33234c735133b48518f8643b92

SHA256
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

SHA512
9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\10BOVQCH.cookie
Filesize
595B

MD5
3302167c87cf1a9d52ade54bb2055c0e

SHA1
97a96988f006686964f6dbc77f6396b2064ec833

SHA256
a776753e655f13a2d85fd2a1fde8d29954c984849379fbc00652ca0e9c73c71a

SHA512
e40a00e9b62dfb9b8cf8405ce439035875e16e2d9191bf6fe6f2080411fe7661860b86dc698497f3985a37c43c845b5ef00b3292788983322cff71ff3bbf0254

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1OC3K1LX.cookie
Filesize
563B

MD5
fb48a18cd9285143d5c155cb7a551f0c

SHA1
f0ad7edc1155a24c25745f7b09807ded0efe052e

SHA256
e2da001a7e9cf2ca99425211cb5adef539d5294815d0b80afa0185d4cacb6d20

SHA512
1cb4501bafdff0500dc6752864cdfd3bfa62faf23aa75ecb3be76f872ff15dd6ef4ccd421dca10fa4c103cf8fd475959800d8c9eafa461cf58a717001c340a67

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BQUX880W.cookie
Filesize
71B

MD5
f565a81a23e2c10aaf2186835ee18818

SHA1
a2e19a949eb97c03866e31bb1bf14c1a4625b0f1

SHA256
23517c5126b05821816d41ce46ec8a8e50815bf5508e7f2fcc4626bf2fd778c1

SHA512
49b69405249dead1c290defbe3d0d22995bd810f5dd3bc319e866c5f3365ab23828022137d7b7766126c3331465911ed9585e2aa05bd1c1d8d724fde2936693c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\NEWPGX3X.cookie
Filesize
392B

MD5
f9864eae0fac67f1cf6d8c15b158d7e7

SHA1
79ec5e37c925035610273a9db79fef7ecbbe3da8

SHA256
4b815cd568a5e1536bf36145032b9c2664e6d58736fd7aa0e8780bc8f40d6132

SHA512
07f6ac7a602670ce03def5312071ac0e1b9bd07d93cdbe94cfa615c902400d63b14b6ab1bf9b17afa81715977b50692df7f5dd219ea6e681ebf60f1fea855457

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QUCS29MW.cookie
Filesize
478B

MD5
e5d5c34b51ffe1059f0346c488bc7e41

SHA1
1c1108d0978d2ba66b0e0d47c252274df5021f80

SHA256
5e8981bf32314c7827a82b36035ab2ec99f586b32391a1d6be36faf17fdcd72c

SHA512
1435d4c289356243d3803fb87ed05c0757e65fd46dac2b27a574e5d79b6e7fdd8c3a29e41ca5a29549b9adb21c14802f8aee72026042b2b0af72b42f5a19703c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\TSO4D64J\dotnet.microsoft[1].xml
Filesize
691B

MD5
04590ac712673e5d19c5f3dee109dee6

SHA1
69156e7667276938a100a297ec66d11bce526152

SHA256
d5223c8ad106662d868855a8241bfda214730f8ee28f9f576dab6598ad7b9b06

SHA512
1ca40970a019cf7291cf7f4da0260eb59d6b15e155fa9082505bf45ac097f7662188a302827850b7cdd24aed7f59315cd5001ede6db1c60ea7899ef4f1d30d8a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\TSO4D64J\dotnet.microsoft[1].xml
Filesize
691B

MD5
04590ac712673e5d19c5f3dee109dee6

SHA1
69156e7667276938a100a297ec66d11bce526152

SHA256
d5223c8ad106662d868855a8241bfda214730f8ee28f9f576dab6598ad7b9b06

SHA512
1ca40970a019cf7291cf7f4da0260eb59d6b15e155fa9082505bf45ac097f7662188a302827850b7cdd24aed7f59315cd5001ede6db1c60ea7899ef4f1d30d8a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\TSO4D64J\dotnet.microsoft[1].xml
Filesize
767B

MD5
fb09871b4e67f49f05e1d15bc69fafa6

SHA1
323828c9ee69ec44e12b2a3215de0020e56ad040

SHA256
4be34936bfeb71247126041d26f8ece607f2492ea77e909637638cdd0ce46f60

SHA512
14c747161e1058d2e1e6e1728e9f45e3083f1bcbf40c82988aa6416e90cef1053adc6d6928a6978526710083b53c1ad5f6704f9a6e5be34e4de1e844fad65f94

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
Filesize
1KB

MD5
5983dd84df580c90fb779f3f026c2ca3

SHA1
58bff718da1381dc63e577e81bf97efa8bd333d8

SHA256
4de73d25e1ad3f44c7abd14bc960b8a103a242e70852fed060a1a6f821d5fa3b

SHA512
c690950bb89923a14cec0189b341071da7ff3b070ab6dddeee5f294b158d5cc7979dd0bd912dcef2792fa7db4e8921bb4883abcae09a328f1a6e781de56b5a07

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_AD319D6DA1A11BC83AC8B4E4D3638231
Filesize
1KB

MD5
e1cd9db2550f0ff4c900492b4e380dd6

SHA1
b07137b06eaffb307e33811b56510e042569f564

SHA256
17b5ec9ec93020fcf5263c3b65faa99b505705e0dc5097005911967d09ac8a87

SHA512
4f5e346412c8d68bab9dba5cecbf74e07a6b8ef4f47dbf0de944a44b4fefb40202ee54a207b36244387685fad478bfe499dc0e96ede101842305f994f4d058fb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
Filesize
471B

MD5
f9133e17eab7a8bfa9e88154274bd9da

SHA1
8dfc8e02be8f6c3cabb467dd0a6dab67129c7183

SHA256
b3ed017f19eaaaf5e6470fe065441bb6a30476e0501dafa7cf8e510c41d16232

SHA512
140b1c9d20c8bf4daad8049de0bda4b4765177eda0ee15d86dca73b6d038000d65471871562ed4224e2ce3232264d49001b36cb6c09d3969cea4954707fc44f2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868
Filesize
471B

MD5
93f44562f4e125bc9e42a54fd07cccff

SHA1
5e7ea2554f634e303cbffc832bb03a6b05b65518

SHA256
ed722089fe4112c53fafdf60f84d776c8ce539c1e4c335a9e08cb5e44b7169dc

SHA512
9b470d507027b043c7e5878d4afbfcd791e3cc2985ae6c8f2bbb75f1f7a6776f815e24c50bac309d097e94676aff14b3ba0c19eef812fafb3ebeb0abd9c62273

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
Filesize
471B

MD5
5db150e8590118db2f70f8395a554d90

SHA1
91a1d6176e6a7e3050823df49a94bcf815967a7e

SHA256
7a9d6a2dacfa6189d4bb972bfc788ea2bb76fff20f5b23ba3e027442d6dba1a9

SHA512
5554960f9a7ca6b5543118194eb944b08c87f5586f329c824f9e631af0cce180060d71129b44b8359ea097f3cd54c9d80f906ad51a0c533d24f404e09266d2f9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize
471B

MD5
81ff9ad963b4c5b402eafa77ab1b3bab

SHA1
ed05b54219bc9ddeac0042ec1bfd689f9bdffbd6

SHA256
d64e5cccd7ea4a378a63d3fc857893fa10bc7325c6a8488b61f45fcf9c46dd2a

SHA512
5f50420648968905d63f531fed93ba71a3220e1102bc0e6e17171b0bf665cecda65f976c226a9d5b3140010cdcca6dc6ee9e0934b813dbacc31bfb07f3fd1f36

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B363E346B43755F918E68AC3AA10D686_6D5DC573178B0888E38E901B96F4F561
Filesize
1KB

MD5
7e6ebfbf3fa007787067dedad45ece47

SHA1
1719a5b0d660b72b316d348e2429b15e8696bd91

SHA256
5bd9984e2689b9cf1930a3b1133784425da6fc0c628b52c84430ecebf0266c4b

SHA512
ec170a492690981f4418f105978279db18465685b456afe57bde7afafeeb26647faaeaf322b1113850845c79c067b27c8e92fe0f24a5d6c36d08ce53dac7940b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
471B

MD5
d9655b37970681a6e8aa53b18f20d2ec

SHA1
76aeeffaf14648035482fe1d70d5382f5b26374c

SHA256
35873020cb1a03b6acff18ff63dbead87f1a11c26088b2e7c001c8fb8007ce61

SHA512
4b1c91068cc93de84c0d4ea76191fa9df7589c6f67210bb8e250b7fba98fa8fc3a613f55973349ec68a84b41745c3c7f94c80f78c27f0e11845518d0cb7084e1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_EAB4AEE2EA70916CD4B93BC9BD3B283A
Filesize
471B

MD5
13948993c2c3c876ba4dd385df10d599

SHA1
4dd694a6b395c87adb465a65a308ab7cfcecd3a7

SHA256
b3afe19a93cdb988d4fc790a415c7dbfc260207ddf0f2251c2c162a2510e81c8

SHA512
c551ee8dd45e7dd85dc0594946a5d47ad16442ce3fd8a9e56fb04c2bbc80cacc030ed75aa69b004b90d5aa9089f839bfeed8e15fe5ba0ba7c37c6ee52c308696

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
Filesize
416B

MD5
c42022bfdb8d318c18153dbcc47c981f

SHA1
a1fbe9fa6325417fcebf2543abb82de6f72c411a

SHA256
23758d4c7c8b4b4fd36c9adf05949b3476d0fd37a1863e1f8faf22d69b62673c

SHA512
535b719f193058ae8cceadd0ef49db3ceccc8b631c0dc14d4564cfe2b2f66fce9768f1e7ef7d8a49040786e5b327ae988ac0e2dc5dfe92c811a5aeb5fbb2ef1a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_AD319D6DA1A11BC83AC8B4E4D3638231
Filesize
434B

MD5
da0b5ec61e8f44f052786c6f634dbb80

SHA1
f5ab9cac803c5bfbc8d7f48c0cc4e542e02ded81

SHA256
7fea802a41e89673a844a001d95a42fe6e1b22f8fb9dd7afadf6eea639ad7306

SHA512
c1183a6634321ebee41cfa30c7269cd3520bae01566b5152f846708622bceb3f8aa03f987a93116a56e935e94cb6f06575fa90566047d610738f3a3459e9d0f9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
Filesize
442B

MD5
4ff612238e00d533d3133a85eebf3930

SHA1
6e82e1e053b8604b15758e5635bb8ad4bf523195

SHA256
85f0c18ec987e87e561cb9be15bd80ba8602d2e017314efbf4d03bb34bac27ff

SHA512
7f81694f571f19b8215205748b35d75fbb71de81fca0b0e4e29bfaeab8fd87f3805fcd28822de3486bd228100f2d3447039af74c486f1158b95929c6964b88ab

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868
Filesize
412B

MD5
bc7abf469d1f1ae682634bd33282bb99

SHA1
1d4ecc167aa49ed6c9680b74fb279033c5dad44a

SHA256
c34567f7163090c947aaab9a6693f54628c49b11f139d4b00d8354d496a36bc0

SHA512
34f304563339d40811e3096afe3c176bf801856555ab02eac0bd8208713491bc396f5c32d46ddcbf5dc03781ac658e9d7ffbb4f9853210f8f0d11ad2422090c5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
Filesize
442B

MD5
aaac2600bd4e50bd207205869743b4da

SHA1
c7ae0ff859bc3ef6055d87cad23e9c9f266dc69a

SHA256
3b9aa939cfafbfa5549ab5733a5c8cf8082ac80acb5aa29fb75fe2015d3a66b0

SHA512
5125e0d09f84c86affff9070b55c41f8ccf72822d1261990631d69a4084a58e359ad68e4dec6b453eacea59b9e1a979fcfdcdd498fe59dae74d07cb8ac7f4591

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize
446B

MD5
b624466a3a05c2fcd3a19afb9d3d9d59

SHA1
ab5cb5a8ecc822f71d360006eb1566f0a143e12f

SHA256
26a80cea464b2e7695541cb97adbca86d4e2af166be9248d461bfcf8e01d1973

SHA512
07406c69f45fc3f560ce942d1a5864f3d42c3ad43e2c9a2a790df9f73072cec875bad51b3d22eacb96aee5b46f3948fa5eb601af171d2db5fd3425721cc8686f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B363E346B43755F918E68AC3AA10D686_6D5DC573178B0888E38E901B96F4F561
Filesize
556B

MD5
5500b2a5abfacec64ce6ed329eca30f8

SHA1
094f6f1c83d1571c94224dc6a43cfef324f88ed4

SHA256
6ab60bc90e3f40dbf3fc3fdfe7a72bff683bf9baa6a8a09259486d294db4a8e6

SHA512
60fdf88ee1db8945927fec0c16deadb4d0823ccfad9e5b983e325d1b8dae1dabe888b90c691023daee353b0c34baebb4a2eb15330a8b52e179ec0bbdb52adc64

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
400B

MD5
628c7c2c04f61b21ca6ddde89eb46a6a

SHA1
af35dcbc32d069cacad6b5e8d90584939de27b3d

SHA256
675f97a8e7a510b0b9725155adac2916dc90f55fa378c88d7dde283b0b3e7dd2

SHA512
1736360cd2a1095bd45dd533d26c75c52718c0806909cee16e3e3b6faebca2d71779344e935d9d02f9b74dca17562ada77cf75da308868adb35156f2839f88c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_EAB4AEE2EA70916CD4B93BC9BD3B283A
Filesize
396B

MD5
1f9bd6d0a338ae189631870928942686

SHA1
fec937ccffef0f2023ad9c79ff9007024e23ca81

SHA256
53f1fc8f38ca0eff23fc0b9007bb7f010b2ce88626d82720161fa86bc961415d

SHA512
af8b57ed9d4177729d8489f9b81259e6f20cf09e6b7dd4260a39dfca8ea461936ba2874d2015030e4cf6b226470f90fb76d61e858b69020809788e025e458145

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri
Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09B1C725\ICSharpCode.SharpZipLib.dll
Filesize
203KB

MD5
0766a83a5d6e178d0f8a7d8b0563c20f

SHA1
7fe8db7a7adbe6f639602ce9859e61515fd67b07

SHA256
f4e1feb64f899b6646524197cb494d9d790b004ca38cc6072fc807da06642484

SHA512
165b2165affbdcfc7c6deae225157dddc91d7b21daffe2723c524c888a9ede61ea368c8c05fb7b203d42d2108ea723ceee5147d20bdd8b425a9485f59e80a01f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09B1C725\Interop.IWshRuntimeLibrary.dll
Filesize
55KB

MD5
a1e07dd8f2b1b4a657aa4cf0557e8b27

SHA1
ee60c8326377575307d60e0cd41f9888b09e5641

SHA256
06804abbb6e02e3f952d70e241b0c134c14f9b85e2a135eb45365b4b09aee827

SHA512
a9620a7ea0353d350cf2e0e0f6e62cc762b8173493d27bf85db3aefe5c422bfdb988f77aa38860be11e7dceefe46e240e85e26576d25b5871911ff1b96b8492c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09B1C725\QuickLaunchInstaller.exe
Filesize
2.3MB

MD5
71e9348e62590bcb48eda48f64d53a87

SHA1
2072f8a7d6c366b609a750ef5cccb6a6951c2c05

SHA256
43fad6ea36767808bc9460a6d9d28fe6f2f09b76e921bf458af8621d964a0725

SHA512
f38f8325869d079d919207b47f1c50fbf4311b038681f32f1cc16f6801b49a7780287e401b637982eb1c028e5659111c086a406a9069ca349631c12922ab4ba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09B1C725\QuickLaunchInstaller.pdb
Filesize
843KB

MD5
b82ae91a3b5fec27fc7a2c761c0eea23

SHA1
357b339ebf989efe3ac86f7d86eab5d259449019

SHA256
f47eea6ff62f8c73c10d0ab02ca16eac66967f6e8d145694734e1bff6c17ce40

SHA512
0a29f62865c393b6a0f1e96c9136f39069ccd36464ebb22a36dbfe50e45da5c957d7b1703d5bbd8cea2f6d7e073eb4ca15f718a4d4b1d9096d230dd0c1cb6097

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F5FC9A4\Resources\AirfindSearch.json
Filesize
434B

MD5
e03c4f0bed8f90ea41cabf99b56764cd

SHA1
cd726a806dcf0d5bd9086d7f189223ccb8cb5837

SHA256
bc7d956b51de482b14c96062b5558f432a6810ef6b5f518f1c3133307f126223

SHA512
b57ff6d63c0544bec40c8c3bb32fea626d22679a9e918bc83481689f8fe87f10fb839e7bf2fa0520399faf117871d2b84349e47820670eef4701e347ff4618c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F5FC9A4\Resources\BingSearch.json
Filesize
355B

MD5
c66015311fe62bb123017cac51e5479f

SHA1
183b75544e7529da0c23945c2fd780fc7c52fc0b

SHA256
36e4a1d5db811e1d446e51e6a61ef7776228bd20c3404e7e04cfa9f65e2ac7e2

SHA512
52a0a329b20f80a1218253d49871923c3a4f51bc3bc98c6a5b0872e8d1619ed65313457f2bee67b39df7053822247ba1689a3728e4728e65f382fe21b420c23c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F5FC9A4\Resources\DefaultSearchEngine.xml
Filesize
412B

MD5
43d4f6795ec06a19ddf246ec5d4acab4

SHA1
cc40a728bc8f5722f76348c937189a244f339279

SHA256
d50266364edcd9e65d2d93f4c20d0a3d8391445a295703388ed867b8375c1c35

SHA512
4bfe46b0a52ae76366c704b432b4d28d63e5e856275393492792e8f1c240afcc945ba99cb328255180d2cac918d7d5b92434d1ed612eb61875b30bd3679e8fca

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F5FC9A4\Resources\GoogleSearch.json
Filesize
375B

MD5
23086bc1b44c760d68fe509c74462287

SHA1
11e1ce261f02f3bad768ea9378c132bbc79961a9

SHA256
94a848d9af40b394cf25268a946bf9b6058c87525a2831786b6fb7c9eef4dbf6

SHA512
e32ee98f6716d2f4de578d987834d688acb76c34fe01d87674c5cbece02f9b15643cf0e7cd63d1f1502df8b4f365ffb494b63cda0a7cbb6f0bdd3526aefd719c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F5FC9A4\Resources\PdfUiConfig.txt
Filesize
7KB

MD5
5657e7b56bb1d7bef584ad375548824d

SHA1
3dd8c66d18c12ec9dde87c487d1f938b08b4f856

SHA256
8460ad0ec110570453e657572f8f1f5e95c6d7e6cb6560622b3c504fceabf5d8

SHA512
266c22afeab829c293abe4067f8494d5a5d1a5cc9bbf3920cd50cee9b28ec14c7b03c3a69c957d29ad211e60a4630626d410c82be090eb1670ce44eabd4edca9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F5FC9A4\Resources\SecureSearch.json
Filesize
343B

MD5
081d0122b6430e54347a8700143558a7

SHA1
c757014ee01d1d297f1bb50e48510314640cb8c0

SHA256
e70ebc2d3a965b7a89a35275122d332dd4d8925785eb21dc027574db8f7ba252

SHA512
ac6f0737293dba85759cd1b6c1138d248327cd0f3dabdf4acae659163f88d03804d2a5a83843677627f076710b554638d1067093702815be6ec10943697295a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F5FC9A4\Resources\UiConfig.txt
Filesize
60KB

MD5
02c290c3d27350627ca859c595952cf0

SHA1
85d4d3ff0edfe33961aa4fb78bbf99a527d632be

SHA256
497aa2c432a34db955a79ad05f8c61a3fe7eed81dd4eaa00f1f237a407bf7231

SHA512
007ca7cdd6f967b1d84b2c823c434ab6a0ab9372a9eef4a8db9e3930e3166247dc96be79f3abea4878a3d2cd56e422e5e025103d9446d1650a005406b1392bbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F5FC9A4\Resources\Yahoo.json
Filesize
217B

MD5
189015ea3534b1b82e9a965a4efbec53

SHA1
052753902de2f6b1fbc9139e6266c7efad58671d

SHA256
7a548e5abf06a38d793125ac03faabea9127a3282ae75efcf60b880dd6324739

SHA512
a102fa88664f1c0e248ebd1326509679dfce887abed4d0bdb7b7b6bf4305a37358d37199784cf808aa9148ee49d4eafc00ac20e4fd0d634a9b30f8fafed04f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4F5FC9A4\Resources\master_preferences.txt
Filesize
156B

MD5
8b0a2937544145f266545a9a8d4fec62

SHA1
037311ab08804a37609d993dbe3d63e9b02f0e4a

SHA256
129fbb28a0e8f735ea8d8c676f2ffda5a683152b7103f9409c5b854f230e1bd2

SHA512
0ee42edd2f314da439b6afcba711a3bd383035ed901374e08a61b684291cfebcf4eb3d92ff012bed4753888081204601f779a814f1d89953e464fed0d6c88071

Download Submit
C:\Users\Admin\AppData\Local\Temp\HFIA3A3.tmp.html
Filesize
16KB

MD5
caa06a9768ed55f278ee09c218f48003

SHA1
4ed47c5e784d73723d4ed0007a33ff681d9b14a0

SHA256
21e6689dcca1b1be0601d7e28a2102eb1c45dc7f67df38cc8bc9297d3b4fdcbf

SHA512
5cf8b755bef051f4023a8f23f9869d5a07865ce8d4951bbcad4c878b04aa2fe701bcc7d517ce49ff0ea211dae797340bdd69e22894df323fc0816058207884f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\003ec582b51c5652f939a4d77aeeb069
Filesize
9KB

MD5
389de15b6344f6efe454d57c859fbb44

SHA1
d49038a9a62965305cd3156b72517ef6b4918620

SHA256
7e6991d457620a69b5cf30e6624375d9eba3fc0e58daa5e78410b00bc4267930

SHA512
5c174b5cf1beecf71af4280998397235e42016d4309a13c3cc922a620dcd28a5b4b2f30c1b8036f42ab89b59d9f541215fbc5b377405b2acbdf7e9405ec58229

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\02b62e3ea52cb7402fa603e1decf835e
Filesize
7KB

MD5
e6bf82600a39a2b81e08aeefd3ad2543

SHA1
1acc3c219ce685ef481d8b97ba2578b7de422127

SHA256
f2a92d48c6b3a0c958b0afd1d2de0702633d2b06b4769d863d9356563c7cc1b7

SHA512
0025cce2c79e0a6f4be1e46b99c3eae1c1b95da68d65d99a2c82303d549a5606cde76dc6d3bdff704e168894e90f3f388eabf9250b96bfc54b4c000bd5723ead

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\054a9c02bc9f5bcfaa3822b98173e7b6
Filesize
15KB

MD5
7c07c1648f3e92a32e06d326acdb812a

SHA1
e7fc10d82c08409c977ea5a3537a2c874044f6fd

SHA256
29441fc87e00df799090c1cec6ac7ef978f329364d8b4e3d5f2e2c421c26d1c8

SHA512
f9787d5d367a343699987253797d63361368b6e86da5cd1b2d83fe977e19d89df00e6e88bf67b7b27ed63a02278e210b7680c41d9f9c11f60b2e4e1daaac2834

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\0b04793edb5af4c8c25b04cb979f6557
Filesize
7KB

MD5
5597b62fd484d8a5ced6f380ffc58d59

SHA1
c0ea392dd5a4d4aaba72ed08bf558401a1ce879c

SHA256
7bcb5249020e7b1f5ccf4909adb45e84fc1d0498b7c1fddb1f1e5d1ec1aa43ba

SHA512
b9403785a3e8fa5aacdb1fd22eae8860fdb3e63d6fe36281265b626802cb9f74532960ede1aa7c876e8cad8b996f20801707c007fe35a93998c546385f07c7a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\0fb84c0238189de8bb970ccb321e9677
Filesize
16KB

MD5
8a09a5a827aea77a7c963e53a6946b50

SHA1
b7e116f04a8ba7427725f780979364a7e156d9ee

SHA256
932292bc97e080fac76e1cf07fb34f13f41ae1ce51441533394141ab79d28626

SHA512
9c77f8fb57890528bfd597b09ef604f480d1a8b5ff45c3373a0b7a7e61eb170ee17b405f32f06a11769116dcbc0197f3f8dfffa081077151b2b2cb554e458ed9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\11fb46fbc2d237cd07f632174f2cf66c
Filesize
19KB

MD5
a191a1565646ac4834be9e69d41af24f

SHA1
4fd6373d2bbaab95b009a22b41b09f2a7707bfe5

SHA256
2db81672928ab203924b4d2599715e2794c6ca4f87170cd887ee7aae6d5fa77c

SHA512
b8ed6b6f43bce72b64012de906718e8201ec155aebee557801f93a824bd1c49091e212e29a083c20f7dad62dd0b84af45ca540e0092690f33b753f7505cfa10f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\188623d3f157a99379c9b1d937d4aaf4
Filesize
12KB

MD5
e3c410f7fb052fce3ce6d3fa978dfa93

SHA1
469f3372e900159f6838da6a400cd8d0c8bc4749

SHA256
38307f02591605b962182e68c119483977acfec8abd2f5d6f51a132344acdee1

SHA512
1e2c62b5a2740206329780911a85109f653bfeef2aebabd16026605699eca7c9ac8fab9beb3b410273cb32fa21e49093929558eb56d3a5a0fc6a00c35533b2e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\1a3a17fb84a07eb610e4e2863da8052c
Filesize
7KB

MD5
bc6c16ac12bc459e26bdc75a7a4e342c

SHA1
3a32533279d0a4e408b679b6738f74210fb38dd9

SHA256
48a8853bd58ec12927d2de52c0a198eebc3c6687b356100ad345cb33cfa8c57f

SHA512
c3b56556c2437309bd06c3aa05a4d7b1419cd583bde0d0ec0e8fe6250099e52503795e424242cf5518963a5df9b65a9e54a3d86788f9b484f7ce52180023a651

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\1ba185282f37465114636f04b6e90678
Filesize
35KB

MD5
e6285d57de7273c5b071a85676fa4a60

SHA1
c81c12d5ffb9f4599d9196ac262e1744dd26dcf3

SHA256
ea2e09ffae59c661c54daa4c4752e7c7e031b38fd50a4066e8edff113e0a661c

SHA512
5d9d87f92c0d7345351e44ce19536d09b895cba44e29e96d67f6e5fd91b0e3bdb21b5e15ef7453cd3fb0c70f2b2b13792587994aa8e4678f5a81e8a5d81c5118

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\24c3d98cfed0a4ca6a37b1f269230b59
Filesize
11KB

MD5
50b4e7105e2bef0853c2939dd4e38fb1

SHA1
95b1cac11ead948a9a0db7cc840f054764b59cf6

SHA256
83e4f9ab94cdae2d02df3b44ed7f29c1dd939b6144ad02cfa3dbb45e43940a24

SHA512
312d99404241d226449b6d5e4bf79c069658b09e5c618e6d29f8d4ac076ded458ecefb078434b0609c42d63c6127a8a136adbd34f7680a8cf091e12690598b91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\26e34a7ba47298d3455e373c84228567
Filesize
92KB

MD5
e20f62f5617905dd4ba386be6e5eff39

SHA1
b49e3ac1b349473f3e1796d53d02d31193a3e529

SHA256
d40f5ed444ad9033733b15c912b154932251ffb2d826093ad21afc45a3aa89a0

SHA512
39f8cc54366f24c48711d459ec6fc5599fee6b33d7d78ff6807cb98c91f3b2dc5afe251228443f7392081386655476fe66c259ef3fcd1b30a6a66f29dfbf560c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\2943567ab757b091202f09bf2ee70ab7
Filesize
34KB

MD5
43633db031f111f20653e200989f1425

SHA1
bccca7daedd52d59e61a593036a82aa4088b7103

SHA256
5d4af1f63585a9cd941b9abd9a85cff3e07ecbbd83b6902e7f0bd5e7a9e4fb57

SHA512
3e951dae7056cd42d83299fc72a6aa91a2b7dd05460acc555b16ec03ffe406ef316106812ff4b76c8aec91133c0cd682c4a69255ca335ad60659a4201c6d74e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\2d303b6b7ae82a2ac45cd19175199391
Filesize
7KB

MD5
be3ca8ebccdc5b2041ddd5fe4feb745c

SHA1
8b80401872995111d1e65dec68a6dc5d2b3610bd

SHA256
e8e36350f9e5ea82001b8512ceffc2a424919c59c7beae4cd5e06a96a4958ca6

SHA512
563025f35fc9d98d04526ae92a5961b9758934c02d72101da299107056b878e5a0ec920fe57a8cf69ebbd50947e625881f95626c613bfe6f32e049e5acd4a341

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\2d31d184218e698dd7763448e47b2596
Filesize
6KB

MD5
2d91b1a3b892a86e629fefdbc31163cb

SHA1
b85d96fde2c07b784fff26b3c374c40eed8bcaaf

SHA256
aed0f1322cf8d9ef73bdbf8acd05036b46a80a6d8f86a8940bb425a9c0e43806

SHA512
e6c07e2e14a993498fcbb83659382c5d5f27f6b67fbd884de0f443736e78646e5341e86b12bef2e62d4ac8e3aa4a20e3dcedcc67aa3aa4f9f707a872e61f3d43

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\2e31c39ce372830bfbb7bbe3e97e2aa6
Filesize
91B

MD5
ea8cdc2791ff6e584926cff428902f8e

SHA1
e730e1069a1120e7af65482edef9ac3e3b20548a

SHA256
b4f6b1b22125b2ad7d6c379fe00cd653c6bd7cbbd54415fab44b395afa60d503

SHA512
37230916ad5b0fc1e6d2353cb8ab3a230d634edf9cc2f97376abe76fa6721e3bfaaf7e6e7176eab332eb8f78ee9593f993e5946903ddc2aa33dfde8204dd28d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\2eff16d61983870fa27d9a58a2df6b2d
Filesize
16KB

MD5
176d7824c47ae3d383815e89ddd8bfc9

SHA1
6453cc747d6b6ba689005430d2531f2317daf709

SHA256
f30849efd3a64e6b24abe430e86573d6999ec99c6bad31dd132043f2dd4169c6

SHA512
8dfb25ba87bd158f1b58ad125de33f4294c79c6e715e74024cc5b74f561f2460084cea156be8532eefd90e5ace24e275ac132b62e62b8f0ac724b25f8f5f4243

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\2f4ebb2d9094e8406de7ab1101c215f7
Filesize
7KB

MD5
567f86a2ff9e4acbc45d8a9253995f60

SHA1
96a3e54efd304e081446c3f5694397ba254cded0

SHA256
775cc5643168b33370ced790fd7ba58c01d8bf263f0c60da33d5a2ea0912b6c5

SHA512
0f1d835a19011fefd4d9b013c6b55d030e66ec397b726ac6a31a0015f1f6f16589e164aae5d58b276cd6f48fef63df7eda86453963f09312fa78ed1959ffcf5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\300edce19825cfef2d51a23328b3ea47
Filesize
39KB

MD5
e423fac437a2aa6c3b4d7bf4e9482846

SHA1
d22ec5de900c46a0336752433d64a40b5af1c151

SHA256
37af028fa52d56207a34eb9cfc50d26f6fde71f09fdb51441c61b03e87ea5d42

SHA512
4c10019c2c81ba5898103d2b989a0833445ea4c5ce39ca50affa98c66549284541c57a8bdbe34469d85d46f28e5d06316121cf604140af369ace1e3d83ef2088

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\347d538e5cb705b7abecdf2138044486
Filesize
6KB

MD5
1cabc872337f1f8810b279dd85c02cc6

SHA1
7b90e87b08299437607c20874dd90f95c4e50be6

SHA256
1eff7e2c6976e914a3f5e5fe59a7910431e3f55284f9c2c463b2e7f582f08e90

SHA512
83b583b90d2ae7b55319bcf7892b391d08dce74bade45ff1ed605a374da0ae4b627657146216b305d590aca01304cb82c93017c800b44a06c109a26cfa54b406

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\3508ef407ddcceb114bb7c88659f6163
Filesize
6KB

MD5
3f852425f9341e80f440633024a1aa02

SHA1
cb4d6d74f5ca202cf3edfcc5b2a5e163a201c3d7

SHA256
02d03d3c038e042e7bcd62b179957b6e4dd3f97dcaabcdb4f58482b32a0166fe

SHA512
170cb1a0e97b5749d8d1aaa46c3b02450deb886446c156bd4223bcee1b35464f76340a9e5f8246bde7ba56e06273d280ec0d59dcdede579e2c74bd3042abb02f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\361fda6a105e5903bc2d726208b82415
Filesize
91B

MD5
2337a4cf7a6c82e88c6f418d64a33738

SHA1
7f75edc84054ed13fae9f7a2df42eb176d0772bd

SHA256
e16e3335f29a4dbc5f8e3dbae030e24befd67ef570ec459e53d699d2366271a4

SHA512
e76925dbc46475998208eb82c020ab3b34bb13b8e41320aa609c09a8796fb799e288e2cc5b702c6e46a06e282012b175e8b0a16d61bd1567ab0dc603d9ac3fb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\36607c2a0cd5acd3c357be1ae6ac02bc
Filesize
14KB

MD5
a617b30a43c8ab7a88ad54a502776831

SHA1
9210c28787dae737a973ab87704fa5694044a5fd

SHA256
d2ee90515ef0432db913fc9dccaed6ec220a315fa58beba65af01d6d21d435f1

SHA512
50a4bc75c229480df1a01937c5e95daa6a396758ef34ec14f82358c3126e83a74bb64b0dcda96d4fc10422a6076c71e4e7b675bbaca54c910873a8553fb3b80a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\37eb46e57551ed093e44a0800221b75d
Filesize
7KB

MD5
0d3603624b292ce40e4a8f3e19c922d3

SHA1
c94602c79496cf3b526d5dd44fd829966a86a48f

SHA256
72e7580b03e72bd19acb036b0428d9e35746ce89fba919085c5a295cde10ccd1

SHA512
49ca21f102e89da3fb7a22ffdeec8f6e6862eba97f37da58b6d88906c57530b5dc016e274912fd3052264bf9016426def1ca60d388b28b46c3415435caf27a08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\38c95dc46b56631fab7e87223d20edd1
Filesize
20KB

MD5
4cd5d42a57629bcef8e04845255c88b5

SHA1
9f27b5ebfd596ff0deb0b5dcd63c0b5b966d4d23

SHA256
a5388ecd80fba0181c97da5d439d0220bfa136eeda9a3165ae457740b451a926

SHA512
6ae8e0b01735d95983d21c5237be2b8d301c97e2d2d8b564b30823ff45c37fc4e8134509e5a12aff5f46bd72f13d35465dc7f44322c2826ff70a5f12d45b8c0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\3df068879bb2e72f1fc2c3a3f4173d98
Filesize
8KB

MD5
c8d13921b44d6778e68323f205aa9e06

SHA1
c8e2994c977084578c90d53c42eb9815f5992cff

SHA256
830a32c986d7eddf34fd566ef92c958121a767f2c16a446ddd8b9b500c4f55dd

SHA512
ee8b896b062c41d22d8af5ab8108c666a9e41963b6744960573d005d74c11d0e5259209183ffaa2d608ed6e2bb66df3f4dd77be4cb4280aef86e65d2dde655b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\419ff0bbafa99fb5f1a9d5ec4d51d313
Filesize
91B

MD5
7342a963fbe8b3a5bce98391f7c91497

SHA1
d937946afb025eb344dac220aa2d8d3494c759af

SHA256
3306f048a000d6a897405f05abfd4c6ea181af54c1b77f6db995e8e00a7a17cd

SHA512
fbf1bc5dd2e4dd9a4bda60309ad0a9d891b60f5666d003af712028b28e740f060d6d745f1d33fbd8db95f0d6d8b4f1ba18a8c9622bf52fba1d14f2299ddc4053

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\42179527e887a96823e359311c6c56f9
Filesize
18KB

MD5
99b7822f04fb2cfbf955f1c725228dc9

SHA1
aa2c6cb3371659aad1e2645d7fba0daa9ea9a899

SHA256
6506a257086771561930d47452612727c132751de170135f246954aed761c73c

SHA512
76934b83ed0ed613c0a462b083ccbbb677b1454f1866d048b94246fe068f9623d6a8b0c0765f89119c1fa579a73909326797de32b64a401eda0fdd53ef397913

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\48e571b5d6e00dc424dff0a7bea58ba1
Filesize
19KB

MD5
05e8edb47cf2a9cd579ed5af0aec0c3b

SHA1
4a3acd385078020a2a296235e07c963dcca93ebb

SHA256
bd6f55e42c463d9c5785b90777ddbe1c8118b9d32e47c5e0e3d4143bc18c87f0

SHA512
17c3512a9e147c8935ff7ebf63dcd6d77db2e0b64d936e2173d8a86f499a0d181e5d133b53854cd04c2c501ed6a7fc97361354b0784e8cf359314fb8807fcac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\4bbff96f1d933183f2cf7b91ff95c711
Filesize
91B

MD5
9623f3f9eb65e4c6cefe0f9e3882c274

SHA1
38681520ec67624997f4c90aad014c6256dc6fc9

SHA256
067fe440185e3451a995c44b0af912b8448263574b9a69a7d395937333df445c

SHA512
66ecf1cd2d2efbceb938a259df588831fc3cbf2944c230cde634c82858bc867418090efeafeba20e73eb38e51680d7f19391b30010a28b2be9672b351077a80d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\5014499866793b5b869b76010d340851
Filesize
30KB

MD5
6c5ff733563f03d9912131e4de6eb37e

SHA1
65c8f169db60a4b2ef0e01acafa0ae9a17fc437f

SHA256
e01685449207a7806ed90e7eb8e63fff021cb8cddb0c9518e0ecafa824871fcd

SHA512
904794fb259c90f98a276a06a66d74a4165ecec74b3f081750b1c68edcb40bd732900599e5a4b718b3569327001d25c5b0885e0da34b364b355625272de4a2b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\577d9dd0094990e5bfe49daeab043fd4
Filesize
11KB

MD5
ed35842bf773f6de9afef734afaed9a5

SHA1
eab5dd747b773dcb70cdf62682ea67aafe957da9

SHA256
cfa8e9db9f660abccb35361c0f4f747c6fcf6d0102f689dddc88201e918dc383

SHA512
0f525b7f8851e1f75c440ca7f8b2d9299651b0242c56951c9113ab958dad6bf0205221476a191178e46a7a741103d1a3ef59b5945cdf4321c42fd6a829a0d783

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\59b928c4023658e050dd6f4c90db95ab
Filesize
92KB

MD5
169b8a3f43b7a0f731e2e434b8e9f789

SHA1
ebd594917322bb8ae1e86086324189a1190b90c2

SHA256
0cd09b1fa14271684846f7e37a60572755c3b4df4e0f1f0c863828ce2828bd02

SHA512
a392bf69a1c4be50d9135d76a890806d5389d00262449ba26f5d8d23390342651d93d782520dd7640947b6baca8e3c75a0967ca29836c598faf5b30331bc948d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\5f8ce8372cbe6be358fb833c84ef7225
Filesize
24KB

MD5
57ebedb281623689b35e6c1abe7b8af7

SHA1
fdaffe885172a95169d608fe4eed59399bcf1519

SHA256
997e73f702c4929d96196f1bd73af057b455bbe14cc01617d8a42afb4232da46

SHA512
15cdfa4a42d31ca6afedc457fc835b4be5874db8146ebd2769f13ea4d84e5693cdcb14d4ca2b8c9b4e7134aebe496f85cc236f31f286ee1e53e385c365ff0c00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\5f9f9461b77ab2553f3b34be9513e8f2
Filesize
54KB

MD5
f00b9198df228c6bae047fcbe2bcf70d

SHA1
716d5446e00bee5988090d0a1593bfe8619691d8

SHA256
a58e2920f350e261e3454968b571c386a07159abe0ca2dd511cf1c597da513f9

SHA512
1ebd39c7f32ed2e1e0c519c099dbfd97ade332564dd681d5476cee5967235aa8857a62ce4f873d516d7e0921bc39f1d60f44e3ef58f9b635b1f519f9433ffe0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\600c4ba4a8c2c0949ab6684052019610
Filesize
36KB

MD5
7876e60b7060de1ed3a848e7790b1360

SHA1
5368eecc01a7f37e84e3f74dfccf727aa40fb295

SHA256
ba3859e8a7ea5793a6c9dbc54072528e341b1be0358641474e83c72696d02446

SHA512
8f4f8340bad75b3b79eba0039a998d8fffab4b11b9fb6b1f582cfac0a8418c8dccabd4c5718290e3e5629024da491d66751c1785a23ce345e47718441df13e77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\62efc562f1f79fdd869f3c5cd31019cf
Filesize
96KB

MD5
4729ede0dedae886a07ca40fd36994f8

SHA1
d0223ca2342bc2bd54264e1e3a3ff3a62adb8008

SHA256
a1da68cd9116ad4ceff594954c17723f81fdf4d9fc2df0c243942a8dfaac5dc5

SHA512
4f03f2bdbf7b56408efe97fefdbe6caf9bdc7c969f4feadadd444ee86438712a1bb1eb1ce9394ffec17610da8b8d5a0270808fbd44f37b537cf8ed996c2caec1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\64c2056d2d1ab70a68b33840f2029409
Filesize
6KB

MD5
115479d5c3554cbc1cdde96b128e1ab0

SHA1
49755db7fe36daa6b004c8052372b1acea7efbc7

SHA256
59148d25260e9abbfecdf39b2be30a8ac829414db43ebdfc4b9846f8ecf3e233

SHA512
0c21fbfba33215256c465278fa63918e6fd04cb07ad91704ab90f069fecf846b9a4625bd5ba2dfdcddfec982d5c049a2b399e41afedaa2f34f5a15664b032b5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\64cbf3274d9efb56a380fe5bf14f3574
Filesize
7KB

MD5
7c668122d62bcb6d67c53acab77da058

SHA1
30a605311a7ee918ab6a3ddaafff4f4da14b8dba

SHA256
2318a66a0640951f6591996885157dfff7da3c36db0dbcaf81389214ca32f333

SHA512
142a26123ab830c8fb4e7b533f25498481a24a77a41abab9f90c49bff075dfb9789ea88d51a8bfc1fa7d9971d8080303e8270436a64a1ef783fe4aebf8bd1721

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\65d278d7330de354cd31009556c8b76e
Filesize
8KB

MD5
d8bcf4a1b2ed74d3e258f3630b2c4719

SHA1
2d756211761916c7c8bc7b7b7fb7df8012abfc64

SHA256
f4c5054deacaacb9d5693fc69f328566b5df29f3ebd6c87c2d0a1541a1f90dbe

SHA512
fe68e02f89d692e3a61d9650388cf1bd0a581497d4bd84fdfcb5a0b23fe1ea15a321a99d39458dc97f6865db2ea0e1d50e620600af277711e39aa8a6ca7b0949

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\6938709a36fcd190513fab78095ea937
Filesize
36KB

MD5
3ef4a2d1436371fba37f863084f61ba9

SHA1
149ba6257be55ffa708efad437dc6d989fdf4909

SHA256
a58591bb1d2ea03af64e64d11caf5a0e1f3124df83bbefb73f30df44d6be6fd9

SHA512
49ccbd13ff71bd1b3001060ad73833fe20ee02ea2b7f6c8fb008b00996d4788595873e6287ded432b8c1104635dc9cf2eee6f11790cbf08895207725759f2de2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\69de9369e0efa22340ee8e9e1206bd60
Filesize
26KB

MD5
3268b6131449daf1222f65f32923297b

SHA1
132b1989ad6206e02c174b57adfaa47beff002cd

SHA256
47ae2933d19d2d84d8112c52c6e85c8303eacf05c317af572e40b0d78910eec7

SHA512
afe43725073ac96a363be10fd92bec97f91808c3995d4c5cc050b31febb90474b7b32682a801ebc630aae163d3e767b4c8365e852faf443c949a76c0c86c5bca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\7132bfd969ed3ba4d3ff785983ca211e
Filesize
8KB

MD5
038cbe4f13fe15ab714635a13009bc8b

SHA1
af331d42c222f9b8c8beede396c951c359230e15

SHA256
5d17f3760e74d582adabde054a154530126b84d65784f254297c27e959e85529

SHA512
e4a0e49cd3b510b1a8be7c6df981b01a8fdb046cd5afd00dfc02b93694ce2dbd247feeac2513ebe3e98040560694127a038847350b24551124c778bff2da8d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\71f9f3d606862ba281eb6be2170d997a
Filesize
16KB

MD5
ffc7deeea9d66fff51272042b3159791

SHA1
78115863b5cac9a6dc98c324993407ed27199040

SHA256
342030919f62e450487fc523f3e0b2e99a7da4574b041cd951800c1f914fd553

SHA512
1363065c81dde59ef1e10b1e821b5f501fdfc410c9bcff287ef700c6d4e46b7dc1d4635b9bbba21d2545ad1d6194b4567bde85d510428a9eb5823c4d15ce1e74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\741e26524cf85e893b383c5b1bb72a65
Filesize
7KB

MD5
453023c4978d561563a5ed122661b3f7

SHA1
d945a29e67041c4dc8958a77da401e3a8b6b2b6e

SHA256
13a639beae27ed6d1585410726a70a71ff29f76fa16ac453851247cf53f35d9c

SHA512
f99a1d7188295a5ae2d1f14bc8d34df1dbe25a2b4c861126449aa0cd02c5d502f1fb0ed3b263b2b2c03bcb22cc71b1565055341fef39bd741e53f48161e31b18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\750413d60e316ed0325db6bb77574995
Filesize
7KB

MD5
08e30d3c3422cbebc5c216c2565f03f8

SHA1
83f5c58cceadd84359799d5c94cd0d2da96b5e29

SHA256
9428bc0dfc699467e78f665a2677342de2aa40ffea13c6d02dc981b8bd142629

SHA512
ac8bf84d05c8084299fcdbdb4a36a8274ab9eff9e23ca9d2db3f4aca3aafba78a8789df4ec03cdfae675bbbbe268ce995c7c949420d6ea4ee8f091799fed709d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\762649f22776ca186c83d4813232e7b5
Filesize
25KB

MD5
b602d5f9ea094b0c554b5017aa27cc9f

SHA1
fc7e3a56c5d5e61c7f3c0bd1b673a8e6b6a3a68b

SHA256
414b0c00d29c4db94c4583d9e4b99264be4195d585ba75e296833477c0ed94c5

SHA512
ac966917ab3e0b554d803b8a4cdc9a0d8ffd37d0cbf52b1aa34bcc6199c0ab0ebed0d598b8d7f19934ea31d0734f7ede024f13e6908799930572d09254337ceb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\7afdf43551d0a7b4f7c8f723b756b0dd
Filesize
6KB

MD5
8e06d91fe1b474c1e4f2578fa0793bcb

SHA1
d1fc48e00f271175f5b8a54335157b290db6fe5c

SHA256
3761284e16d5226b92502e0cdf041fd24e4db3d7865c18b590f074d582a2adab

SHA512
67ff8a3d1187389c318110aacb5eb160b9e815a8e8a63a0a0ed0a54c35b711fe2deaded8fd0b54149842ea6f088f22013ef9da8d94abc2854398268c1f577e2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\812956691db9dd34101b5bcbb6a2a399
Filesize
180KB

MD5
75fc693f9702f4878358711d9ccdb7ff

SHA1
17cfdb2460459389483248ca74d0ed111f5de078

SHA256
dc1069f8dc53ceaefec00613b0ac2a4728edab41087f1776e4ab0fe0337b47a9

SHA512
401ec5d89720b34478e296537772d324edb2dd72a3cded527baf4d10515a1a1fc2d438f2928d911713b185f432ecd3b72ba30f8579dc4cf94bb0e71e743969bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\852ac1b46757911bcd94ce3ecb182ec3
Filesize
25KB

MD5
d5cd888ffc2546d29c2fd7c60d76e940

SHA1
c6130c491331e0ec84ff2ed0a18ef9bdd01b886f

SHA256
53f103d6065af7284b40d575836d1fa62cc31195c59439d8a25fcb4d3f9cffc5

SHA512
109d8cce270d32a628f547add7bb9dd5661b2b7cccb77394a376753ea7bb581bb07a34912a7ebdc2982ef3dde1f2ec5b21f9d43654614e2ea60545a640c998e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\854236aba10345337ca10266601a14e4
Filesize
7KB

MD5
cfe4656674863a40449c9f8a6af13a4c

SHA1
5657ee27cdb599bb139956fe81b7c61ac03d111b

SHA256
d5fab2cc0a307917df21e865630d97d06f641973db8be21b8fe7dd76873ca4f7

SHA512
41b04e3368463cf6aaf37a06321f109dab6f4daff093bef2619ddd91b9b72ff58b5f92060ff128c1aec22b4b815ad8399f6757f830e111a1aea0768eb5dc9044

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\861816faee535458ea425f566b92bcb7
Filesize
17KB

MD5
4dfd1135c2e7c86b91dd9c7d6cc99aa3

SHA1
56022dc7e848fed089afba9503ecb1f59c79527d

SHA256
64f5694fd66e1bca706a8917d4e64371a5f5436d7e682f2079288ea786776c1c

SHA512
d8b429305f3e78e10e32024e5040adf998544d94230f2d3eca82f551c121b7ba5fb42ddaaa91db4d99c3ceb632466b2d6fb6d35223d8592fdc27734c13ab686a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\8911a58af22eb2c112e235ea7205cd8a
Filesize
7KB

MD5
c00e04e2c1d60c93a88bb5e846f881cb

SHA1
6da004754a919a7a5399a27782aa5e3189eae17c

SHA256
dca215da4b5c248d50f173d2e75c964b4c2d7049193ff3378033c146c1da44e7

SHA512
12c4cc2b8ca1df2eb90c59d096198ca3a7dca23e1d95474bc8f9dc549e8f931174e8e6295bd13425bc046d598b6547efbff3db91b6b147d6bda7de57896749e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\8e0a733e649042b3ce2a44eebb5145d5
Filesize
7KB

MD5
214e99d33c612cfde0a0b6d1ce7a28e3

SHA1
fff96e9da6950f4e26a124c6e4ddd8191cbe5711

SHA256
a558e6afa54aba74b9a2e538a8ad886b857e973054acad060c696a51fa988035

SHA512
a6792a0abf60975c39c799dce692dfa86d9d99ff8e9cade76703e6e18a7c1e75457aa425c239f373eb9afeb64234590159a8047caa8e30f86047921efa9d6c61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\90c479d5a674e06b8b5c4d043bc65cd8
Filesize
16KB

MD5
ed43412eef7b9063910d924a62deb317

SHA1
218fb7d0e797bafabea1e13588d2f4ccc7e38c09

SHA256
8453979951cf5edcd2b870979f738c465dd7f444189362e2002c3e5ce08f59b2

SHA512
a513f918ffd0dd4c4720f190245d83e1ac1c1f6d5f66575a60b68cffe35b07c8c8cca4206ec6fa37a5eac85e180885b67b785885886361e89173b19db4311251

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\91acb4d9204fe452fda475abf5c3a0d3
Filesize
13KB

MD5
1b4a3ff1c1ae1e6e0ffd2828ceeb73b0

SHA1
f9c57c6f4b1939fca4344276c327254d3f009cba

SHA256
cdfed3513d958fb004972b3a9c970f46ea9f1ec2673be001900adf40c96351ba

SHA512
2007b4829417a11e0b35e03c1cb021966639bbee8ef09a1662f801d3710030e43cbfcec8a19ec42578f0a81650dd514334db9e205031f8f5834752baf11019fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\92bbd30aa64a124932df526431acfc02
Filesize
8KB

MD5
f9e2b0ad8962d5439751f52081575bc3

SHA1
39b670b221b1a41d14afca69002ae115532f1e27

SHA256
3cc542090780b38da7d47db20b376284f1cc621f109a9e9b6b5c4c9a45a300df

SHA512
146a1bda36aa60649a3c397b3be8f125bf60ef57d1c41d8f52156f6af57ff3e71cfd312f359f4fb7374e7023bc6e8f8bdce217ede76fd0c9d700ae5596e11036

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\977f695c4c86a7e640c8ab8d02d3467d
Filesize
7KB

MD5
51f043291c01e95f314271042f5875f0

SHA1
ee762fb31579143de4f779e365862cfc17dc361a

SHA256
6f487507cb2ec407d43e46af1d59a99d4e9b03a622920bd37b4de8442c08c476

SHA512
97cd325f709cc1faf28e1f674f426390577319d3fade4690f2ac1bf84e2516caa81e7ac4784a4ada5a1a9ae58ade78d8d80124ead18895da209e19548cf925fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\9b7418471314e1bbe9855424cb199542
Filesize
8KB

MD5
96f6ae9d3cdff36bfcdfea6f20b52c5b

SHA1
b6213b7658d9402507acb394e09189932b0bcf4f

SHA256
ad2c5239846ffaad212ff43518f4a4a2f93a2c9aa69f16d4f94cbcb26ab9d273

SHA512
95ba70a395810dff47096a9cddd194da495b90f04fa1d8ec357e267cf304e1e45a0e56d5db3c615260109fde23aca8271ef62a674d7e84eee0ac8880d9429816

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\9ca9472829624d8f539ba96916939221
Filesize
30KB

MD5
31da74ec8d248b7cb1ad129c2ca079d1

SHA1
af45cb9d571eb8230ed8897d92dbbb168ef01ea7

SHA256
9b88aa9faf5d66fc39be9958ee64d5a77293c44f2913098ce2801ac409c23b02

SHA512
9ce6fa0a12f95952e15daaaa94e91ff0455b7d105e6c10f7d50e9d9f7f960422b4536438e2c986a84d06d46859927e0f4e1bc2899e65f67d37c4d298fc6ce803

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\9e0e340b75f875c2a4d8bc934b462e9a
Filesize
91B

MD5
86e874e2cae806296f8f9fd49c75fdbf

SHA1
e399955316901f34b477a19eb51c70344b1b2654

SHA256
e6c9c0f37c783a6119037887ef97ca7d0cea2ef4b22156e55c9882661f25c117

SHA512
ad35b401d86f2939d0f37f853cc8d135efb7fc3c6a8c4cf1a674996d43cc6d37801a25cd77265e4a06a7c4e972e5f81d0f752ac589e76cf3c81901805d836808

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\a1e6948b6935d249586272e5fea1b82c
Filesize
14KB

MD5
5f8ab8ceb4a7a87ba79899f9816fc929

SHA1
aa018b46e2cf13dd4d165ac4de7350ef95755792

SHA256
a9bafe0e3ce203c7b6e5b86c07ee7190832ca843324e0e79eea81a4fc8cdebc6

SHA512
0f2c6bb5358ce6e39aec534f8e050b1416c440442267fd75d6ff11f1ca86f6865cdffdc32d4546cb44437cb1dd728a62f0f4971a0759efc853c9d250206eceef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\a4e0a482580cb4a04e52883b8fa9762f
Filesize
20KB

MD5
c3977b2d2c21a78a0364043bf32ddd0d

SHA1
d1b25e2e9b14a3b37acad1ab72abdd2e739c6daa

SHA256
7d927b95ba8f8dda1f3dbc633c62886add5b7527a4b174315326cc14017240d1

SHA512
b93513423752ef6ac49d39c6322855476ea1116df408f2cd84fa3af36cdda29a4e4ef7b1ddb3e12b61b5f8299b4c205d3dad84a0db9a2322b8914b28d272d7d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\a8c8d04fa1e87ed212956fd10a1e7412
Filesize
86KB

MD5
8f7fabb5886316164f4655c4ed68dc30

SHA1
685e0806d6aea19a8a59b29eac5f2c13ae18d6cc

SHA256
c97a6005bf5ac15f88116c8f49efca675e265fd8904a3e188ae4a943f481908a

SHA512
3aa1332f7445fada98e7d871fb7804641f7b2704181f7a96f37ab15f9932ace752d61ade333a242e8375edcb768bf00102132293c285a32b5ede11970faf519a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\aae40c5154a40b131254109f5b74e252
Filesize
14KB

MD5
39706eacfe46acb386bfbf160b9262e5

SHA1
8e065ef6ff4ee3af025c8ccf88f5ce69a5aacb32

SHA256
eb0a19730bb501cc7664d81961fc1ee8e194031d439fc39e259d9c20cb77491f

SHA512
9f401af420068aad94f110d61f983454a3875efcb8e5209f2755e0f04a53baa08ffa60cd38fc39cec13d1e6c0faccd6a09c2b637a2de03bd96436f7329fb4588

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\b00e4c0f288f2aef965a51c1cfa9f719
Filesize
40KB

MD5
6c88f89201015e73332ca8a876c6f835

SHA1
643f060ef1cc4ade933abfd09a2d9499241a81b5

SHA256
f415ae7ca4e6b1eb23e64345262d398d58c819e6e0c54db6a25e3d5bd686b0fa

SHA512
e63c7c598e0e88bdf67fdb0e31cec8ef34135e278efc07d50748f7cc8710439987685ec16413c19d4301660e202c15e3a16151e5c220f5e1105167f347af04eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\b087bd9af84de89688f3994cdc91ae44
Filesize
4KB

MD5
aa3173c25e1ae39732f03869b6c21bdd

SHA1
40ee70009be0213b1f69d631b638b5053ae6cba6

SHA256
971f585efb9f883ad1d036a5d3a08b661a51a0974e4491cb482567dd69c82dcd

SHA512
c5c9c94bdbee2e06603e9e98e73ca3da65907866b8d7b7cc3f0242f241e021cf11b757944bf810ba7cdcb8b5f2bca60aaf32fd2c3f63d450f35919eb679de26c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\b0a5e4badf20996f3e786123840fcb64
Filesize
6KB

MD5
3959ebeef9eca26b2bb0bb03c25f544f

SHA1
f900d64b37a5ccb6f9e22eb0e3f18a5eaf01fae8

SHA256
bea5089dc5593430ad822914f3d0a3ccf87ab95f507b91af44c167e697ea0881

SHA512
db58903ca96a17ac408e735d76ad25fda0f4326feed89b33575097630d9fbedc971a6ca0d624db8a8384e2b3e124e9bb81ea9fa97dd0dadf0967f2f0bc39fdbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\b8c75bcb88a4bb8da5b5f3e0dce77c14
Filesize
12KB

MD5
fe735a6158e6fc9004f70800924091c2

SHA1
4ac6776a88aabd7531837ad3d3140c138cb333d8

SHA256
fe0be7c145989f365e250011b248a65c3a02674c6e5b0db7ada372d69ed4b04c

SHA512
48c0202da60191439c5b472d542da14ae42409029f6318a926843cbed66b95620bec0e7e570634cf523b86836ba5fd966e1cd52f3c14a3f44302108b59e2df97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\b9205c7c9c2ed9d39bdf78e291d24bb2
Filesize
162KB

MD5
2b3117dbb22fa671d353bc3b627a99cb

SHA1
cd8b520e8779e412b7d3f5901961fa0807362c43

SHA256
3b46756bc5bac61067dd74fd562e84c8b5742808a88c75033fbb475b8419cd3c

SHA512
6bf9e7d0a295896872c370f91c77a06c60d0b89fefa6d46885d1cca1fb41a83be2f368bf536aa7a78a0f8915ca138415889415a8dd95280917fca3eccdbc2d86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\bc4ba08c1f64a5017e337c00c7ecfbab
Filesize
39KB

MD5
9a4d0af9d3e63c09e34837eee4b61ea2

SHA1
f7bc988bb020c6b90ee267d959830984da757cd6

SHA256
60e7f17aff7b428381092b50ddc335cbfa813a54f54ae568e7f2f7c987f2ff1c

SHA512
62d0bed320acb9a7a023b74cad4d89536a6f6f6f20cee08f84804e3d4362fade2c00994f6a75f638035d89d5393b17377f33fb22b835ca96c80a0d7967cbe921

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\bca2d683adcad97e2bee9451e020b92c
Filesize
34KB

MD5
81768d3e828ab244713419453c86b2dc

SHA1
6ebd10141b7d948899845f3b964bac296543bd11

SHA256
00801865498a0ce9ec0d9596d469a0c0a92ff30d9c686bfa24b1c61084f317e5

SHA512
da62e34d081b258581d3d9309362aa221a07f3570f8140e19c58ad129572f745f45f9813a50eb1c2bb7c2c3bb4f22ad37cca8edb741e8934bd11d1b17dd9bd4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\c0d7dd673c5306f852da3864d15adfe3
Filesize
51KB

MD5
ab3d80d69e224255be5a0da533298ca0

SHA1
7d23264ae4bafe6d85b005aa9502891c79a20c69

SHA256
9bced7ec101abf98dc0f56531942fdfc584f4ae2117c0bba804a6d1e916a6205

SHA512
4fe05dcec0196da90baea6dfa28fe360895637da5281c8ad1670fcef3d20a9a25506a94db14600c253f492cfffbfb1762d02975724a3c436a42c316a85211c4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\c1a596ca4b3ec5a285cf0fd90f1368d5
Filesize
8KB

MD5
024b6b0e382072c564a47eb39cf58481

SHA1
7b9527ddbd69ddb0aac9c417ef27f67b378c6a12

SHA256
a90ea9a7c46b9024d5cebc0dfe363d7f98fe84668eaa1562dc7254b8f53242f7

SHA512
06bf9ee3b4997ab84a4fbd22821a89d8edf5b6b61e976773787af58de201c33f9a904ea3db27484043b1e1872f53f32e2855472bcebe26cdee206bb362b5fe52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\c226474d516eca9cf4d8da326496d4f8
Filesize
31KB

MD5
8ac7d7446e3eef883496f7ce885b0732

SHA1
c38f3598d33ed9b2458397f389d4cd6f0c225ac1

SHA256
f9442a07e7dfef06723b38000c669442a5638408bd6e15955f21018a6a239786

SHA512
2feec427a10f3b54b1de95bbf0492257e7755f70245375de7cbeb6fab53a77c2eaa4b1cac5d9e112a3b314b2fb31c0c29c270b4a8eeb8f76b0a8d6aef1a45144

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\c2d12aa4ffd1c0bd7690f78d006668ea
Filesize
32KB

MD5
4e9088336cdf49091b904d467b4f5198

SHA1
19291d21da72b0a58d454f6a5ee9a0e8f6924579

SHA256
33378fbf5351d49448f20d3274c54c6902b394a8bb8a263c4d945447df8d555b

SHA512
ed4c745499b80e74aa20d4c27608849572d36b164d9a20df9b3ef1d9a3dccfdd02d22604d8deb08ec3f6bb3f5e00f0ecc19f7d5478fc2c6a6ae840df77113732

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\c4485a7d2502c0b9a41c213d857b435b
Filesize
46KB

MD5
c33abeb23f5f12380bb1d8e1833386f2

SHA1
d924c5e1b7c78158e978c817fd692f7f37e2bcc8

SHA256
f1d31140431a90eaa0731cf08c8b4c430749ec0400eef7270d0fa20a5efdc1d8

SHA512
5630c5eff2864e8aadafd46202d2664f6411d7b5baf0fd842c2f63f8a50196ea3283a336f1b01ca82b57dc77463539a5c90684091303e6ed6788cf87493a53fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\c5a53bcde54b38273b8d8c520595b26e
Filesize
6KB

MD5
ddd63517b2d24675d8317a4a0071c94d

SHA1
2c9a32665a18115efd168979b915e649c5d212b1

SHA256
735d27e718afb2121e3c215c8a832a0ad0742177d1af00522f89c364080de394

SHA512
78b814f5e9fe06539adfa6a7addd307549fe40cae5725a9a253bf6e93947ce2203803706c072662992447c55d1610921c64d063564179d5d8750bd4dd8341d17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\ca3a43cfc2e41656976bf9c901cc8aab
Filesize
6KB

MD5
1c897b3d9e57f6b6e2fbc09cc327ae2a

SHA1
bcb5d24982f5a47091cfa914bfd55fc607cd6328

SHA256
04d53cb37fb5e13fb0ac7d59cb51e923cf2c937b1edc5bd8783e3b1f4f83ee6a

SHA512
01fd2ccb3b2ee539617c1fb7108e3fbcedb87d6548c998c5629ec44d686514929ce3581409e761106be63250b640455b5da35c494b1d6d06f2439e2a84c7021f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\cecf5196cba0d5def309ff8e2dfb5f4d
Filesize
72KB

MD5
e7acdee68db6007fc4d29b8829432995

SHA1
c785570b06fe31b2d80a051343122565329d5437

SHA256
5dcbd768406756e6a6006e4fd4686073695e081504699e2194cbfd8f60d92660

SHA512
7e93e177132a7ceafcb12d3a66c00353aeb6484f27019b2d45ef7e2e17c30813665883eab8cab86f4d01a50c6ad624fca3984ad66f123a5043b0c18656c7be45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\cf021719bd8a05183c41e0fba08bd5ce
Filesize
6KB

MD5
2460f86b7d8fafb8113b24bfee6a4233

SHA1
3bca608d12b39f205a8d0001df3f3f03459ef847

SHA256
a368b6ffb4dbad50112fecda56159f069574842d8a9c068ff78438504c7cb5ae

SHA512
c6817cbafe700d1d41db94a47583a4f3908eac5060a8fa04cb314aa278033e33041421c5f9d91dea18cf490ee224fa2ffc98bda6cb14e5c832df77758016bb1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\cf42ff04ca4a8a7888b0e273c5d66e9a
Filesize
40KB

MD5
d77d37fa9a182605f2552de8ef925184

SHA1
69ab848d8bccbe720e9c601ed3752e80d31f1d87

SHA256
9b47c47e6016093e6b4f3943f59ce5db9eb52831e3a322fa6f78076a37171fa6

SHA512
52f581710deb6ac62b87106aaf86a383e4c23ccd4eb48c0b0f6ed4d1fb750288ce41e5edf894395b6a1ec5816c4a21aa1bec252d8e8b74ea4e75af562b0ce198

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\cff3020045057207fe20299aba7660d8
Filesize
46KB

MD5
1282c64e7253e337c434fdee3a5d0904

SHA1
6e0b575eef31350ac91a49aa5d4918d0d7f7538d

SHA256
abaa87ca5e8a207e6b2db5277a1cd722d928929643272f1cf160ceb6fff38b86

SHA512
776024a921943d1610e3b46622f12fef139d5906bb5502c573182585bb8b5e035e2b8dc4d787279f05cbdde11a62f4b5f0fced24a257dfd0ec3e59a16b049cb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\d12e0584a5c11b82ac50c2727899275e
Filesize
8KB

MD5
0358db731f628f066417ee704de5401a

SHA1
178a6e2b692210c13a38e59d5ed4fc8a38e2d826

SHA256
09196f9c9ee47c8008df6d751e4ff985d4b90a23b740917483d107ca8cd2b52a

SHA512
7bbd42d4b7c5a75e87fee096c6496a56a15e32f317670608306635a79722ece2c72e1213818feb6dd9c4ac2f09d75ba10e586d4970457c0489d2b77baf281b42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\d698568760a7f0f1a73a14940283e6d7
Filesize
9KB

MD5
230e0ef9cb3f8f54790dd5ab69d3ac48

SHA1
f192695810053a4a21715dfb30ee66388d6beec4

SHA256
c3eead85fb29f71ff41ac2150eb3c9a2b62da8a2d422aae019fb35bf389e20d1

SHA512
d3c3243a1b7968650ad08b47075167646f37e9aefed34cd964bfc867d719bfa04bd29c7a4777581af79f3150ad46c2958668d17f483437859b7cec28b9e477aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\dbfbff214dad227ca6a2d0e6d1be7d04
Filesize
6KB

MD5
40048dab6c5308e5584658f11cb91347

SHA1
25ea494707790cecc702bb6aa77d1d8ea42fe893

SHA256
dd3f8f9f1d34bedb1f5447c4f7551ddee33e01993f3b07a4acccad92730318f2

SHA512
4ba8aa9d92e2ebfdc4379a3e6f2c0fe90d369304ab216091ec80428464299b02c8c980a8e7f429331f7ed8db518759794991c20b135350e83c760bc1fd3783d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\dc1e97406088061e6897fc599b8de266
Filesize
38KB

MD5
20a640a2cc28c4825289caeedad073b7

SHA1
0ca510612aa1fc5b2ab9ea8006e2769133936eb4

SHA256
30a9fb215b9a075095c417d163fd69986102119c194a9c7f3af70b02d235a0bf

SHA512
501ee697b329455924e0a170916ed98901f9757267eece842e5f246390edeab90fef444a2cddd7c70de46e1f9f00df3e3cd6274affec4fa5b93ca805bedfbb65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\dca3d80b76647facc7788fb66281c74b
Filesize
8KB

MD5
296762acf9401380cb255b30b020c576

SHA1
b65c23e34ea0417b08b853d1ea3c4c68f1a2f417

SHA256
18a8348b02e49220c35d190e11fb9f9d3cf738a453ffd7f0c9ce28c8e8ed79d8

SHA512
ce73a08d5cb97889f5139239d180b5ac4a62b7ec773da72150e18d8062f2e9a2feee2177db2bcd2226baf1c01c6efda36692120d717cc63d6216f67cfe018f92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\dd99bdbda045dfe020021a359635065a
Filesize
10KB

MD5
a2ed7133374e774e442e2777a9ecd032

SHA1
506705633df32324564f4c47b0e6f2a04c77077e

SHA256
5b9434db53ced6b668754ef1a47952148d0a905fda0667085665d571881659ce

SHA512
e0bf7d89cb5fe66c04fa056f431245c14bfa46f4cd82d6b12774cc8abeebc3c4c85f325388ec05e5b12d9a6cc6bcbe73c2a20cf3d24629ea750a92d5af62052c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\dda2564e608373042a7af0401a797c45
Filesize
80KB

MD5
9109b8bcfe1f2f183f80c0e15e68cbcd

SHA1
cc4574fde7c96825c9cc5ff472b52b5520d4b46b

SHA256
f514bd693ebb6ae66699a6e00c3b74d30e0b329be0f909d1ec706a8c21fc848c

SHA512
e32df4b507103c9835f2448fff08ec0a2112bfd62fce14ad753d380e691bab13a7cbac993f747b4a0310892b84aa9a7025480f1d8b6402ea2434fe898db577b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\e379dd620acefd7e571676f321acc793
Filesize
10KB

MD5
6dacd65fb5b033caa98cbf2a06334b0f

SHA1
8865c2cc6f0c8b03ec66d58138369deda56686c5

SHA256
136f615436d53937813d4b9112273a173e8498cc006547c055561b1ac038f2e3

SHA512
d52d8a03ee14a41880b727e28258085861b89b9f3a84be5ac2cdfb9992159abb17ae56689964eebdd20431de1d015f6f125a533f9560d68afe541c5abd7ca15e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\e9f1e4de40624bc51c64339688a319fe
Filesize
47KB

MD5
c35a2391a8406b019219bb3496ff0fee

SHA1
f0b5879e8ffb287cacd1c6468cc40bd894ce22f3

SHA256
518ad21ef389f7e69cf655fc23b81a5bdac0185b5dab45cebc1296333d764b3f

SHA512
31848afa43357174f0c271518468d1b985413c4135da545d0376aeaca56ae1832d8588716b543849eb76d4c84ecf7a662ba6144896bfa54b603f47e3cdb5bd8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\f018336a6b3b852a3da5c0cd49a95a8c
Filesize
33KB

MD5
143765d96bbdafdd4606c947b8052cf3

SHA1
29f8839bd643012ec12d2ca76ecb35d2c52cd0c2

SHA256
2fb4ded3baeb09d2c50eb91a2c3b7e7ebea95dd7b7431b94305414870f4eae83

SHA512
72d4a8fd3982aa20c27bea6bee92776a2491b39d7e5780138a76eb40471e4e72eb60808649de3b716dfc62861583dfc45d5d326fff5be6707ad04217c1c8dda6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\f21134ba2562c7cf0ecca607802774a6
Filesize
8KB

MD5
e4b6c07e11c6b36a8df5f26d533706d5

SHA1
6d0683c10e3e2b07f87da42d717b900ee1fc7a71

SHA256
dbb73fe7a59591ede57d716aefb23386f08f05620b9c6fe19abf2baed9fe19c1

SHA512
2eee0f84cd670c9db9f5749d16b7309298fb46576fc5a8c84d5267e432c72dd9e80e7d5cfb69ee74ac98592af4684036729cd0afefa3ac6a1d9a991dd2b86538

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\f64d949070bea158aba593cc021211c5
Filesize
63KB

MD5
18c62a60f6d7f47ef332f7d8fe3b45c1

SHA1
7c604c4dd0335ab06b090cdd55f328ed2c1d8213

SHA256
aec2835f5455f89a20767d1016b57ed2689102e80cac4a8a8c269cc3193ee63d

SHA512
783006e271cbaf18ebbc603e5bbd7641d55ab30c0c95f2ee804be37bae239cb070594a07ef8c32574ddb1a8b0d1c83e18009cdc64a079341bddfb8ff07c4f258

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\fe80298a576f29b392adff05dc18a25e
Filesize
39KB

MD5
4d8c8372a5e57309904872967732a5d4

SHA1
ceb1a667bbe16531a01c4521dd8521c0f63adeab

SHA256
c59b7dd2f6de27f300592c1b1b5acbea288057bd201a67b718ae77a9f4642ef2

SHA512
f05461266999828558bd0ca3bd1a755e87e93b45353c99e7beca204529b2ba3b4c016432ed74a729fe97d8ae1170ef18dfefad8641f6ef56653acacd53a1db03

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5mlnqdtk.h03.ps1
Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-URQMQ.tmp\side-logo.png
Filesize
29KB

MD5
06b0076d9f4e2488d32855a0161e9c74

SHA1
7dbc3c098f7fb1256aeca79c256b75802b5fdd69

SHA256
929243f002eb4209a9e68af6744a3d63ece2b173c910a59d6752536dabf3870b

SHA512
7cecc1fc1c13f97dfe1ae7592918c9df16233851a8dd667ac2199b92fd24410a6ef76acfa014cd00aad2d27dfe2887f41100563cf2240f720466dbebaed0375a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z
Filesize
2.2MB

MD5
e7e69e3bb82e50d10e17fceb8851f1e3

SHA1
ac38d2c834b5ef30feb0b23272ee289779caf14c

SHA256
1f70e675fd69fa7d0efe44a2a6cbade8350ebb1cb3a9a18ff824cfd680b35ddd

SHA512
ba44f453d75ac413f404b89c5dfd1acbdf95aae10beb65599e7e52ecec7eb3ea82b95a6947fcda38e2cb878eb197714be3f3e3d93d5fc09e83ebb952117ded44

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\krnl.config
Filesize
48B

MD5
d4b44f9a8c3891884cbd93748bac4146

SHA1
7f77f6377b8a84de9d96a1568e1cf125bcd046fa

SHA256
af6a24188c6f99436da0fe18aab1989ababff9ae09c4b669cc23c7e9f3f478c8

SHA512
b71c080e19875fc2282240e949b608e779af1269465e915382e430de663e6995b1ab5676b34c6831fe3db97bbf03b0b861c8ffa17617cc4ec9582e7154aa71a9

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe.config
Filesize
438B

MD5
909df77c711b4133a8f8560483ec2bb3

SHA1
8df8505ec0a0dd670b4044c641e772f6ded485a1

SHA256
c49ed8da5765f33cc854cf13ee0c33ed65d4eba6843c24d05e321e3b40f4a68c

SHA512
0547bae72cd75ad753ddd95c12b7a42b8b3285a3384925cf738c4cc6835c6dd21d16a6206662c4a723fcf348da7e62db3585564782c7daad49b765b43accb28d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z
Filesize
71.1MB

MD5
cb244bb2cbed782853d39042fd705b4b

SHA1
f9a69f8f2b87134579ca8c50b91a67bd596553fe

SHA256
d45f3cc6274717014136b6515c250a966f86cd3ecd3dc2c66b3c4c234831e015

SHA512
3d189aba28e8dd59e1e293ad8e962f38518ca11b8aa88b364e06f5ebcbc2626e9963594aa76a59971efbb5a34f6a99e23a1f090def1661abae95ebdd758bf73d

Download Submit
C:\Users\Admin\AppData\Roaming\Lavasoft\Quick Launch\QuickLaunch Browser\Application\100.0.4896.75\Installer\setup.exe
Filesize
2.6MB

MD5
c34be4d9b695658c0494a0b2a574eb2f

SHA1
f79e72b2c481a17e105492c21546b2a164d16cb7

SHA256
b27efb21eb83daca43b6fb99599c0fbf20960480e82ebae21353f0cb155f561b

SHA512
0d4cf22e11e3d795d0b9fb0a83afaed6034df6181047a3889e78e660832ea8ffb490ea778e64b5ae5f01cc92866cc554ccfb9fa996ba1cc09dc20c7f7c5d23da

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
10KB

MD5
8d9444d57b5a9486f50e22ac38970b49

SHA1
6c9caf87b6e6414f11716d7ec7608b3866e30ff8

SHA256
8be80238abd27a86301a55b762561b9fafa767c143aae1020d81d03bd434b479

SHA512
96b8789a80e9946f2791d0d739c0b2add54b6b0af5e527f9b56d43d50562c701fb6061aceaa969088af278a57a3a4ad7fe37d07fe5c7fc442b1d455b0a2be3d5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
10KB

MD5
afa5bc59f521ee87b019f9beb0b4fde6

SHA1
19e5d7de881a238e10546caab2ad91012dae8179

SHA256
67f4deb9ba7cff9ebb8bb0b9258628429b0d83bedb8e4de19cafcc5121ce488a

SHA512
ce73ee6a0cc2fce5fa2182fa5cd3f2c79943c4a220c6095540c6263308b87c86a752a1d21b6b43f0f44a1e82329010739bf7d95c86763d4adbd4a0737ccd462a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
10KB

MD5
8b1baac96c2f33f45d4fca8ca43c0ad4

SHA1
5bf888f655c540e84506bd55f263a7a62d2890b2

SHA256
ab80ff606ffe0d98759ec222ea5b6eda77b56a1404a5026999fc5e97aa60e648

SHA512
46cff74c96eedd5f9ee80e446af6c8df1fa5f1d74fa9d5da9528280ef3fdf3f45ebab3e9be841ef0ff65089d78d0d6edd82c063cc1ab96554f4a007b714a806f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
9KB

MD5
be3722d664a0eb144d8bc7ee8166711c

SHA1
83888eb4f8f8ce75f33616f0f39961e07650b087

SHA256
52c960c5bfa4f4ff02b15bfff15d310ef5e1996999a3784191148efacd980706

SHA512
39a483ceed5eaa3b786c5e01f2f76e0a2cec08864294eead30870503428a02cf302704fc5fe62561082c5ffd3b1b380c2fc5fd9f71c0f4e700cd04b3c2da98a9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
9KB

MD5
52cb7e2e94428e3dc41be4f029c0a564

SHA1
eae70df901e0557762008a3b3ea7b3aa8d40d2ce

SHA256
5b98bf23964f0714d8c2572394909ff33b3e0adb82fc135b2be2d5b6fed76c8f

SHA512
5b3de224ea12c3a9deca00be5a0f872318dffca1d43f44fff4383cc9bc8ed53b282f4b9702b5ee595f3466889af7399c9f4caacd9bf8be3350ac4b4ef1b6829e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
9KB

MD5
0c0535e0c1e8b0dddd82067cbf119446

SHA1
df9b8b968a201137edf2eb7e87791120c3758823

SHA256
b7bf32828bed489d656c6d950168454bbc6e5aced64d200ba15dce8f05513478

SHA512
266dd1682079b5f9e1dda81702c366c623395e181f4873aead764c413e3a95556ec39b90f596d857af190409172facec49609b3d72ea4f79106a8ea0a143566d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\prefs.js
Filesize
6KB

MD5
c205c8a6591363331cd60c7286ad4ac1

SHA1
7d4c89374e88116484984f5d0b5df0d59aa63ecf

SHA256
81db871d08aa9e5a991e6e04e462d416753cb92830860bca520d0c73d69b07c0

SHA512
fd09bd9b7d42c6bfa6e508c071d0a67caba2437ceb56e0088cbf72e85690619ba9e7a81f2bc9956405a93210e2c46b8ec4bbf5aa7341f382457a5926ab9cd7c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
ec2d7ac6d46f8f5b4235526d27527c74

SHA1
64cd752a077006c449fb78db361c87c73e5c53b8

SHA256
4e01a490c9fbc5561c78c2a3232edafcd826d1037aca24f71debcc82513cea28

SHA512
73693d01fe95fa9910dca8a5bdacbe20892eeeda7fd0c9ba6aba30e08bad1498031598f3965351ebe564de136113e55695c4ff3e1e95bc98b1dbb8752594a349

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore.jsonlz4
Filesize
889B

MD5
0208982b5146186f026ba9f80d200dbb

SHA1
9301141841ff75a2f6698bbebda40f32dd00ee66

SHA256
b75cbdc7fdfd235f6ca350700e03530f213c83abfa416fb523d7bb538fdb0a0e

SHA512
6cb1c5e39d41ade98021d0b965dd42a21725486869d6a39db71386375924d142bf8ff9b3e14a6db571f061306675c61a30fa753584905e421c4569f74ebfb98c

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlcrc.5992
Filesize
93KB

MD5
7d5ef2dffb8d0f8c5dfde20525d9e9ec

SHA1
875f7115389c71f411249b9e619c6c3c76ad4972

SHA256
97f54303096bd3b0925de62fff499ebcaf6b152a7a49a805491b249fc2723b1e

SHA512
a37ad0ecb44b1d10293792bc9b6e79c9d507ccab608ba82576c7e27f6f167a0c122593a2dce5da79a5bb5d6deb5a80707873e69307e106a3632f925c7c0b8d39

Download Submit
C:\Users\Admin\Downloads\QuickLaunch_Minecraft_Setup.exe
Filesize
1.3MB

MD5
493d945be2f0de91b890ecdc1fcaf7dc

SHA1
97d751af6c4315ce155010c692660295b2dcd32c

SHA256
f4ac4b72deea42287e4c17c9d81893fe8ba863039953d3b2bc072eb9eacb3de2

SHA512
352ff4bc3be1893855d0894eb23fda6f30f496381e3cdcefcdf932aec9773fc0da4869bd0f625f95208b1240b1969d56eca5f7b31fd8d948d15f4efe518bebfd

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
ffe818bb675c441ae967cb0fb85b56d5

SHA1
d1ca6c9bff52d2249698919bc73462f2de2bb284

SHA256
b672e59bb345d12ebad37d174cfb2a581ddaa1626f1d52076696d5bdb1b3bdd6

SHA512
66e5590134d575af49c810979c35d6f6254226ec712e7413525b47bc15082aba904b9b475ce270586ed1f378e5efb5af5d8924f3e86451b44c96f70a59b65963

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 962026.crdownload
Filesize
10.8MB

MD5
9ef88d8681a8606d5572078acfef47d5

SHA1
7d78745444359b634c1fd8f0c4f5bcc11a601daf

SHA256
7d0f7d4dd28130bf130a16fc125a37e7fa4f56900fad7f02fadcf609788d1948

SHA512
f9106049cf41fe67f1e97f1eb12bbb4a3c4dfc72252893aca3413c305ee62210b416d1ad160bf0c9b9a1313e404a406e400f74d3d49b13c0d0d5d363b8cc0ba5

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 983674.crdownload
Filesize
1.8MB

MD5
3701dc535fb395d6a1fb557a3aeec5e9

SHA1
ef517659229ddc6ecfc02481c3953ac9322dae35

SHA256
ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

SHA512
20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini
Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
memory/216-2790-0x0000000005520000-0x0000000005530000-memory.dmp

Filesize
64KB

Download
memory/216-2791-0x0000000005520000-0x0000000005530000-memory.dmp

Filesize
64KB

Download
memory/216-2811-0x000000000ADF0000-0x000000000AEF2000-memory.dmp

Filesize
1.0MB

Download
memory/216-2832-0x0000000005520000-0x0000000005530000-memory.dmp

Filesize
64KB

Download
memory/216-2833-0x0000000005520000-0x0000000005530000-memory.dmp

Filesize
64KB

Download
memory/1580-3230-0x000000000BE40000-0x000000000BE5A000-memory.dmp

Filesize
104KB

Download
memory/1580-3235-0x000000000C750000-0x000000000C7B6000-memory.dmp

Filesize
408KB

Download
memory/1580-3253-0x00000000FE840000-0x00000000FE850000-memory.dmp

Filesize
64KB

Download
memory/1580-3239-0x000000000CC10000-0x000000000CC76000-memory.dmp

Filesize
408KB

Download
memory/1580-3267-0x00000000FE840000-0x00000000FE850000-memory.dmp

Filesize
64KB

Download
memory/1580-3240-0x000000000CCB0000-0x000000000CCD2000-memory.dmp

Filesize
136KB

Download
memory/1580-3233-0x000000000C010000-0x000000000C0A4000-memory.dmp

Filesize
592KB

Download
memory/1580-3262-0x0000000006E90000-0x0000000006E98000-memory.dmp

Filesize
32KB

Download
memory/1580-3287-0x0000000005CA0000-0x0000000005CB0000-memory.dmp

Filesize
64KB

Download
memory/1580-3232-0x000000000CDD0000-0x000000000D448000-memory.dmp

Filesize
6.5MB

Download
memory/1580-3289-0x000000000A5C0000-0x000000000A5CA000-memory.dmp

Filesize
40KB

Download
memory/1580-3261-0x0000000006FA0000-0x0000000006FA8000-memory.dmp

Filesize
32KB

Download
memory/1580-3231-0x000000000BF30000-0x000000000BF66000-memory.dmp

Filesize
216KB

Download
memory/1580-3290-0x000000000DAD0000-0x000000000DAE2000-memory.dmp

Filesize
72KB

Download
memory/1580-3241-0x000000000D890000-0x000000000D8DB000-memory.dmp

Filesize
300KB

Download
memory/1580-3242-0x000000000D860000-0x000000000D86A000-memory.dmp

Filesize
40KB

Download
memory/1580-3224-0x0000000005CA0000-0x0000000005CB0000-memory.dmp

Filesize
64KB

Download
memory/1580-3223-0x0000000006810000-0x0000000006D0E000-memory.dmp

Filesize
5.0MB

Download
memory/1580-3260-0x0000000005CA0000-0x0000000005CB0000-memory.dmp

Filesize
64KB

Download
memory/1580-3254-0x0000000006E50000-0x0000000006E6E000-memory.dmp

Filesize
120KB

Download
memory/1580-3266-0x0000000005CA0000-0x0000000005CB0000-memory.dmp

Filesize
64KB

Download
memory/1580-3255-0x0000000006E90000-0x0000000006F35000-memory.dmp

Filesize
660KB

Download
memory/1580-3234-0x000000000BFB0000-0x000000000BFD2000-memory.dmp

Filesize
136KB

Download
memory/1580-3229-0x000000000BEA0000-0x000000000BF22000-memory.dmp

Filesize
520KB

Download
memory/1580-3256-0x0000000006FB0000-0x0000000006FFA000-memory.dmp

Filesize
296KB

Download
memory/1580-3238-0x000000000D450000-0x000000000D7A0000-memory.dmp

Filesize
3.3MB

Download
memory/1580-3244-0x000000000D960000-0x000000000D9D6000-memory.dmp

Filesize
472KB

Download
memory/1580-3257-0x0000000005CA0000-0x0000000005CB0000-memory.dmp

Filesize
64KB

Download
memory/1580-3228-0x000000000C120000-0x000000000C748000-memory.dmp

Filesize
6.2MB

Download
memory/1580-3243-0x000000000D870000-0x000000000D87A000-memory.dmp

Filesize
40KB

Download
memory/1580-3227-0x0000000005CA0000-0x0000000005CB0000-memory.dmp

Filesize
64KB

Download
memory/1580-3226-0x0000000006410000-0x00000000064A2000-memory.dmp

Filesize
584KB

Download
memory/1580-3222-0x00000000060C0000-0x0000000006106000-memory.dmp

Filesize
280KB

Download
memory/1580-3225-0x0000000005CA0000-0x0000000005CB0000-memory.dmp

Filesize
64KB

Download
memory/1580-3259-0x0000000007000000-0x000000000701A000-memory.dmp

Filesize
104KB

Download
memory/1580-3258-0x0000000005CA0000-0x0000000005CB0000-memory.dmp

Filesize
64KB

Download
memory/1580-3236-0x000000000C0B0000-0x000000000C0CC000-memory.dmp

Filesize
112KB

Download
memory/1580-3216-0x0000000000FF0000-0x00000000013E4000-memory.dmp

Filesize
4.0MB

Download
memory/1580-3237-0x000000000C7C0000-0x000000000C80A000-memory.dmp

Filesize
296KB

Download
memory/2056-5642-0x00000000002C0000-0x00000000003AC000-memory.dmp

Filesize
944KB

Download
memory/2268-126-0x00000000057B0000-0x00000000057C0000-memory.dmp

Filesize
64KB

Download
memory/2268-125-0x00000000057B0000-0x00000000057C0000-memory.dmp

Filesize
64KB

Download
memory/2268-127-0x00000000096D0000-0x0000000009708000-memory.dmp

Filesize
224KB

Download
memory/2268-124-0x0000000008760000-0x0000000008780000-memory.dmp

Filesize
128KB

Download
memory/2268-136-0x00000000057B0000-0x00000000057C0000-memory.dmp

Filesize
64KB

Download
memory/2268-123-0x0000000008730000-0x0000000008738000-memory.dmp

Filesize
32KB

Download
memory/2268-148-0x0000000009810000-0x000000000981A000-memory.dmp

Filesize
40KB

Download
memory/2268-121-0x0000000000B80000-0x0000000000D5A000-memory.dmp

Filesize
1.9MB

Download
memory/2268-122-0x00000000057B0000-0x00000000057C0000-memory.dmp

Filesize
64KB

Download
memory/2268-179-0x00000000057B0000-0x00000000057C0000-memory.dmp

Filesize
64KB

Download
memory/3556-939-0x0000019C7BE10000-0x0000019C7BE11000-memory.dmp

Filesize
4KB

Download
memory/3556-615-0x0000019C75F00000-0x0000019C75F10000-memory.dmp

Filesize
64KB

Download
memory/3556-940-0x0000019C7BE20000-0x0000019C7BE21000-memory.dmp

Filesize
4KB

Download
memory/3556-641-0x0000019C7A180000-0x0000019C7A182000-memory.dmp

Filesize
8KB

Download
memory/3556-640-0x0000019C7A150000-0x0000019C7A152000-memory.dmp

Filesize
8KB

Download
memory/3556-638-0x0000019C75720000-0x0000019C75722000-memory.dmp

Filesize
8KB

Download
memory/3556-636-0x0000019C754E0000-0x0000019C754E1000-memory.dmp

Filesize
4KB

Download
memory/3840-681-0x00000217053D0000-0x00000217053D2000-memory.dmp

Filesize
8KB

Download
memory/3840-686-0x0000021705730000-0x0000021705732000-memory.dmp

Filesize
8KB

Download
memory/3840-866-0x000002171B1B0000-0x000002171B2B0000-memory.dmp

Filesize
1024KB

Download
memory/3840-804-0x000002171B770000-0x000002171B772000-memory.dmp

Filesize
8KB

Download
memory/3840-800-0x000002171B740000-0x000002171B742000-memory.dmp

Filesize
8KB

Download
memory/3840-796-0x000002171B700000-0x000002171B702000-memory.dmp

Filesize
8KB

Download
memory/3840-879-0x000002171C4E0000-0x000002171C5E0000-memory.dmp

Filesize
1024KB

Download
memory/3840-806-0x000002171B780000-0x000002171B782000-memory.dmp

Filesize
8KB

Download
memory/3840-798-0x000002171B720000-0x000002171B722000-memory.dmp

Filesize
8KB

Download
memory/3840-1030-0x0000021716C00000-0x0000021716C20000-memory.dmp

Filesize
128KB

Download
memory/3840-985-0x0000021716C50000-0x0000021716C52000-memory.dmp

Filesize
8KB

Download
memory/3840-778-0x0000021717740000-0x0000021717742000-memory.dmp

Filesize
8KB

Download
memory/3840-987-0x0000021716C60000-0x0000021716C62000-memory.dmp

Filesize
8KB

Download
memory/3840-802-0x000002171B760000-0x000002171B762000-memory.dmp

Filesize
8KB

Download
memory/3840-808-0x000002171B7A0000-0x000002171B7A2000-memory.dmp

Filesize
8KB

Download
memory/3840-684-0x0000021705710000-0x0000021705712000-memory.dmp

Filesize
8KB

Download
memory/4668-4648-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/5448-3330-0x0000000005700000-0x0000000005710000-memory.dmp

Filesize
64KB

Download
memory/5448-3329-0x0000000005700000-0x0000000005710000-memory.dmp

Filesize
64KB

Download
memory/5448-3322-0x0000000005700000-0x0000000005710000-memory.dmp

Filesize
64KB

Download
memory/5448-3301-0x0000000005700000-0x0000000005710000-memory.dmp

Filesize
64KB

Download
memory/5448-3300-0x0000000005700000-0x0000000005710000-memory.dmp

Filesize
64KB

Download
memory/5448-3299-0x0000000000BD0000-0x0000000000E9E000-memory.dmp

Filesize
2.8MB

Download
memory/5448-3610-0x0000000005700000-0x0000000005710000-memory.dmp

Filesize
64KB

Download
memory/5448-3611-0x0000000005700000-0x0000000005710000-memory.dmp

Filesize
64KB

Download